diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-01 15:11:57 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-01 15:11:57 +0300 |
| commit | 0a0c5aaca5d1ce5403034cb234311518109a0c30 (patch) | |
| tree | a0819642b79014566f20bfdd0936bdbb6ee83e21 /lib/gitlab | |
| parent | 45ec210a8038cd3ade51bb29018c5805a3f6fae5 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab')
| -rw-r--r-- | lib/gitlab/auth.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/middleware/path_traversal_check.rb | 3 |
2 files changed, 3 insertions, 2 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb index 6bfcae037b8..578cfb52714 100644 --- a/lib/gitlab/auth.rb +++ b/lib/gitlab/auth.rb @@ -156,7 +156,7 @@ module Gitlab # This returns true when the failures are over the threshold and the IP # is banned. - message = "Rack_Attack: Git auth failures has exceeded the threshold." \ + message = "Rack_Attack: Git auth failures has exceeded the threshold. " \ "IP has been temporarily banned from Git auth." Gitlab::AuthLogger.error( diff --git a/lib/gitlab/middleware/path_traversal_check.rb b/lib/gitlab/middleware/path_traversal_check.rb index 79465f3cb30..96d0a1c8ff9 100644 --- a/lib/gitlab/middleware/path_traversal_check.rb +++ b/lib/gitlab/middleware/path_traversal_check.rb @@ -38,12 +38,13 @@ module Gitlab end def check(env, log_params) - request = ::Rack::Request.new(env) + request = ::Rack::Request.new(env.dup) fullpath = request.fullpath decoded_fullpath = CGI.unescape(fullpath) ::Gitlab::PathTraversal.check_path_traversal!(decoded_fullpath, skip_decoding: true) rescue ::Gitlab::PathTraversal::PathTraversalAttackError + log_params[:method] = request.request_method log_params[:fullpath] = fullpath log_params[:message] = PATH_TRAVERSAL_MESSAGE end |