diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-02 07:48:24 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-04-02 07:48:24 +0000 |
commit | 3098259e90616c86d9c0b0c5861b9871c92b7da1 (patch) | |
tree | d3dd08ec097489021a698f5faceae90bc207ff25 /lib/gitlab/ci/build | |
parent | e116842ad9e55d2359d3dfa5e6b1c5ab049860c2 (diff) | |
parent | b22287f00fc10800486510c64139b4fefb38ac4c (diff) | |
download | gitlab-ce-3098259e90616c86d9c0b0c5861b9871c92b7da1.tar.gz |
Merge branch 'security-use-untrusted-regexp' into 'master'
Use UntrustedRegexp for CI refs matching
See merge request gitlab/gitlabhq!3005
Diffstat (limited to 'lib/gitlab/ci/build')
-rw-r--r-- | lib/gitlab/ci/build/policy/refs.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/gitlab/ci/build/policy/refs.rb b/lib/gitlab/ci/build/policy/refs.rb index df5f5ffc253..360424bec11 100644 --- a/lib/gitlab/ci/build/policy/refs.rb +++ b/lib/gitlab/ci/build/policy/refs.rb @@ -35,8 +35,8 @@ module Gitlab # patterns can be matched only when branch or tag is used # the pattern matching does not work for merge requests pipelines if pipeline.branch? || pipeline.tag? - if pattern.first == "/" && pattern.last == "/" - Regexp.new(pattern[1...-1]) =~ pipeline.ref + if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern) + regexp.match?(pipeline.ref) else pattern == pipeline.ref end |