blob: 0d1de0d56fd862d039c6c11a02a5cab542a78ccf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# frozen_string_literal: true
class UploaderFinder
# Instantiates a a new FileUploader
# FileUploader can be opened via .open agnostic of storage type
# Arguments correspond to Upload.secret, Upload.model_type and Upload.file_path
# Returns a FileUploader with uploaded file retrieved into the object state
def initialize(project, secret, file_path)
@project = project
@secret = secret
@file_path = file_path
end
def execute
prevent_path_traversal_attack!
retrieve_file_state!
uploader
rescue ::Gitlab::Utils::PathTraversalAttackError
nil # no-op if for incorrect files
end
def prevent_path_traversal_attack!
Gitlab::Utils.check_path_traversal!(@file_path)
end
def retrieve_file_state!
uploader.retrieve_from_store!(@file_path)
end
def uploader
@uploader ||= FileUploader.new(@project, secret: @secret)
end
end
|