diff options
| author | Kamil Trzciński <ayufan@ayufan.eu> | 2019-01-02 20:01:11 +0100 |
|---|---|---|
| committer | Kamil Trzciński <ayufan@ayufan.eu> | 2019-01-22 17:50:00 +0100 |
| commit | 1a8100cff59d983191b43dacdddbdab65ea23c6a (patch) | |
| tree | 253c1b9498a747aab98b8d6ee9072da14f33b9c4 /spec/spec_helper.rb | |
| parent | ce171674b60f5888aa3802e9f6b843762faabd3a (diff) | |
| download | gitlab-ce-1a8100cff59d983191b43dacdddbdab65ea23c6a.tar.gz | |
Extract GitLab Pages using RubyZip
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
Diffstat (limited to 'spec/spec_helper.rb')
0 files changed, 0 insertions, 0 deletions