Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/middleware/compressed_json.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/middleware/compressed_json.rb')
-rw-r--r--lib/gitlab/middleware/compressed_json.rb39
1 files changed, 25 insertions, 14 deletions
diff --git a/lib/gitlab/middleware/compressed_json.rb b/lib/gitlab/middleware/compressed_json.rb
index 80916eab5ac..cc485d8a5db 100644
--- a/lib/gitlab/middleware/compressed_json.rb
+++ b/lib/gitlab/middleware/compressed_json.rb
@@ -4,15 +4,23 @@ module Gitlab
module Middleware
class CompressedJson
COLLECTOR_PATH = '/api/v4/error_tracking/collector'
- PACKAGES_PATH = %r{
- \A/api/v4/ (?# prefix)
- (?:projects/
- (?<project_id>
- .+ (?# at least one character)
- )/
- )? (?# projects segment)
- packages/npm/-/npm/v1/security/
- (?:(?:advisories/bulk)|(?:audits/quick))\z (?# end)
+ INSTANCE_PACKAGES_PATH = %r{
+ \A/api/v4/packages/npm/-/npm/v1/security/
+ (?:(?:advisories/bulk)|(?:audits/quick))\z (?# end)
+ }xi.freeze
+ GROUP_PACKAGES_PATH = %r{
+ \A/api/v4/groups/
+ (?<id>
+ [a-zA-Z0-9%-._]{1,255}
+ )/-/packages/npm/-/npm/v1/security/
+ (?:(?:advisories/bulk)|(?:audits/quick))\z (?# end)
+ }xi.freeze
+ PROJECT_PACKAGES_PATH = %r{
+ \A/api/v4/projects/
+ (?<id>
+ [a-zA-Z0-9%-._]{1,255}
+ )/packages/npm/-/npm/v1/security/
+ (?:(?:advisories/bulk)|(?:audits/quick))\z (?# end)
}xi.freeze
MAXIMUM_BODY_SIZE = 200.kilobytes.to_i
UNSAFE_CHARACTERS = %r{[!"#&'()*+,./:;<>=?@\[\]^`{}|~$]}xi.freeze
@@ -76,16 +84,19 @@ module Gitlab
end
def match_packages_path?(env)
- match_data = env['PATH_INFO'].delete_prefix(relative_url).match(PACKAGES_PATH)
+ path = env['PATH_INFO'].delete_prefix(relative_url)
+ match_data = path.match(INSTANCE_PACKAGES_PATH) ||
+ path.match(PROJECT_PACKAGES_PATH) ||
+ path.match(GROUP_PACKAGES_PATH)
return false unless match_data
- return true unless match_data[:project_id] # instance level endpoint was matched
+ return true if match_data.names.empty? # instance level endpoint was matched
- url_encoded?(match_data[:project_id])
+ url_encoded?(match_data[:id])
end
- def url_encoded?(project_id)
- project_id !~ UNSAFE_CHARACTERS
+ def url_encoded?(id)
+ id !~ UNSAFE_CHARACTERS
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 07:08:40 +0300