diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-18 15:09:45 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-18 15:09:45 +0000 |
commit | aaf59610548d9b0fd01acfd50e831cbe519ecba2 (patch) | |
tree | b6505abedcd965ebae5118b504b185b63129dc4c /lib/api/helpers | |
parent | 1363ca12f1f07c634647cf55c4c16b7401098673 (diff) | |
download | gitlab-ce-aaf59610548d9b0fd01acfd50e831cbe519ecba2.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/api/helpers')
-rw-r--r-- | lib/api/helpers/custom_validators.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/api/helpers/custom_validators.rb b/lib/api/helpers/custom_validators.rb index 4c15c1d01cd..b4523d7b436 100644 --- a/lib/api/helpers/custom_validators.rb +++ b/lib/api/helpers/custom_validators.rb @@ -56,6 +56,35 @@ module API message: "should be an array, 'None' or 'Any'" end end + + class GitRef < Grape::Validations::Base + # There are few checks that a Git reference should pass through to be valid reference. + # The link contains some rules that have been added to this validator. + # https://mirrors.edge.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html + # We have skipped some checks that are optional and can be skipped for exception. + # We also check for control characters, More info on ctrl chars - https://ruby-doc.org/core-2.7.0/Regexp.html#class-Regexp-label-Character+Classes + INVALID_CHARS = Regexp.union('..', '\\', '@', '@{', ' ', '~', '^', ':', '*', '?', '[', /[[:cntrl:]]/).freeze + GIT_REF_LENGTH = (1..1024).freeze + + def validate_param!(attr_name, params) + revision = params[attr_name] + + return unless invalid_character?(revision) + + raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)], + message: 'should be a valid reference path' + end + + private + + def invalid_character?(revision) + revision.nil? || + revision.start_with?('-') || + revision.end_with?('.') || + GIT_REF_LENGTH.exclude?(revision.length) || + INVALID_CHARS.match?(revision) + end + end end end end @@ -65,3 +94,4 @@ Grape::Validations.register_validator(:git_sha, ::API::Helpers::CustomValidators Grape::Validations.register_validator(:absence, ::API::Helpers::CustomValidators::Absence) Grape::Validations.register_validator(:integer_none_any, ::API::Helpers::CustomValidators::IntegerNoneAny) Grape::Validations.register_validator(:array_none_any, ::API::Helpers::CustomValidators::ArrayNoneAny) +Grape::Validations.register_validator(:git_ref, ::API::Helpers::CustomValidators::GitRef) |