Added validations to prevent LFS object forgery

author: Francisco Javier López <fjlopez@gitlab.com> 2018-12-14 17:51:37 +0100
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-31 16:51:54 +0100
commit: b3c13bbb3c62c90dbb9a606b27699df8d681cec3 (patch)
tree: 335a4dc3624deb2cfed9a16e9caa49899395ed56 /app/services/projects/import_service.rb
parent: 577812948dd25129e363862cfcb6d9d21d168cc2 (diff)
download: gitlab-ce-b3c13bbb3c62c90dbb9a606b27699df8d681cec3.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/app/services/projects/import_service.rb b/app/services/projects/import_service.rb
index afd32c0d968..5861b803996 100644
--- a/app/services/projects/import_service.rb
+++ b/app/services/projects/import_service.rb
@@ -94,11 +94,11 @@ module Projects
 
       return unless project.lfs_enabled?
 
-      oids_to_download = Projects::LfsPointers::LfsImportService.new(project).execute
-      download_service = Projects::LfsPointers::LfsDownloadService.new(project)
+      lfs_objects_to_download = Projects::LfsPointers::LfsImportService.new(project).execute
 
-      oids_to_download.each do |oid, link|
-        download_service.execute(oid, link)
+      lfs_objects_to_download.each do |lfs_download_object|
+        Projects::LfsPointers::LfsDownloadService.new(project, lfs_download_object)
+                                                 .execute
       end
     rescue => e
       # Right now, to avoid aborting the importing process, we silently fail
author	Francisco Javier López <fjlopez@gitlab.com>	2018-12-14 17:51:37 +0100
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-31 16:51:54 +0100
commit	b3c13bbb3c62c90dbb9a606b27699df8d681cec3 (patch)
tree	335a4dc3624deb2cfed9a16e9caa49899395ed56 /app/services/projects/import_service.rb
parent	577812948dd25129e363862cfcb6d9d21d168cc2 (diff)
download	gitlab-ce-b3c13bbb3c62c90dbb9a606b27699df8d681cec3.tar.gz