diff options
| author | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-11-25 17:53:31 +0100 |
|---|---|---|
| committer | Jacob Vosmaer <contact@jacobvosmaer.nl> | 2015-11-25 17:53:31 +0100 |
| commit | 712daa411a2ab3d0add9d9e4a5b36ca81b53f674 (patch) | |
| tree | 46f337fac35630aa813287ea9e4b2412f24b2bb1 /lib | |
| parent | c4ea06e5e40c2108ed0ee79befc71790f2fc08b4 (diff) | |
| download | gitlab-shell-712daa411a2ab3d0add9d9e4a5b36ca81b53f674.tar.gz | |
Limit availability of SSH_ORIGINAL_COMMAND
Hoping this makes it more obvious when code touches the very
unsafe contents of this variable.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab_shell.rb | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb index a3509ec..1ce3b60 100644 --- a/lib/gitlab_shell.rb +++ b/lib/gitlab_shell.rb @@ -11,37 +11,37 @@ class GitlabShell attr_accessor :key_id, :repo_name, :git_cmd, :repos_path, :repo_name - def initialize(key_id, origin_cmd) + def initialize(key_id) @key_id = key_id - @origin_cmd = origin_cmd @config = GitlabConfig.new @repos_path = @config.repos_path end - def exec - unless @origin_cmd + def exec(origin_cmd) + unless origin_cmd puts "Welcome to GitLab, #{username}!" return true end - parse_cmd + args = Shellwords.shellwords(origin_cmd) + parse_cmd(args) verify_access - process_cmd + process_cmd(args) true rescue GitlabNet::ApiUnreachableError => ex $stderr.puts "GitLab: Failed to authorize your Git request: internal API unreachable" false rescue AccessDeniedError => ex - message = "gitlab-shell: Access denied for git command <#{@origin_cmd}> by #{log_username}." + message = "gitlab-shell: Access denied for git command <#{origin_cmd}> by #{log_username}." $logger.warn message $stderr.puts "GitLab: #{ex.message}" false rescue DisallowedCommandError => ex - message = "gitlab-shell: Attempt to execute disallowed command <#{@origin_cmd}> by #{log_username}." + message = "gitlab-shell: Attempt to execute disallowed command <#{origin_cmd}> by #{log_username}." $logger.warn message $stderr.puts "GitLab: Disallowed command" @@ -53,8 +53,7 @@ class GitlabShell protected - def parse_cmd - args = Shellwords.shellwords(@origin_cmd) + def parse_cmd(args) @git_cmd = args.first @git_access = @git_cmd @@ -91,13 +90,12 @@ class GitlabShell raise AccessDeniedError, status.message unless status.allowed? end - def process_cmd + def process_cmd(args) repo_full_path = File.join(repos_path, repo_name) if @git_cmd == 'git-annex-shell' raise DisallowedCommandError unless @config.git_annex_enabled? - args = Shellwords.shellwords(@origin_cmd) parsed_args = args.map do |arg| # Convert /~/group/project.git to group/project.git |