1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# frozen_string_literal: true
module Packages
module Debian
class FileEntry
include ActiveModel::Model
include ::Packages::FIPS
DIGESTS = %i[md5 sha1 sha256].freeze
FILENAME_REGEX = %r{\A[a-zA-Z0-9][a-zA-Z0-9_.~+-]*\z}.freeze
attr_accessor :filename,
:size,
:md5sum,
:section,
:priority,
:sha1sum,
:sha256sum,
:package_file
validates :filename, :size, :md5sum, :section, :priority, :sha1sum, :sha256sum, :package_file, presence: true
validates :filename, format: { with: FILENAME_REGEX }
validate :valid_package_file_digests, if: -> { md5sum.present? && sha1sum.present? && sha256sum.present? && package_file.present? }
def component
return 'main' if section.blank?
return 'main' unless section.include?('/')
section.split('/')[0]
end
private
def valid_package_file_digests
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
DIGESTS.each do |digest|
package_file_digest = package_file["file_#{digest}"]
sum = public_send("#{digest}sum") # rubocop:disable GitlabSecurity/PublicSend
next if package_file_digest == sum
errors.add("#{digest}sum".to_sym, "mismatch for #{filename}: #{package_file_digest} != #{sum}")
end
end
end
end
end
|
