Commit 05c988419f438ec72556f3a52227c62943c67845
1 parent
4ab27017
Exists in
master
and in
4 other branches
Expand refs constraints to include valid characters
Fixes #4831, #4865, #4932
Showing
3 changed files
with
43 additions
and
6 deletions
Show diff stats
config/routes.rb
| @@ -222,14 +222,14 @@ Gitlab::Application.routes.draw do | @@ -222,14 +222,14 @@ Gitlab::Application.routes.draw do | ||
| 222 | end | 222 | end |
| 223 | end | 223 | end |
| 224 | 224 | ||
| 225 | - resources :branches, only: [:index, :new, :create, :destroy], constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ } do | 225 | + resources :branches, only: [:index, :new, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex } do |
| 226 | collection do | 226 | collection do |
| 227 | - get :recent | 227 | + get :recent, constraints: { id: Gitlab::Regex.git_reference_regex } |
| 228 | end | 228 | end |
| 229 | end | 229 | end |
| 230 | 230 | ||
| 231 | - resources :tags, only: [:index, :new, :create, :destroy], constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ } | ||
| 232 | - resources :protected_branches, only: [:index, :create, :destroy], constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ } | 231 | + resources :tags, only: [:index, :new, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex } |
| 232 | + resources :protected_branches, only: [:index, :create, :destroy], constraints: { id: Gitlab::Regex.git_reference_regex } | ||
| 233 | 233 | ||
| 234 | resources :refs, only: [] do | 234 | resources :refs, only: [] do |
| 235 | collection do | 235 | collection do |
| @@ -238,11 +238,11 @@ Gitlab::Application.routes.draw do | @@ -238,11 +238,11 @@ Gitlab::Application.routes.draw do | ||
| 238 | 238 | ||
| 239 | member do | 239 | member do |
| 240 | # tree viewer logs | 240 | # tree viewer logs |
| 241 | - get "logs_tree", constraints: { id: /[a-zA-Z.\/0-9_\-#%+]+/ } | 241 | + get "logs_tree", constraints: { id: Gitlab::Regex.git_reference_regex } |
| 242 | get "logs_tree/:path" => "refs#logs_tree", | 242 | get "logs_tree/:path" => "refs#logs_tree", |
| 243 | as: :logs_file, | 243 | as: :logs_file, |
| 244 | constraints: { | 244 | constraints: { |
| 245 | - id: /[a-zA-Z.0-9\/_\-#%+]+/, | 245 | + id: Gitlab::Regex.git_reference_regex, |
| 246 | path: /.*/ | 246 | path: /.*/ |
| 247 | } | 247 | } |
| 248 | end | 248 | end |
lib/gitlab/regex.rb
| @@ -18,6 +18,29 @@ module Gitlab | @@ -18,6 +18,29 @@ module Gitlab | ||
| 18 | default_regex | 18 | default_regex |
| 19 | end | 19 | end |
| 20 | 20 | ||
| 21 | + def git_reference_regex | ||
| 22 | + # Valid git ref regex, see: | ||
| 23 | + # https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html | ||
| 24 | + | ||
| 25 | + %r{ | ||
| 26 | + (?! | ||
| 27 | + # doesn't begins with | ||
| 28 | + \/| # (rule #6) | ||
| 29 | + # doesn't contain | ||
| 30 | + .*(?: | ||
| 31 | + [\/.]\.| # (rule #1,3) | ||
| 32 | + \/\/| # (rule #6) | ||
| 33 | + @\{| # (rule #8) | ||
| 34 | + \\ # (rule #9) | ||
| 35 | + ) | ||
| 36 | + ) | ||
| 37 | + [^\000-\040\177~^:?*\[]+ # (rule #4-5) | ||
| 38 | + # doesn't end with | ||
| 39 | + (?<!\.lock) # (rule #1) | ||
| 40 | + (?<![\/.]) # (rule #6-7) | ||
| 41 | + }x | ||
| 42 | + end | ||
| 43 | + | ||
| 21 | protected | 44 | protected |
| 22 | 45 | ||
| 23 | def default_regex | 46 | def default_regex |
spec/routing/project_routing_spec.rb
| @@ -138,12 +138,24 @@ end | @@ -138,12 +138,24 @@ end | ||
| 138 | describe Projects::BranchesController, "routing" do | 138 | describe Projects::BranchesController, "routing" do |
| 139 | it "to #branches" do | 139 | it "to #branches" do |
| 140 | get("/gitlab/gitlabhq/branches").should route_to('projects/branches#index', project_id: 'gitlab/gitlabhq') | 140 | get("/gitlab/gitlabhq/branches").should route_to('projects/branches#index', project_id: 'gitlab/gitlabhq') |
| 141 | + delete("/gitlab/gitlabhq/branches/feature%2345").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature#45') | ||
| 142 | + delete("/gitlab/gitlabhq/branches/feature%2B45").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature+45') | ||
