diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:32:24 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:32:24 +0300 |
commit | f5fe9b63037d428aecb04c375579ef022ba98e1d (patch) | |
tree | 3ae39e605490a5eb4fdaf5adcbd4f54d8aadb990 | |
parent | 920cbcb38960331cd5e9315e63b2d808fd1a1e48 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee
-rw-r--r-- | lib/gitlab/checks/branch_check.rb | 2 | ||||
-rw-r--r-- | spec/lib/gitlab/checks/branch_check_spec.rb | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index 8be1e1716ec..aa89c2711f9 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -43,7 +43,7 @@ module Gitlab def prohibited_branch_checks return if deletion? - if branch_name =~ %r{\A\h{40}(/|\z)} + if branch_name =~ %r{\A\h{40}(-/|/|\z)} raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name] end diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb index 7ce267c535f..9950d4dbd12 100644 --- a/spec/lib/gitlab/checks/branch_check_spec.rb +++ b/spec/lib/gitlab/checks/branch_check_spec.rb @@ -32,6 +32,12 @@ RSpec.describe Gitlab::Checks::BranchCheck, feature_category: :source_code_manag expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.") end + it "prohibits 40-character hexadecimal branch names followed by a dash as the start of a path" do + allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e-/test") + + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, "You cannot create a branch with a 40-character hexadecimal branch name.") + end + it "doesn't prohibit a nested hexadecimal in a branch name" do allow(subject).to receive(:branch_name).and_return("267208abfe40e546f5e847444276f7d43a39503e-fix") |