Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
05aac11a
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
05aac11a
编写于
9月 01, 2020
作者:
G
GitLab Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
上级
d40003af
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
43 addition
and
0 deletion
+43
-0
app/services/projects/update_remote_mirror_service.rb
app/services/projects/update_remote_mirror_service.rb
+4
-0
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
...eased/215879-check-validity-of-repository-mirror-urls.yml
+5
-0
spec/services/projects/update_remote_mirror_service_spec.rb
spec/services/projects/update_remote_mirror_service_spec.rb
+34
-0
未找到文件。
app/services/projects/update_remote_mirror_service.rb
浏览文件 @
05aac11a
...
...
@@ -7,6 +7,10 @@ module Projects
def
execute
(
remote_mirror
,
tries
)
return
success
unless
remote_mirror
.
enabled?
if
Gitlab
::
UrlBlocker
.
blocked_url?
(
CGI
.
unescape
(
Gitlab
::
UrlSanitizer
.
sanitize
(
remote_mirror
.
url
)))
return
error
(
"The remote mirror URL is invalid."
)
end
update_mirror
(
remote_mirror
)
success
...
...
changelogs/unreleased/215879-check-validity-of-repository-mirror-urls.yml
0 → 100644
浏览文件 @
05aac11a
---
title
:
Check validity of project's import_url before mirroring repository
merge_request
:
author
:
type
:
security
spec/services/projects/update_remote_mirror_service_spec.rb
浏览文件 @
05aac11a
...
...
@@ -56,6 +56,40 @@ RSpec.describe Projects::UpdateRemoteMirrorService do
expect
(
remote_mirror
.
last_error
).
to
include
(
'Badly broken'
)
end
context
'when the URL is blocked'
do
before
do
allow
(
Gitlab
::
UrlBlocker
).
to
receive
(
:blocked_url?
).
and_return
(
true
)
end
it
'fails and returns error status'
do
expect
(
execute!
).
to
eq
(
status: :error
,
message:
'The remote mirror URL is invalid.'
)
end
end
context
"when given URLs containing escaped elements"
do
using
RSpec
::
Parameterized
::
TableSyntax
where
(
:url
,
:result_status
)
do
"https://user:0a%23@test.example.com/project.git"
|
:success
"https://git.example.com:1%2F%2F@source.developers.google.com/project.git"
|
:success
CGI
.
escape
(
"git://localhost:1234/some-path?some-query=some-val
\#
@example.com/"
)
|
:error
CGI
.
escape
(
CGI
.
escape
(
"https://user:0a%23@test.example.com/project.git"
))
|
:error
end
with_them
do
before
do
allow
(
remote_mirror
).
to
receive
(
:url
).
and_return
(
url
)
allow
(
service
).
to
receive
(
:update_mirror
).
with
(
remote_mirror
).
and_return
(
true
)
end
it
"returns expected status"
do
result
=
execute!
expect
(
result
[
:status
]).
to
eq
(
result_status
)
end
end
end
context
'when the update fails because of a `Gitlab::Git::CommandError`'
do
before
do
allow
(
remote_mirror
).
to
receive
(
:update_repository
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录