Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee

2 files changed, 5 insertions, 25 deletions

diff --git a/lib/api/validations/validators/bulk_imports.rb b/lib/api/validations/validators/bulk_imports.rb
index f8ad5ed6d14..67dc084cc12 100644
--- a/lib/api/validations/validators/bulk_imports.rb
+++ b/lib/api/validations/validators/bulk_imports.rb
@@ -32,8 +32,7 @@ module API
         class DestinationNamespacePath < Grape::Validations::Validators::Base
           def validate_param!(attr_name, params)
             return if params[attr_name].blank?
-
-            return if params[attr_name] =~ Gitlab::Regex.bulk_import_destination_namespace_path_regex
+            return if NamespacePathValidator.valid_path?(params[attr_name])
 
             raise Grape::Exceptions::Validation.new(
               params: [@scope.full_name(attr_name)],
@@ -44,7 +43,10 @@ module API
 
         class SourceFullPath < Grape::Validations::Validators::Base
           def validate_param!(attr_name, params)
-            return if params[attr_name] =~ Gitlab::Regex.bulk_import_source_full_path_regex
+            full_path = params[attr_name]
+
+            return if params['source_type'] == 'group_entity' && NamespacePathValidator.valid_path?(full_path)
+            return if params['source_type'] == 'project_entity' && ProjectPathValidator.valid_path?(full_path)
 
             raise Grape::Exceptions::Validation.new(
               params: [@scope.full_name(attr_name)],
diff --git a/lib/gitlab/regex/bulk_imports.rb b/lib/gitlab/regex/bulk_imports.rb
index e9ec24b831f..65c23b9d2e6 100644
--- a/lib/gitlab/regex/bulk_imports.rb
+++ b/lib/gitlab/regex/bulk_imports.rb
@@ -3,28 +3,6 @@
 module Gitlab
   module Regex
     module BulkImports
-      def bulk_import_destination_namespace_path_regex
-        # This regexp validates the string conforms to rules for a destination_namespace path:
-        # i.e does not start with a non-alphanumeric character,
-        # contains only alphanumeric characters, forward slashes, periods, and underscores,
-        # does not end with a period or forward slash, and has a relative path structure
-        # with no http protocol chars or leading or trailing forward slashes
-        # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/destination/namespace/path'
-        # the regex also allows for an empty string ('') to be accepted as this is allowed in
-        # a bulk_import POST request
-        @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|(\A[0-9a-z]*(-_.)?[0-9a-z])(\/?[0-9a-z]*[-_.]?[0-9a-z])+\z)/i
-      end
-
-      def bulk_import_source_full_path_regex
-        # This regexp validates the string conforms to rules for a source_full_path path:
-        # i.e does not start with a non-alphanumeric character except for periods or underscores,
-        # contains only alphanumeric characters, forward slashes, periods, and underscores,
-        # does not end with a period or forward slash, and has a relative path structure
-        # with no http protocol chars or leading or trailing forward slashes
-        # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/source/full/path'
-        @bulk_import_source_full_path_regex ||= %r/\A([.]?)[^\W](\/?([-_.+]*)*[0-9a-z][-_]*)+\z/i
-      end
-
       def bulk_import_source_full_path_regex_message
         bulk_import_destination_namespace_path_regex_message
       end