| 143 | + delete("/gitlab/gitlabhq/branches/feature@45").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature@45') | ||
| 144 | + delete("/gitlab/gitlabhq/branches/feature%2345/foo/bar/baz").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature#45/foo/bar/baz') | ||
| 145 | + delete("/gitlab/gitlabhq/branches/feature%2B45/foo/bar/baz").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature+45/foo/bar/baz') | ||
| 146 | + delete("/gitlab/gitlabhq/branches/feature@45/foo/bar/baz").should route_to('projects/branches#destroy', project_id: 'gitlab/gitlabhq', id: 'feature@45/foo/bar/baz') | ||
| 141 | end | 147 | end |
| 142 | end | 148 | end |
| 143 | 149 | ||
| 144 | describe Projects::TagsController, "routing" do | 150 | describe Projects::TagsController, "routing" do |
| 145 | it "to #tags" do | 151 | it "to #tags" do |
| 146 | get("/gitlab/gitlabhq/tags").should route_to('projects/tags#index', project_id: 'gitlab/gitlabhq') | 152 | get("/gitlab/gitlabhq/tags").should route_to('projects/tags#index', project_id: 'gitlab/gitlabhq') |
| 153 | + delete("/gitlab/gitlabhq/tags/feature%2345").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature#45') | ||
| 154 | + delete("/gitlab/gitlabhq/tags/feature%2B45").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature+45') | ||
| 155 | + delete("/gitlab/gitlabhq/tags/feature@45").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature@45') | ||
| 156 | + delete("/gitlab/gitlabhq/tags/feature%2345/foo/bar/baz").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature#45/foo/bar/baz') | ||
| 157 | + delete("/gitlab/gitlabhq/tags/feature%2B45/foo/bar/baz").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature+45/foo/bar/baz') | ||
| 158 | + delete("/gitlab/gitlabhq/tags/feature@45/foo/bar/baz").should route_to('projects/tags#destroy', project_id: 'gitlab/gitlabhq', id: 'feature@45/foo/bar/baz') | ||
| 147 | end | 159 | end |
| 148 | end | 160 | end |
| 149 | 161 | ||
| @@ -183,9 +195,11 @@ describe Projects::RefsController, "routing" do | @@ -183,9 +195,11 @@ describe Projects::RefsController, "routing" do | ||
| 183 | get("/gitlab/gitlabhq/refs/stable/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable') | 195 | get("/gitlab/gitlabhq/refs/stable/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable') |
| 184 | get("/gitlab/gitlabhq/refs/feature%2345/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature#45') | 196 | get("/gitlab/gitlabhq/refs/feature%2345/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature#45') |
| 185 | get("/gitlab/gitlabhq/refs/feature%2B45/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature+45') | 197 | get("/gitlab/gitlabhq/refs/feature%2B45/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature+45') |
| 198 | + get("/gitlab/gitlabhq/refs/feature@45/logs_tree").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature@45') | ||
| 186 | get("/gitlab/gitlabhq/refs/stable/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable', path: 'foo/bar/baz') | 199 | get("/gitlab/gitlabhq/refs/stable/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable', path: 'foo/bar/baz') |
| 187 | get("/gitlab/gitlabhq/refs/feature%2345/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature#45', path: 'foo/bar/baz') | 200 | get("/gitlab/gitlabhq/refs/feature%2345/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature#45', path: 'foo/bar/baz') |
| 188 | get("/gitlab/gitlabhq/refs/feature%2B45/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature+45', path: 'foo/bar/baz') | 201 | get("/gitlab/gitlabhq/refs/feature%2B45/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature+45', path: 'foo/bar/baz') |
| 202 | + get("/gitlab/gitlabhq/refs/feature@45/logs_tree/foo/bar/baz").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'feature@45', path: 'foo/bar/baz') | ||
| 189 | get("/gitlab/gitlabhq/refs/stable/logs_tree/files.scss").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable', path: 'files.scss') | 203 | get("/gitlab/gitlabhq/refs/stable/logs_tree/files.scss").should route_to('projects/refs#logs_tree', project_id: 'gitlab/gitlabhq', id: 'stable', path: 'files.scss') |
| 190 | end | 204 | end |
| 191 | end | 205 | end |