diff options
author | John Cai <jcai@gitlab.com> | 2019-09-19 22:00:38 +0300 |
---|---|---|
committer | John Cai <jcai@gitlab.com> | 2019-09-19 22:00:38 +0300 |
commit | 6384cef75298349620507002584ef3961a16b9a8 (patch) | |
tree | e37e5605dcbcb15abf5919694949bbad0ef079e1 | |
parent | 2ac7b28e70e364663575ba9038d3abb51c36db4d (diff) | |
parent | 4d37ce4610fcad988e755d465c39b5664af61da6 (diff) |
Merge branch 'security-1892-backport-1-47' into '1-47-stable'
Backport !39 into 1-47-stable
See merge request gitlab/gitaly!42
-rw-r--r-- | internal/service/repository/search_files.go | 4 | ||||
-rw-r--r-- | internal/service/repository/search_files_test.go | 11 |
2 files changed, 15 insertions, 0 deletions
diff --git a/internal/service/repository/search_files.go b/internal/service/repository/search_files.go index 8865e0b56..6d11054de 100644 --- a/internal/service/repository/search_files.go +++ b/internal/service/repository/search_files.go @@ -134,5 +134,9 @@ func validateSearchFilesRequest(req searchFilesRequest) error { return errors.New("no ref given") } + if bytes.HasPrefix(req.GetRef(), []byte("-")) { + return errors.New("invalid ref argument") + } + return nil } diff --git a/internal/service/repository/search_files_test.go b/internal/service/repository/search_files_test.go index b2d217c60..c92c4292c 100644 --- a/internal/service/repository/search_files_test.go +++ b/internal/service/repository/search_files_test.go @@ -217,6 +217,9 @@ func TestSearchFilesByContentFailure(t *testing.T) { client, conn := newRepositoryClient(t, serverSocketPath) defer conn.Close() + testRepo, _, cleanupRepo := testhelper.NewTestRepo(t) + defer cleanupRepo() + testCases := []struct { desc string repo *gitalypb.Repository @@ -243,6 +246,14 @@ func TestSearchFilesByContentFailure(t *testing.T) { code: codes.InvalidArgument, msg: "empty Repo", }, + { + desc: "invalid ref argument", + repo: testRepo, + query: ".", + ref: "--no-index", + code: codes.InvalidArgument, + msg: "invalid ref argument", + }, } for _, tc := range testCases { |