Merge branch 'sh-reject-non-utf8-gpg' into 'master'

Reject GPG keys that have e-mail or names with non-valid UTF-8 encodings

Closes #47280

See merge request gitlab-org/gitlab-ce!19455

1 files changed, 13 insertions, 0 deletions

diff --git a/spec/lib/gitlab/gpg_spec.rb b/spec/lib/gitlab/gpg_spec.rb
index ab9a166db00..47f37cae98f 100644
--- a/spec/lib/gitlab/gpg_spec.rb
+++ b/spec/lib/gitlab/gpg_spec.rb
@@ -74,6 +74,19 @@ describe Gitlab::Gpg do
         email: 'nannie.bernhard@example.com'
       }])
     end
+
+    it 'rejects non UTF-8 names and addresses' do
+      public_key = double(:key)
+      fingerprints = double(:fingerprints)
+      email = "\xEEch@test.com".force_encoding('ASCII-8BIT')
+      uid = double(:uid, name: 'Test User', email: email)
+      raw_key = double(:raw_key, uids: [uid])
+      allow(Gitlab::Gpg::CurrentKeyChain).to receive(:fingerprints_from_key).with(public_key).and_return(fingerprints)
+      allow(GPGME::Key).to receive(:find).with(:public, anything).and_return([raw_key])
+
+      user_infos = described_class.user_infos_from_key(public_key)
+      expect(user_infos).to eq([])
+    end
   end
 
   describe '.current_home_dir' do