Arbitrary file read via MergeRequestDiff

author: Francisco Javier López <fjlopez@gitlab.com> 2019-03-04 18:36:34 +0000
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-03-04 18:36:34 +0000
commit: ebf16ada856efb85424a98848c141f21e609886a (patch)
tree: e9700c1c392644f035302c61fc8f9c2dc6095a92 /app/validators
parent: adedcb329464783165db2c233b3a6fd9578d2c25 (diff)
download: gitlab-ce-ebf16ada856efb85424a98848c141f21e609886a.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/validators/sha_validator.rb b/app/validators/sha_validator.rb
new file mode 100644
index 00000000000..085fca4d65d
--- /dev/null
+++ b/app/validators/sha_validator.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class ShaValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.blank? || value.match(/\A\h{40}\z/)
+
+    record.errors.add(attribute, 'is not a valid SHA')
+  end
+end
author	Francisco Javier López <fjlopez@gitlab.com>	2019-03-04 18:36:34 +0000
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-03-04 18:36:34 +0000
commit	ebf16ada856efb85424a98848c141f21e609886a (patch)
tree	e9700c1c392644f035302c61fc8f9c2dc6095a92 /app/validators
parent	adedcb329464783165db2c233b3a6fd9578d2c25 (diff)
download	gitlab-ce-ebf16ada856efb85424a98848c141f21e609886a.tar.gz