diff options
author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-01-02 22:01:11 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-31 18:52:48 +0300 |
commit | 66744469d4f2c444c0248b84096d252db749d01c (patch) | |
tree | 0b71d2c71a195d61dca9b814e7fff31abe59004e /spec/fixtures/safe_zip | |
parent | a1bf088201702ec4d36015c8f4cb635fa2ee2c5b (diff) |
Extract GitLab Pages using RubyZip
RubyZip allows us to perform strong validation of
expanded paths where we do extract file.
We introduce the following additional checks
to extract routines:
1. None of path components can be symlinked,
2. We drop privileges support for directories,
3. Symlink source needs to point within the target directory,
like `public/`,
4. The symlink source needs to exist ahead of time.
Diffstat (limited to 'spec/fixtures/safe_zip')
-rw-r--r-- | spec/fixtures/safe_zip/invalid-symlink-does-not-exist.zip | bin | 0 -> 1183 bytes |
-rw-r--r-- | spec/fixtures/safe_zip/invalid-symlinks-outside.zip | bin | 0 -> 1309 bytes |
-rw-r--r-- | spec/fixtures/safe_zip/valid-non-writeable.zip | bin | 0 -> 727 bytes |
-rw-r--r-- | spec/fixtures/safe_zip/valid-simple.zip | bin | 0 -> 1144 bytes |
-rw-r--r-- | spec/fixtures/safe_zip/valid-symlinks-first.zip | bin | 0 -> 528 bytes |
5 files changed, 0 insertions, 0 deletions
diff --git a/spec/fixtures/safe_zip/invalid-symlink-does-not-exist.zip b/spec/fixtures/safe_zip/invalid-symlink-does-not-exist.zip Binary files differnew file mode 100644 index 00000000000..b9ae1548713 --- /dev/null +++ b/spec/fixtures/safe_zip/invalid-symlink-does-not-exist.zip diff --git a/spec/fixtures/safe_zip/invalid-symlinks-outside.zip b/spec/fixtures/safe_zip/invalid-symlinks-outside.zip Binary files differnew file mode 100644 index 00000000000..c184a1dafe2 --- /dev/null +++ b/spec/fixtures/safe_zip/invalid-symlinks-outside.zip diff --git a/spec/fixtures/safe_zip/valid-non-writeable.zip b/spec/fixtures/safe_zip/valid-non-writeable.zip Binary files differnew file mode 100644 index 00000000000..69f175d8504 --- /dev/null +++ b/spec/fixtures/safe_zip/valid-non-writeable.zip diff --git a/spec/fixtures/safe_zip/valid-simple.zip b/spec/fixtures/safe_zip/valid-simple.zip Binary files differnew file mode 100644 index 00000000000..a56b8b41dcc --- /dev/null +++ b/spec/fixtures/safe_zip/valid-simple.zip diff --git a/spec/fixtures/safe_zip/valid-symlinks-first.zip b/spec/fixtures/safe_zip/valid-symlinks-first.zip Binary files differnew file mode 100644 index 00000000000..f5952ef71c9 --- /dev/null +++ b/spec/fixtures/safe_zip/valid-symlinks-first.zip |