diff options
| -rw-r--r-- | changelogs/unreleased/sh-handle-string-null-bytes.yml | 5 | ||||
| -rw-r--r-- | lib/gitlab/git_ref_validator.rb | 6 | ||||
| -rw-r--r-- | spec/lib/gitlab/git_ref_validator_spec.rb | 1 |
3 files changed, 11 insertions, 1 deletions
diff --git a/changelogs/unreleased/sh-handle-string-null-bytes.yml b/changelogs/unreleased/sh-handle-string-null-bytes.yml new file mode 100644 index 00000000000..edc045274e3 --- /dev/null +++ b/changelogs/unreleased/sh-handle-string-null-bytes.yml @@ -0,0 +1,5 @@ +--- +title: Gracefully handle references with null bytes +merge_request: 23365 +author: +type: fixed diff --git a/lib/gitlab/git_ref_validator.rb b/lib/gitlab/git_ref_validator.rb index a90b69ff42b..3f13ebeb9d0 100644 --- a/lib/gitlab/git_ref_validator.rb +++ b/lib/gitlab/git_ref_validator.rb @@ -13,7 +13,11 @@ module Gitlab return false if ref_name.start_with?(*not_allowed_prefixes) return false if ref_name == 'HEAD' - Rugged::Reference.valid_name? "refs/heads/#{ref_name}" + begin + Rugged::Reference.valid_name?("refs/heads/#{ref_name}") + rescue ArgumentError + return false + end end end end diff --git a/spec/lib/gitlab/git_ref_validator_spec.rb b/spec/lib/gitlab/git_ref_validator_spec.rb index ba7fb168a3b..3ab04a1c46d 100644 --- a/spec/lib/gitlab/git_ref_validator_spec.rb +++ b/spec/lib/gitlab/git_ref_validator_spec.rb @@ -27,4 +27,5 @@ describe Gitlab::GitRefValidator do it { expect(described_class.validate('-branch')).to be_falsey } it { expect(described_class.validate('.tag')).to be_falsey } it { expect(described_class.validate('my branch')).to be_falsey } + it { expect(described_class.validate("\xA0\u0000\xB0")).to be_falsey } end |