diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-08-29 13:24:48 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2014-08-29 13:24:48 +0000 |
| commit | 310131d1ebe5752ee8d120f5a0dd0c8e90b66124 (patch) | |
| tree | 2dad2c0daf0f601754bdc6232ff0486ccad67a2d | |
| parent | b5284310c2c9d6f53e983ca5224bea7c48e0f779 (diff) | |
| parent | 5de3c0e8e22a205d6628d4ee23deebb7a20ac302 (diff) | |
| download | gitlab-shell-310131d1ebe5752ee8d120f5a0dd0c8e90b66124.tar.gz | |
Merge branch 'wrong_number_of_arguments' into 'master'
Handle invalid number of arguments
See merge request !37
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | lib/gitlab_shell.rb | 11 | ||||
| -rw-r--r-- | spec/gitlab_shell_spec.rb | 8 |
3 files changed, 17 insertions, 3 deletions
@@ -1,5 +1,6 @@ v1.9.8 - Replace raise with abort when checking path to prevent path exposure + - Handle invalid number of arguments on remote commands v1.9.7 - Increased test coverage diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index 6edb748..d0f23d7 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -3,6 +3,8 @@ require 'shellwords' require_relative 'gitlab_net' class GitlabShell + class DisallowedCommandError < StandardError; end + attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name def initialize @@ -28,19 +30,22 @@ class GitlabShell $stderr.puts "Access denied." end else - message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}." - $logger.warn message - puts 'Not allowed command' + raise DisallowedCommandError end else puts "Welcome to GitLab, #{username}!" end + rescue DisallowedCommandError => ex + message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}." + $logger.warn message + puts 'Not allowed command' end protected def parse_cmd args = Shellwords.shellwords(@origin_cmd) + raise DisallowedCommandError unless args.count == 2 @git_cmd = args[0] @repo_name = escape_path(args[1]) end diff --git a/spec/gitlab_shell_spec.rb b/spec/gitlab_shell_spec.rb index f997477..4741303 100644 --- a/spec/gitlab_shell_spec.rb +++ b/spec/gitlab_shell_spec.rb @@ -48,6 +48,14 @@ describe GitlabShell do its(:repo_name) { should == 'dmitriy.zaporozhets/gitlab-ci.git' } its(:git_cmd) { should == 'git-upload-pack' } end + + context 'with an invalid number of arguments' do + before { ssh_cmd 'foobar' } + + it "should raise an DisallowedCommandError" do + expect { subject.send :parse_cmd }.to raise_error(GitlabShell::DisallowedCommandError) + end + end end describe :exec do |