diff options
-rw-r--r-- | lib/gitlab/ci/components/instance_path.rb | 10 | ||||
-rw-r--r-- | spec/lib/gitlab/ci/components/instance_path_spec.rb | 14 |
2 files changed, 23 insertions, 1 deletions
diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb index 551284d9099..df2b2a14fc6 100644 --- a/lib/gitlab/ci/components/instance_path.rb +++ b/lib/gitlab/ci/components/instance_path.rb @@ -5,6 +5,7 @@ module Gitlab module Components class InstancePath include Gitlab::Utils::StrongMemoize + include ::Gitlab::LoopHelpers LATEST_VERSION_KEYWORD = '~latest' @@ -49,11 +50,18 @@ module Gitlab # Given a path like "my-org/sub-group/the-project/path/to/component" # find the project "my-org/sub-group/the-project" by looking at all possible paths. def find_project_by_component_path(path) + return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever. + possible_paths = [path] + index = nil + + loop_until(limit: 20) do + index = path.rindex('/') # find index of last `/` in a path + break unless index - while index = path.rindex('/') # find index of last `/` in a path possible_paths << (path = path[0..index - 1]) end + # remove shortest path as it is group possible_paths.pop diff --git a/spec/lib/gitlab/ci/components/instance_path_spec.rb b/spec/lib/gitlab/ci/components/instance_path_spec.rb index 0bdcfcfd546..4ba963b54b5 100644 --- a/spec/lib/gitlab/ci/components/instance_path_spec.rb +++ b/spec/lib/gitlab/ci/components/instance_path_spec.rb @@ -84,6 +84,20 @@ RSpec.describe Gitlab::Ci::Components::InstancePath, feature_category: :pipeline end end + shared_examples 'prevents infinite loop' do |prefix| + context "when the project path starts with '#{prefix}'" do + let(:project_path) { "#{prefix}#{project.full_path}" } + + it 'returns nil' do + result = path.fetch_content!(current_user: user) + expect(result).to be_nil + end + end + end + + it_behaves_like 'prevents infinite loop', '/' + it_behaves_like 'prevents infinite loop', '//' + context 'when fetching the latest version of a component' do let_it_be(:project) do create( |