diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:45:17 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:45:17 +0300 |
commit | 1cad287a7b40174786cadaecea9c91a68e49fcba (patch) | |
tree | 7cdc2447c143cec003eb7c0e42a324f26902bc5d /lib | |
parent | 1fb0bae24e6686b3571fc1c44cbf239d8563e0d7 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-3-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/validations/validators/bulk_imports.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/regex/bulk_imports.rb | 22 |
2 files changed, 5 insertions, 25 deletions
diff --git a/lib/api/validations/validators/bulk_imports.rb b/lib/api/validations/validators/bulk_imports.rb index f8ad5ed6d14..67dc084cc12 100644 --- a/lib/api/validations/validators/bulk_imports.rb +++ b/lib/api/validations/validators/bulk_imports.rb @@ -32,8 +32,7 @@ module API class DestinationNamespacePath < Grape::Validations::Validators::Base def validate_param!(attr_name, params) return if params[attr_name].blank? - - return if params[attr_name] =~ Gitlab::Regex.bulk_import_destination_namespace_path_regex + return if NamespacePathValidator.valid_path?(params[attr_name]) raise Grape::Exceptions::Validation.new( params: [@scope.full_name(attr_name)], @@ -44,7 +43,10 @@ module API class SourceFullPath < Grape::Validations::Validators::Base def validate_param!(attr_name, params) - return if params[attr_name] =~ Gitlab::Regex.bulk_import_source_full_path_regex + full_path = params[attr_name] + + return if params['source_type'] == 'group_entity' && NamespacePathValidator.valid_path?(full_path) + return if params['source_type'] == 'project_entity' && ProjectPathValidator.valid_path?(full_path) raise Grape::Exceptions::Validation.new( params: [@scope.full_name(attr_name)], diff --git a/lib/gitlab/regex/bulk_imports.rb b/lib/gitlab/regex/bulk_imports.rb index e9ec24b831f..65c23b9d2e6 100644 --- a/lib/gitlab/regex/bulk_imports.rb +++ b/lib/gitlab/regex/bulk_imports.rb @@ -3,28 +3,6 @@ module Gitlab module Regex module BulkImports - def bulk_import_destination_namespace_path_regex - # This regexp validates the string conforms to rules for a destination_namespace path: - # i.e does not start with a non-alphanumeric character, - # contains only alphanumeric characters, forward slashes, periods, and underscores, - # does not end with a period or forward slash, and has a relative path structure - # with no http protocol chars or leading or trailing forward slashes - # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/destination/namespace/path' - # the regex also allows for an empty string ('') to be accepted as this is allowed in - # a bulk_import POST request - @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|(\A[0-9a-z]*(-_.)?[0-9a-z])(\/?[0-9a-z]*[-_.]?[0-9a-z])+\z)/i - end - - def bulk_import_source_full_path_regex - # This regexp validates the string conforms to rules for a source_full_path path: - # i.e does not start with a non-alphanumeric character except for periods or underscores, - # contains only alphanumeric characters, forward slashes, periods, and underscores, - # does not end with a period or forward slash, and has a relative path structure - # with no http protocol chars or leading or trailing forward slashes - # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/source/full/path' - @bulk_import_source_full_path_regex ||= %r/\A([.]?)[^\W](\/?([-_.+]*)*[0-9a-z][-_]*)+\z/i - end - def bulk_import_source_full_path_regex_message bulk_import_destination_namespace_path_regex_message end |