diff options
| author | Stan Hu <stanhu@gmail.com> | 2018-12-09 21:23:15 -0800 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2018-12-09 21:56:31 -0800 |
| commit | 384a92b7362ad75801add04292f6ef7938207fc4 (patch) | |
| tree | 4560a7133fb537fff637c9455b34e5a0cccfa99e /app/controllers/projects | |
| parent | 7cb0dd98590e8fdd7483b9f61643a0daa23c2b67 (diff) | |
| download | gitlab-ce-384a92b7362ad75801add04292f6ef7938207fc4.tar.gz | |
Check for valid refs in CommitController before doing anything
Before a 404 would be rendered only after a request to Gitaly would
return with an InvalidArgument error. Now we check that the ref have a
valid format before sending it to Gitaly. In both cases, a 404 is
returned to the user, but this change prevents Gitaly from generating
error noise in production.
Closes https://gitlab.com/gitlab-org/gitaly/issues/1425
Diffstat (limited to 'app/controllers/projects')
| -rw-r--r-- | app/controllers/projects/commits_controller.rb | 5 | ||||
| -rw-r--r-- | app/controllers/projects/compare_controller.rb | 6 |
2 files changed, 5 insertions, 6 deletions
diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb index e40a1a1d744..2510a31c9b3 100644 --- a/app/controllers/projects/commits_controller.rb +++ b/app/controllers/projects/commits_controller.rb @@ -11,6 +11,7 @@ class Projects::CommitsController < Projects::ApplicationController before_action :require_non_empty_project before_action :assign_ref_vars, except: :commits_root before_action :authorize_download_code! + before_action :validate_ref!, except: :commits_root before_action :set_commits, except: :commits_root def commits_root @@ -54,6 +55,10 @@ class Projects::CommitsController < Projects::ApplicationController private + def validate_ref! + render_404 unless valid_ref?(@ref) + end + def set_commits render_404 unless @path.empty? || request.format == :atom || @repository.blob_at(@commit.id, @path) || @repository.tree(@commit.id, @path).entries.present? @limit, @offset = (params[:limit] || 40).to_i, (params[:offset] || 0).to_i diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 2917925947f..5586c2fc631 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -65,12 +65,6 @@ class Projects::CompareController < Projects::ApplicationController private - def valid_ref?(ref_name) - return true unless ref_name.present? - - Gitlab::GitRefValidator.validate(ref_name) - end - def validate_refs! valid = [head_ref, start_ref].map { |ref| valid_ref?(ref) } |