7 files changed, 161 insertions, 0 deletions

diff --git a/lib/api/validations/validators/absence.rb b/lib/api/validations/validators/absence.rb
new file mode 100644
index 00000000000..1f43f3ab126
--- /dev/null
+++ b/lib/api/validations/validators/absence.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class Absence < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          return if params.respond_to?(:key?) && !params.key?(attr_name)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)], message: message(:absence)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/validations/validators/array_none_any.rb b/lib/api/validations/validators/array_none_any.rb
new file mode 100644
index 00000000000..7efb8e6ccee
--- /dev/null
+++ b/lib/api/validations/validators/array_none_any.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class ArrayNoneAny < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          value = params[attr_name]
+
+          return if value.is_a?(Array) ||
+              [IssuableFinder::Params::FILTER_NONE, IssuableFinder::Params::FILTER_ANY].include?(value.to_s.downcase)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                               message: "should be an array, 'None' or 'Any'"
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/validations/validators/check_assignees_count.rb b/lib/api/validations/validators/check_assignees_count.rb
new file mode 100644
index 00000000000..b614058e325
--- /dev/null
+++ b/lib/api/validations/validators/check_assignees_count.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class CheckAssigneesCount < Grape::Validations::Base
+        def self.coerce
+          lambda do |value|
+            case value
+            when String, Array
+              Array.wrap(value)
+            else
+              []
+            end
+          end
+        end
+
+        def validate_param!(attr_name, params)
+          return if param_allowed?(attr_name, params)
+
+          raise Grape::Exceptions::Validation,
+                params: [@scope.full_name(attr_name)],
+                message: "allows one value, but found #{params[attr_name].size}: #{params[attr_name].join(", ")}"
+        end
+
+        private
+
+        def param_allowed?(attr_name, params)
+          params[attr_name].size <= 1
+        end
+      end
+    end
+  end
+end
+
+API::Validations::Validators::CheckAssigneesCount.prepend_if_ee('EE::API::Validations::Validators::CheckAssigneesCount')
diff --git a/lib/api/validations/validators/file_path.rb b/lib/api/validations/validators/file_path.rb
new file mode 100644
index 00000000000..93a20e5bf7d
--- /dev/null
+++ b/lib/api/validations/validators/file_path.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class FilePath < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          path = params[attr_name]
+
+          Gitlab::Utils.check_path_traversal!(path)
+        rescue StandardError
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                               message: "should be a valid file path"
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/validations/validators/git_ref.rb b/lib/api/validations/validators/git_ref.rb
new file mode 100644
index 00000000000..1dda9d758a7
--- /dev/null
+++ b/lib/api/validations/validators/git_ref.rb
@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class GitRef < Grape::Validations::Base
+        # There are few checks that a Git reference should pass through to be valid reference.
+        # The link contains some rules that have been added to this validator.
+        # https://mirrors.edge.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
+        # We have skipped some checks that are optional and can be skipped for exception.
+        # We also check for control characters, More info on ctrl chars - https://ruby-doc.org/core-2.7.0/Regexp.html#class-Regexp-label-Character+Classes
+        INVALID_CHARS = Regexp.union('..', '\\', '@', '@{', ' ', '~', '^', ':', '*', '?', '[', /[[:cntrl:]]/).freeze
+        GIT_REF_LENGTH = (1..1024).freeze
+
+        def validate_param!(attr_name, params)
+          revision = params[attr_name]
+
+          return unless invalid_character?(revision)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                               message: 'should be a valid reference path'
+        end
+
+        private
+
+        def invalid_character?(revision)
+          revision.nil? ||
+            revision.start_with?('-') ||
+            revision.end_with?('.') ||
+            GIT_REF_LENGTH.exclude?(revision.length) ||
+            INVALID_CHARS.match?(revision)
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/validations/validators/git_sha.rb b/lib/api/validations/validators/git_sha.rb
new file mode 100644
index 00000000000..657307db1df
--- /dev/null
+++ b/lib/api/validations/validators/git_sha.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class GitSha < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          sha = params[attr_name]
+
+          return if Commit::EXACT_COMMIT_SHA_PATTERN.match?(sha)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                                message: "should be a valid sha"
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/validations/validators/integer_none_any.rb b/lib/api/validations/validators/integer_none_any.rb
new file mode 100644
index 00000000000..aa8c137a6ab
--- /dev/null
+++ b/lib/api/validations/validators/integer_none_any.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module API
+  module Validations
+    module Validators
+      class IntegerNoneAny < Grape::Validations::Base
+        def validate_param!(attr_name, params)
+          value = params[attr_name]
+
+          return if value.is_a?(Integer) ||
+              [IssuableFinder::Params::FILTER_NONE, IssuableFinder::Params::FILTER_ANY].include?(value.to_s.downcase)
+
+          raise Grape::Exceptions::Validation, params: [@scope.full_name(attr_name)],
+                                               message: "should be an integer, 'None' or 'Any'"
+        end
+      end
+    end
+  end
+end