Merge branch 'import-symlinks-9-3' into 'security-9-3'

Fix file disclosure via hidden symlinks using the project import (9.3) See merge request !2164
author: James Edwards-Jones <jedwardsjones@gitlab.com> 2017-08-09 00:18:02 +0300
committer: James Edwards-Jones <jedwardsjones@gitlab.com> 2017-08-09 00:19:45 +0300
commit: 6689cfd084dfae0f006e6d007f938332153d6556 (patch)
tree: 1f2a50a2b35ea16d3a26bd5c130b42f9cb3decda /spec
parent: 7528b7ead5dbbc7384dec7ab30ccb76f95d4d622 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/spec/lib/gitlab/import_export/file_importer_spec.rb b/spec/lib/gitlab/import_export/file_importer_spec.rb
index b88b9c18c15..2be73ae415f 100644
--- a/spec/lib/gitlab/import_export/file_importer_spec.rb
+++ b/spec/lib/gitlab/import_export/file_importer_spec.rb
@@ -5,6 +5,7 @@ describe Gitlab::ImportExport::FileImporter, lib: true do
   let(:export_path) { "#{Dir.tmpdir}/file_importer_spec" }
   let(:valid_file) { "#{shared.export_path}/valid.json" }
   let(:symlink_file) { "#{shared.export_path}/invalid.json" }
+  let(:hidden_symlink_file) { "#{shared.export_path}/.hidden" }
   let(:subfolder_symlink_file) { "#{shared.export_path}/subfolder/invalid.json" }
 
   before do
@@ -25,6 +26,10 @@ describe Gitlab::ImportExport::FileImporter, lib: true do
     expect(File.exist?(symlink_file)).to be false
   end
 
+  it 'removes hidden symlinks in root folder' do
+    expect(File.exist?(hidden_symlink_file)).to be false
+  end
+
   it 'removes symlinks in subfolders' do
     expect(File.exist?(subfolder_symlink_file)).to be false
   end
author	James Edwards-Jones <jedwardsjones@gitlab.com>	2017-08-09 00:18:02 +0300
committer	James Edwards-Jones <jedwardsjones@gitlab.com>	2017-08-09 00:19:45 +0300
commit	6689cfd084dfae0f006e6d007f938332153d6556 (patch)
tree	1f2a50a2b35ea16d3a26bd5c130b42f9cb3decda /spec
parent	7528b7ead5dbbc7384dec7ab30ccb76f95d4d622 (diff)