Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-31 18:10:27 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-03-31 18:10:27 +0300
commit: 5facc34f44ce8736078127a5df174a7b52d922b4 (patch)
tree: b93fbe904139121e82870cc40e5ab240a97b1f08 /workhorse/internal
parent: ea1dcaef18edf97b3ac73892d64ebaf5eecd7f68 (diff)
5 files changed, 46 insertions, 21 deletions
diff --git a/workhorse/internal/api/api.go b/workhorse/internal/api/api.go
index e434a847bf2..445ca3a94cf 100644
--- a/workhorse/internal/api/api.go
+++ b/workhorse/internal/api/api.go
@@ -149,6 +149,8 @@ type Response struct {
 	ProcessLsifReferences bool
 	// The maximum accepted size in bytes of the upload
 	MaximumSize int64
+	// Feature flag used to determine whether to strip the multipart filename of any directories
+	FeatureFlagExtractBase bool
 }
 
 // singleJoiningSlash is taken from reverseproxy.go:singleJoiningSlash
diff --git a/workhorse/internal/filestore/save_file_opts.go b/workhorse/internal/filestore/save_file_opts.go
index d0b2c6ec809..f42e21b5f2e 100644
--- a/workhorse/internal/filestore/save_file_opts.go
+++ b/workhorse/internal/filestore/save_file_opts.go
@@ -63,6 +63,8 @@ type SaveFileOpts struct {
 	PresignedCompleteMultipart string
 	// PresignedAbortMultipart is a presigned URL for AbortMultipartUpload
 	PresignedAbortMultipart string
+	// FeatureFlagExtractBase uses the base of the filename and strips directories
+	FeatureFlagExtractBase bool
 }
 
 // UseWorkhorseClientEnabled checks if the options require direct access to object storage
@@ -88,16 +90,17 @@ func GetOpts(apiResponse *api.Response) (*SaveFileOpts, error) {
 	}
 
 	opts := SaveFileOpts{
-		LocalTempPath:      apiResponse.TempPath,
-		RemoteID:           apiResponse.RemoteObject.ID,
-		RemoteURL:          apiResponse.RemoteObject.GetURL,
-		PresignedPut:       apiResponse.RemoteObject.StoreURL,
-		PresignedDelete:    apiResponse.RemoteObject.DeleteURL,
-		PutHeaders:         apiResponse.RemoteObject.PutHeaders,
-		UseWorkhorseClient: apiResponse.RemoteObject.UseWorkhorseClient,
-		RemoteTempObjectID: apiResponse.RemoteObject.RemoteTempObjectID,
-		Deadline:           time.Now().Add(timeout),
-		MaximumSize:        apiResponse.MaximumSize,
+		FeatureFlagExtractBase: apiResponse.FeatureFlagExtractBase,
+		LocalTempPath:          apiResponse.TempPath,
+		RemoteID:               apiResponse.RemoteObject.ID,
+		RemoteURL:              apiResponse.RemoteObject.GetURL,
+		PresignedPut:           apiResponse.RemoteObject.StoreURL,
+		PresignedDelete:        apiResponse.RemoteObject.DeleteURL,
+		PutHeaders:             apiResponse.RemoteObject.PutHeaders,
+		UseWorkhorseClient:     apiResponse.RemoteObject.UseWorkhorseClient,
+		RemoteTempObjectID:     apiResponse.RemoteObject.RemoteTempObjectID,
+		Deadline:               time.Now().Add(timeout),
+		MaximumSize:            apiResponse.MaximumSize,
 	}
 
 	if opts.LocalTempPath != "" && opts.RemoteID != "" {
diff --git a/workhorse/internal/filestore/save_file_opts_test.go b/workhorse/internal/filestore/save_file_opts_test.go
index facfb1cdc85..aa7018525ab 100644
--- a/workhorse/internal/filestore/save_file_opts_test.go
+++ b/workhorse/internal/filestore/save_file_opts_test.go
@@ -57,13 +57,18 @@ func TestSaveFileOptsLocalAndRemote(t *testing.T) {
 
