diff options
Diffstat (limited to 'lib/gitlab/git')
-rw-r--r-- | lib/gitlab/git/attributes_parser.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/git/commit.rb | 14 | ||||
-rw-r--r-- | lib/gitlab/git/tag.rb | 21 |
3 files changed, 33 insertions, 4 deletions
diff --git a/lib/gitlab/git/attributes_parser.rb b/lib/gitlab/git/attributes_parser.rb index 8b9d74ae8e7..630b1aba2f5 100644 --- a/lib/gitlab/git/attributes_parser.rb +++ b/lib/gitlab/git/attributes_parser.rb @@ -85,6 +85,8 @@ module Gitlab yield line.strip end + # Catch invalid byte sequences + rescue ArgumentError end private diff --git a/lib/gitlab/git/commit.rb b/lib/gitlab/git/commit.rb index 605084f1ec2..a554dc0b667 100644 --- a/lib/gitlab/git/commit.rb +++ b/lib/gitlab/git/commit.rb @@ -57,11 +57,8 @@ module Gitlab # Already a commit? return commit_id if commit_id.is_a?(Gitlab::Git::Commit) - # Some weird thing? - return unless commit_id.is_a?(String) - # This saves us an RPC round trip. - return if commit_id.include?(':') + return unless valid?(commit_id) commit = find_commit(repo, commit_id) @@ -431,6 +428,15 @@ module Gitlab def fetch_body_from_gitaly self.class.get_message(@repository, id) end + + def self.valid?(commit_id) + commit_id.is_a?(String) && !( + commit_id.start_with?('-') || + commit_id.include?(':') || + commit_id.include?("\x00") || + commit_id.match?(/\s/) + ) + end end end end diff --git a/lib/gitlab/git/tag.rb b/lib/gitlab/git/tag.rb index 08dbd52e3fb..da86d6baf4a 100644 --- a/lib/gitlab/git/tag.rb +++ b/lib/gitlab/git/tag.rb @@ -66,6 +66,27 @@ module Gitlab @raw_tag.tagger end + def has_signature? + signature_type != :NONE + end + + def signature_type + @raw_tag.signature_type || :NONE + end + + def signature + return unless has_signature? + + case signature_type + when :PGP + nil # not implemented, see https://gitlab.com/gitlab-org/gitlab/issues/19260 + when :X509 + X509::Tag.new(@raw_tag).signature + else + nil + end + end + private def message_from_gitaly_tag |