diff options
| author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-01-02 22:01:11 +0300 |
|---|---|---|
| committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-31 18:52:48 +0300 |
| commit | 66744469d4f2c444c0248b84096d252db749d01c (patch) | |
| tree | 0b71d2c71a195d61dca9b814e7fff31abe59004e /Gemfile | |
| parent | a1bf088201702ec4d36015c8f4cb635fa2ee2c5b (diff) | |
Extract GitLab Pages using RubyZip
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
Diffstat (limited to 'Gemfile')
| -rw-r--r-- | Gemfile | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -57,6 +57,7 @@ gem 'u2f', '~> 0.2.1' # GitLab Pages gem 'validates_hostname', '~> 1.0.6' +gem 'rubyzip', '~> 1.2.2', require: false # Browser detection gem 'browser', '~> 2.5' |