diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-01-02 22:09:21 +0300 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-01-14 14:48:15 +0300 |
| commit | df41148662142ce20a77b092665f48dd4dfa7bfb (patch) | |
| tree | 52543761ffb291f2a70a82a0604847a2006388b5 /app | |
| parent | a3191463b60c8ded25a2898d5e5520ae4aff1114 (diff) | |
Improve path sanitization in `StringPath`
Diffstat (limited to 'app')
| -rw-r--r-- | app/models/ci/build.rb | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index f6783e21d90..df51a5ce079 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -352,15 +352,15 @@ module Ci def artifacts_metadata_for_path(path) return [] unless artifacts_metadata.exists? paths, metadata = [], [] - meta_path = path.sub(/^\.\//, '') + metadata_path = path.sub(/^\.\//, '') File.open(artifacts_metadata.path) do |file| gzip = Zlib::GzipReader.new(file) gzip.each_line do |line| - if line =~ %r{^#{meta_path}[^/]+/?\s} - path, meta = line.split(' ') - paths << path - metadata << JSON.parse(meta) + if line =~ %r{^#{Regexp.escape(metadata_path)}[^/\s]+/?\s} + matched_path, matched_meta = line.split(' ') + paths << matched_path + metadata << JSON.parse(matched_meta) end end gzip.close |