Merge branch 'security-2770-verify-bundle-import-files-11-4' into 'security-11-4'

[11.4] Validate bundle files before unpacking them

See merge request gitlab/gitlabhq!2776

(cherry picked from commit 6176b02aa6577079986410719884bd253dc5e7be)

e5e5e77e Validate bundle files before unpacking them

1 files changed, 26 insertions, 0 deletions

diff --git a/spec/lib/gitlab/git/bundle_file_spec.rb b/spec/lib/gitlab/git/bundle_file_spec.rb
new file mode 100644
index 00000000000..ff7c981dadd
--- /dev/null
+++ b/spec/lib/gitlab/git/bundle_file_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Gitlab::Git::BundleFile do
+  describe '.check!' do
+    let(:valid_bundle) { Tempfile.new }
+    let(:valid_bundle_path) { valid_bundle.path }
+    let(:invalid_bundle_path) { Rails.root.join('spec/fixtures/malicious.bundle') }
+
+    after do
+      valid_bundle.close!
+    end
+
+    it 'returns nil for a valid bundle' do
+      valid_bundle.write("# v2 git bundle\nfoo bar baz\n")
+      valid_bundle.close
+
+      expect(described_class.check!(valid_bundle_path)).to be_nil
+    end
+
+    it 'raises an exception for an invalid bundle' do
+      expect do
+        described_class.check!(invalid_bundle_path)
+      end.to raise_error(described_class::InvalidBundleError)
+    end
+  end
+end