Download as
Browse Code »

Commit 0a4a6f5921b256feabc2a1c95db2346254914efc

Authored by Dmitriy Zaporozhets
2 parents d3ca12a1 ba21546a
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Merge pull request #3918 from joeandaverde/unsanitized 

System calls to gitlab-shell were using unsanitized user input
Showing 1 changed file with 7 additions and 7 deletions   Show diff stats
lib/gitlab/backend/shell.rb
  Diff comments   View file @0a4a6f5
... ... @@ -10,7 +10,7 @@ module Gitlab
10 10 # add_repository("gitlab/gitlab-ci")
11 11 #
12 12 def add_repository(name)
13   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects add-project #{name}.git")
  13 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", "#{name}.git"
14 14 end
15 15  
16 16 # Import repository
... ... @@ -21,7 +21,7 @@ module Gitlab
21 21 # import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git")
22 22 #
23 23 def import_repository(name, url)
24   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects import-project #{name}.git #{url}")
  24 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", "#{name}.git", url
25 25 end
26 26  
27 27 # Move repository
... ... @@ -33,7 +33,7 @@ module Gitlab
33 33 # mv_repository("gitlab/gitlab-ci", "randx/gitlab-ci-new.git")
34 34 #
35 35 def mv_repository(path, new_path)
36   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects mv-project #{path}.git #{new_path}.git")
  36 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", "#{path}.git", "#{new_path}.git"
37 37 end
38 38  
39 39 # Fork repository to new namespace
... ... @@ -45,7 +45,7 @@ module Gitlab
45 45 # fork_repository("gitlab/gitlab-ci", "randx")
46 46 #
47 47 def fork_repository(path, fork_namespace)
48   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects fork-project #{path}.git #{fork_namespace}")
  48 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", "#{path}.git", fork_namespace
49 49 end
50 50  
51 51 # Remove repository from file system
... ... @@ -56,7 +56,7 @@ module Gitlab
56 56 # remove_repository("gitlab/gitlab-ci")
57 57 #
58 58 def remove_repository(name)
59   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects rm-project #{name}.git")
  59 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", "#{name}.git"
60 60 end
61 61  
62 62 # Add new key to gitlab-shell
... ... @@ -65,7 +65,7 @@ module Gitlab
65 65 # add_key("key-42", "sha-rsa ...")
66 66 #
67 67 def add_key(key_id, key_content)
68   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"")
  68 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", key_id, key_content
69 69 end
70 70  
71 71 # Remove ssh key from gitlab shell
... ... @@ -74,7 +74,7 @@ module Gitlab
74 74 # remove_key("key-342", "sha-rsa ...")
75 75 #
76 76 def remove_key(key_id, key_content)
77   - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"")
  77 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", key_id, key_content
78 78 end
79 79  
80 80 # Add empty directory for storing repositories
... ...