 func TestGetOpts(t *testing.T) {
 	tests := []struct {
-		name             string
-		multipart        *api.MultipartUploadParams
-		customPutHeaders bool
-		putHeaders       map[string]string
+		name                   string
+		multipart              *api.MultipartUploadParams
+		customPutHeaders       bool
+		putHeaders             map[string]string
+		FeatureFlagExtractBase bool
 	}{
 		{
 			name: "Single upload",
+		},
+		{
+			name:                   "Single upload w/ FeatureFlagExtractBase enabled",
+			FeatureFlagExtractBase: true,
 		}, {
 			name: "Multipart upload",
 			multipart: &api.MultipartUploadParams{
@@ -93,6 +98,7 @@ func TestGetOpts(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			apiResponse := &api.Response{
+				FeatureFlagExtractBase: test.FeatureFlagExtractBase,
 				RemoteObject: api.RemoteObject{
 					Timeout:          10,
 					ID:               "id",
@@ -108,6 +114,7 @@ func TestGetOpts(t *testing.T) {
 			opts, err := filestore.GetOpts(apiResponse)
 			require.NoError(t, err)
 
+			require.Equal(t, apiResponse.FeatureFlagExtractBase, opts.FeatureFlagExtractBase)
 			require.Equal(t, apiResponse.TempPath, opts.LocalTempPath)
 			require.WithinDuration(t, deadline, opts.Deadline, time.Second)
 			require.Equal(t, apiResponse.RemoteObject.ID, opts.RemoteID)
diff --git a/workhorse/internal/upload/rewrite.go b/workhorse/internal/upload/rewrite.go
index e51604c6ed9..b8c9194f180 100644
--- a/workhorse/internal/upload/rewrite.go
+++ b/workhorse/internal/upload/rewrite.go
@@ -8,6 +8,7 @@ import (
 	"io/ioutil"
 	"mime/multipart"
 	"net/http"
+	"path/filepath"
 	"strings"
 
 	"github.com/prometheus/client_golang/prometheus"
@@ -114,6 +115,10 @@ func (rew *rewriter) handleFilePart(ctx context.Context, name string, p *multipa
 
 	filename := p.FileName()
 
+	if opts.FeatureFlagExtractBase {
+		filename = filepath.Base(filename)
+	}
+
 	if strings.Contains(filename, "/") || filename == "." || filename == ".." {
 		return fmt.Errorf("illegal filename: %q", filename)
 	}
diff --git a/workhorse/internal/upload/uploads_test.go b/workhorse/internal/upload/uploads_test.go
index fc1a1ac57ef..29282a6f88d 100644
--- a/workhorse/internal/upload/uploads_test.go
+++ b/workhorse/internal/upload/uploads_test.go
@@ -325,14 +325,20 @@ func TestInvalidFileNames(t *testing.T) {
 	defer os.RemoveAll(tempPath)
 
 	for _, testCase := range []struct {
-		filename string
-		code     int
+		filename               string
+		code                   int
+		FeatureFlagExtractBase bool
+		expectedPrefix         string
 	}{
-		{"foobar", 200}, // sanity check for test setup below
-		{"foo/bar", 500},
-		{"/../../foobar", 500},
-		{".", 500},
-		{"..", 500},
+		{"foobar", 200, false, "foobar"}, // sanity check for test setup below
+		{"foo/bar", 500, false, ""},
+		{"foo/bar", 200, true, "bar"},
+		{"foo/bar/baz", 200, true, "baz"},
+		{"/../../foobar", 500, false, ""},
+		{"/../../foobar", 200, true, "foobar"},
+		{".", 500, false, ""},
+		{"..", 500, false, ""},
+		{"./", 500, false, ""},
 	} {
 		buffer := &bytes.Buffer{}
 
@@ -350,10 +356,12 @@ func TestInvalidFileNames(t *testing.T) {
 		apiResponse := &api.Response{TempPath: tempPath}
 		preparer := &DefaultPreparer{}
 		opts, _, err := preparer.Prepare(apiResponse)
+		opts.FeatureFlagExtractBase = testCase.FeatureFlagExtractBase
 		require.NoError(t, err)
 
 		HandleFileUploads(response, httpRequest, nilHandler, apiResponse, &SavedFileTracker{Request: httpRequest}, opts)
 		require.Equal(t, testCase.code, response.Code)
+		require.Equal(t, testCase.expectedPrefix, opts.TempFilePrefix)
 	}
 }
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-31 18:10:27 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-03-31 18:10:27 +0300
commit	5facc34f44ce8736078127a5df174a7b52d922b4 (patch)
tree	b93fbe904139121e82870cc40e5ab240a97b1f08 /workhorse/internal
parent	ea1dcaef18edf97b3ac73892d64ebaf5eecd7f68 (diff)