diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-13 12:22:56 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-12-13 12:22:56 +0300 |
commit | d2d66de7163c42532c5a1c3cddebb144658c5242 (patch) | |
tree | 5c80bff8c43c76f3c5d1a7a24ae173f0742b5129 /lib/gitlab | |
parent | 7ebc422d70a4737a3b5c1b7cf9d0d6e3e47c9890 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-6-stable-eev16.6.2
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/checks/tag_check.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/gitlab/checks/tag_check.rb b/lib/gitlab/checks/tag_check.rb index d5addab74b8..cdc648bf005 100644 --- a/lib/gitlab/checks/tag_check.rb +++ b/lib/gitlab/checks/tag_check.rb @@ -12,6 +12,7 @@ module Gitlab create_protected_tag: 'You are not allowed to create this tag as it is protected.', default_branch_collision: 'You cannot use default branch name to create a tag', prohibited_tag_name: 'You cannot create a tag with a prohibited pattern.', + prohibited_sha_tag_name: 'You cannot create a tag with a SHA-1 or SHA-256 tag name.', prohibited_tag_name_encoding: 'Tag names must be valid when converted to UTF-8 encoding' }.freeze @@ -21,6 +22,8 @@ module Gitlab protected_tag_checks: "Checking if you are creating, updating or deleting a protected tag..." }.freeze + STARTS_WITH_SHA_REGEX = %r{\A#{Gitlab::Git::Commit::RAW_FULL_SHA_PATTERN}}o + def validate! return unless tag_name @@ -57,6 +60,7 @@ module Gitlab end # rubocop: enable Style/SoleNestedConditional # rubocop: enable Style/GuardClause + validate_tag_name_not_sha_like! end def protected_tag_checks @@ -88,6 +92,12 @@ module Gitlab end end end + + def validate_tag_name_not_sha_like! + return unless STARTS_WITH_SHA_REGEX.match?(tag_name) + + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_sha_tag_name] + end end end end |