Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/repositories/lfs_storage_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/repositories/lfs_storage_controller.rb')
-rw-r--r--app/controllers/repositories/lfs_storage_controller.rb14
1 files changed, 14 insertions, 0 deletions
diff --git a/app/controllers/repositories/lfs_storage_controller.rb b/app/controllers/repositories/lfs_storage_controller.rb
index 252b604dcb0..d54b51b463a 100644
--- a/app/controllers/repositories/lfs_storage_controller.rb
+++ b/app/controllers/repositories/lfs_storage_controller.rb
@@ -6,6 +6,8 @@ module Repositories
include WorkhorseRequest
include SendFileUpload
+ InvalidUploadedFile = Class.new(StandardError)
+
skip_before_action :verify_workhorse_api!, only: :download
# added here as a part of the refactor, will be removed
@@ -44,6 +46,8 @@ module Repositories
end
def upload_finalize
+ validate_uploaded_file!
+
if store_file!(oid, size)
head 200, content_type: LfsRequest::CONTENT_TYPE
else
@@ -55,6 +59,8 @@ module Repositories
render_lfs_forbidden
rescue ObjectStorage::RemoteStoreError
render_lfs_forbidden
+ rescue InvalidUploadedFile
+ render plain: 'SHA256 or size mismatch', status: :bad_request
end
private
@@ -117,5 +123,13 @@ module Repositories
lfs_object: object
)
end
+
+ def validate_uploaded_file!
+ return unless uploaded_file
+
+ if size != uploaded_file.size || oid != uploaded_file.sha256
+ raise InvalidUploadedFile
+ end
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-01 11:54:52 +0300