Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
2fd5cc2b
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
2fd5cc2b
编写于
11月 02, 2017
作者:
B
Brett Walker
提交者:
Nick Thomas
11月 02, 2017
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Geo route whitelisting is too optimistic
上级
506a4e75
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
34 addition
and
2 deletion
+34
-2
changelogs/unreleased/3274-geo-route-whitelisting.yml
changelogs/unreleased/3274-geo-route-whitelisting.yml
+5
-0
lib/gitlab/middleware/read_only.rb
lib/gitlab/middleware/read_only.rb
+3
-2
spec/lib/gitlab/middleware/read_only_spec.rb
spec/lib/gitlab/middleware/read_only_spec.rb
+26
-0
未找到文件。
changelogs/unreleased/3274-geo-route-whitelisting.yml
0 → 100644
浏览文件 @
2fd5cc2b
---
title
:
Tighten up whitelisting of certain Geo routes
merge_request
:
15082
author
:
type
:
fixed
lib/gitlab/middleware/read_only.rb
浏览文件 @
2fd5cc2b
...
...
@@ -12,6 +12,7 @@ module Gitlab
def
call
(
env
)
@env
=
env
@route_hash
=
nil
if
disallowed_request?
&&
Gitlab
::
Database
.
read_only?
Rails
.
logger
.
debug
(
'GitLab ReadOnly: preventing possible non read-only operation'
)
...
...
@@ -77,11 +78,11 @@ module Gitlab
end
def
grack_route
r
equest
.
path
.
end_with?
(
'.git/git-upload-pack'
)
r
oute_hash
[
:controller
]
==
'projects/git_http'
&&
route_hash
[
:action
]
==
'git_upload_pack'
end
def
lfs_route
r
equest
.
path
.
end_with?
(
'/info/lfs/objects/batch'
)
r
oute_hash
[
:controller
]
==
'projects/lfs_api'
&&
route_hash
[
:action
]
==
'batch'
end
end
end
...
...
spec/lib/gitlab/middleware/read_only_spec.rb
浏览文件 @
2fd5cc2b
...
...
@@ -83,6 +83,13 @@ describe Gitlab::Middleware::ReadOnly do
expect
(
subject
).
to
disallow_request
end
it
'expects POST of new file that looks like an LFS batch url to be disallowed'
do
response
=
request
.
post
(
'/root/gitlab-ce/new/master/app/info/lfs/objects/batch'
)
expect
(
response
).
to
be_a_redirect
expect
(
subject
).
to
disallow_request
end
context
'whitelisted requests'
do
it
'expects DELETE request to logout to be allowed'
do
response
=
request
.
delete
(
'/users/sign_out'
)
...
...
@@ -104,6 +111,25 @@ describe Gitlab::Middleware::ReadOnly do
expect
(
response
).
not_to
be_a_redirect
expect
(
subject
).
not_to
disallow_request
end
it
'expects a POST request to git-upload-pack URL to be allowed'
do
response
=
request
.
post
(
'/root/rouge.git/git-upload-pack'
)
expect
(
response
).
not_to
be_a_redirect
expect
(
subject
).
not_to
disallow_request
end
it
'expects requests to sidekiq admin to be allowed'
do
response
=
request
.
post
(
'/admin/sidekiq'
)
expect
(
response
).
not_to
be_a_redirect
expect
(
subject
).
not_to
disallow_request
response
=
request
.
get
(
'/admin/sidekiq'
)
expect
(
response
).
not_to
be_a_redirect
expect
(
subject
).
not_to
disallow_request
end
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录