From 56c0f733d55fda4a0ac46687702f1b2ab39115bc Mon Sep 17 00:00:00 2001
From: Yorick Peterse <yorickpeterse@gmail.com>
Date: Tue, 15 Jan 2019 12:49:47 +0000
Subject: Merge branch 'security-2770-verify-bundle-import-files-11-4' into
 'security-11-4'

[11.4] Validate bundle files before unpacking them

See merge request gitlab/gitlabhq!2776

(cherry picked from commit 6176b02aa6577079986410719884bd253dc5e7be)

e5e5e77e Validate bundle files before unpacking them
---
 spec/lib/gitlab/git/bundle_file_spec.rb | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 spec/lib/gitlab/git/bundle_file_spec.rb

(limited to 'spec/lib/gitlab/git/bundle_file_spec.rb')

diff --git a/spec/lib/gitlab/git/bundle_file_spec.rb b/spec/lib/gitlab/git/bundle_file_spec.rb
new file mode 100644
index 00000000000..ff7c981dadd
--- /dev/null
+++ b/spec/lib/gitlab/git/bundle_file_spec.rb
@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe Gitlab::Git::BundleFile do
+  describe '.check!' do
+    let(:valid_bundle) { Tempfile.new }
+    let(:valid_bundle_path) { valid_bundle.path }
+    let(:invalid_bundle_path) { Rails.root.join('spec/fixtures/malicious.bundle') }
+
+    after do
+      valid_bundle.close!
+    end
+
+    it 'returns nil for a valid bundle' do
+      valid_bundle.write("# v2 git bundle\nfoo bar baz\n")
+      valid_bundle.close
+
+      expect(described_class.check!(valid_bundle_path)).to be_nil
+    end
+
+    it 'raises an exception for an invalid bundle' do
+      expect do
+        described_class.check!(invalid_bundle_path)
+      end.to raise_error(described_class::InvalidBundleError)
+    end
+  end
+end
-- 
cgit v1.2.3