diff options
author | Artem V. Navrotskiy <bozaro@yandex.ru> | 2015-06-29 14:44:22 +0000 |
---|---|---|
committer | Artem V. Navrotskiy <bozaro@yandex.ru> | 2015-06-29 18:01:22 +0300 |
commit | 2f19152047b6f8e6d8cf8ad757370cfcb8a3581b (patch) | |
tree | 88f0089026adeb19294e8fdbfc9ccbd27c26f6dd | |
parent | 4d30c0c5d3d0f23a221ee507b6bd110a539b8570 (diff) | |
download | gitlab-shell-2f19152047b6f8e6d8cf8ad757370cfcb8a3581b.tar.gz |
Add git-lfs-authenticate to command white list
-rw-r--r-- | lib/gitlab_shell.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 7249836..7c75910 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -7,7 +7,7 @@ class GitlabShell class DisallowedCommandError < StandardError; end class InvalidRepositoryPathError < StandardError; end - GIT_COMMANDS = %w(git-upload-pack git-receive-pack git-upload-archive git-annex-shell).freeze + GIT_COMMANDS = %w(git-upload-pack git-receive-pack git-upload-archive git-annex-shell git-lfs-authenticate).freeze attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name @@ -56,16 +56,29 @@ class GitlabShell def parse_cmd args = Shellwords.shellwords(@origin_cmd) @git_cmd = args.first + @git_access = @git_cmd raise DisallowedCommandError unless GIT_COMMANDS.include?(@git_cmd) - if @git_cmd == 'git-annex-shell' + case @git_cmd + when 'git-annex-shell' raise DisallowedCommandError unless @config.git_annex_enabled? @repo_name = escape_path(args[2].sub(/\A\/~\//, '')) # Make sure repository has git-annex enabled init_git_annex(@repo_name) + when 'git-lfs-authenticate' + raise DisallowedCommandError unless args.count >= 2 + @repo_name = escape_path(args[1]) + case args[2] + when 'download' + @git_access = 'git-upload-pack' + when 'upload' + @git_access = 'git-receive-pack' + else + raise DisallowedCommandError + end else raise DisallowedCommandError unless args.count == 2 @repo_name = escape_path(args.last) @@ -73,7 +86,7 @@ class GitlabShell end def verify_access - status = api.check_access(@git_cmd, @repo_name, @key_id, '_any') + status = api.check_access(@git_access, @repo_name, @key_id, '_any') raise AccessDeniedError, status.message unless status.allowed? end |