diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-13 12:09:26 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-13 12:09:26 +0000 |
commit | 9fdb3dbd6bacb125d40290aac8409da2f9fe19fc (patch) | |
tree | 532a0cfc06fa0f4c1d718a33804e6bbf2b650e70 /workhorse | |
parent | 2d8c28f1d32709280506507f3b6e6d2da7440da9 (diff) | |
download | gitlab-ce-9fdb3dbd6bacb125d40290aac8409da2f9fe19fc.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'workhorse')
-rw-r--r-- | workhorse/internal/upload/rewrite.go | 7 | ||||
-rw-r--r-- | workhorse/internal/upload/uploads.go | 2 | ||||
-rw-r--r-- | workhorse/internal/upload/uploads_test.go | 12 |
3 files changed, 15 insertions, 6 deletions
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go index 7b9ac6b996e..ad9623f569c 100644 --- a/workhorse/internal/upload/rewrite.go +++ b/workhorse/internal/upload/rewrite.go @@ -67,11 +67,8 @@ func rewriteFormFilesFromMultipart(r *http.Request, writer *multipart.Writer, fi // Create multipart reader reader, err := r.MultipartReader() if err != nil { - if err == http.ErrNotMultipart { - // We want to be able to recognize http.ErrNotMultipart elsewhere so no fmt.Errorf - return http.ErrNotMultipart - } - return fmt.Errorf("get multipart reader: %v", err) + // We want to be able to recognize these errors elsewhere so no fmt.Errorf + return err } multipartUploadRequests.WithLabelValues(filter.Name()).Inc() diff --git a/workhorse/internal/upload/uploads.go b/workhorse/internal/upload/uploads.go index f214e1ac297..32e51fea9e5 100644 --- a/workhorse/internal/upload/uploads.go +++ b/workhorse/internal/upload/uploads.go @@ -51,7 +51,7 @@ func interceptMultipartFiles(w http.ResponseWriter, r *http.Request, h http.Hand err := rewriteFormFilesFromMultipart(r, writer, filter, fa, p) if err != nil { switch err { - case ErrInjectedClientParam: + case ErrInjectedClientParam, http.ErrMissingBoundary: helper.CaptureAndFail(w, r, err, "Bad Request", http.StatusBadRequest) case ErrTooManyFilesUploaded: helper.CaptureAndFail(w, r, err, err.Error(), http.StatusBadRequest) diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go index 3655e9fc8c9..cc786079e36 100644 --- a/workhorse/internal/upload/uploads_test.go +++ b/workhorse/internal/upload/uploads_test.go @@ -352,6 +352,18 @@ func TestInvalidFileNames(t *testing.T) { } } +func TestBadMultipartHeader(t *testing.T) { + httpRequest, err := http.NewRequest("POST", "/example", bytes.NewReader(nil)) + require.NoError(t, err) + + // Invalid header: missing boundary + httpRequest.Header.Set("Content-Type", "multipart/form-data") + + response := httptest.NewRecorder() + testInterceptMultipartFiles(t, response, httpRequest, nilHandler, &SavedFileTracker{Request: httpRequest}) + require.Equal(t, 400, response.Code) +} + func TestContentDispositionRewrite(t *testing.T) { testhelper.ConfigureSecret() |