diff options
author | John Cai <jcai@gitlab.com> | 2019-09-19 22:01:04 +0300 |
---|---|---|
committer | John Cai <jcai@gitlab.com> | 2019-09-19 22:01:04 +0300 |
commit | fe22fd2be1f8c5a8ec23270dca20b68dbce77924 (patch) | |
tree | f7f98c17d5e2d3c20d1f5354c4963a1995a310ce | |
parent | 37b71fbdfe4375bb8eaf64f855f1182caf066ec7 (diff) | |
parent | e0200c92e89512351d222d47092eefd3ff684efb (diff) |
Merge branch 'security-1892-backport-1-53' into '1-53-stable'1-53-stable
Backport !39 into 1-53-stable
See merge request gitlab/gitaly!40
-rw-r--r-- | internal/service/repository/search_files.go | 4 | ||||
-rw-r--r-- | internal/service/repository/search_files_test.go | 11 |
2 files changed, 15 insertions, 0 deletions
diff --git a/internal/service/repository/search_files.go b/internal/service/repository/search_files.go index 8865e0b56..6d11054de 100644 --- a/internal/service/repository/search_files.go +++ b/internal/service/repository/search_files.go @@ -134,5 +134,9 @@ func validateSearchFilesRequest(req searchFilesRequest) error { return errors.New("no ref given") } + if bytes.HasPrefix(req.GetRef(), []byte("-")) { + return errors.New("invalid ref argument") + } + return nil } diff --git a/internal/service/repository/search_files_test.go b/internal/service/repository/search_files_test.go index b2d217c60..c92c4292c 100644 --- a/internal/service/repository/search_files_test.go +++ b/internal/service/repository/search_files_test.go @@ -217,6 +217,9 @@ func TestSearchFilesByContentFailure(t *testing.T) { client, conn := newRepositoryClient(t, serverSocketPath) defer conn.Close() + testRepo, _, cleanupRepo := testhelper.NewTestRepo(t) + defer cleanupRepo() + testCases := []struct { desc string repo *gitalypb.Repository @@ -243,6 +246,14 @@ func TestSearchFilesByContentFailure(t *testing.T) { code: codes.InvalidArgument, msg: "empty Repo", }, + { + desc: "invalid ref argument", + repo: testRepo, + query: ".", + ref: "--no-index", + code: codes.InvalidArgument, + msg: "invalid ref argument", + }, } for _, tc := range testCases { |