Download as
Browse Code »

Commit 0a4a6f5921b256feabc2a1c95db2346254914efc

Authored by Dmitriy Zaporozhets
2 parents d3ca12a1 ba21546a
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Merge pull request #3918 from joeandaverde/unsanitized 

System calls to gitlab-shell were using unsanitized user input
Showing 1 changed file with 7 additions and 7 deletions   Show diff stats
lib/gitlab/backend/shell.rb
  Diff comments   View file @0a4a6f5
@@ -10,7 +10,7 @@ module Gitlab @@ -10,7 +10,7 @@ module Gitlab
10 # add_repository("gitlab/gitlab-ci") 10 # add_repository("gitlab/gitlab-ci")
11 # 11 #
12 def add_repository(name) 12 def add_repository(name)
13 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects add-project #{name}.git") 13 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", "#{name}.git"
14 end 14 end
15 15
16 # Import repository 16 # Import repository
@@ -21,7 +21,7 @@ module Gitlab @@ -21,7 +21,7 @@ module Gitlab
21 # import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git") 21 # import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git")
22 # 22 #
23 def import_repository(name, url) 23 def import_repository(name, url)
24 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects import-project #{name}.git #{url}") 24 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", "#{name}.git", url
25 end 25 end
26 26
27 # Move repository 27 # Move repository
@@ -33,7 +33,7 @@ module Gitlab @@ -33,7 +33,7 @@ module Gitlab
33 # mv_repository("gitlab/gitlab-ci", "randx/gitlab-ci-new.git") 33 # mv_repository("gitlab/gitlab-ci", "randx/gitlab-ci-new.git")
34 # 34 #
35 def mv_repository(path, new_path) 35 def mv_repository(path, new_path)
36 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects mv-project #{path}.git #{new_path}.git") 36 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", "#{path}.git", "#{new_path}.git"
37 end 37 end
38 38
39 # Fork repository to new namespace 39 # Fork repository to new namespace
@@ -45,7 +45,7 @@ module Gitlab @@ -45,7 +45,7 @@ module Gitlab
45 # fork_repository("gitlab/gitlab-ci", "randx") 45 # fork_repository("gitlab/gitlab-ci", "randx")
46 # 46 #
47 def fork_repository(path, fork_namespace) 47 def fork_repository(path, fork_namespace)
48 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects fork-project #{path}.git #{fork_namespace}") 48 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", "#{path}.git", fork_namespace
49 end 49 end
50 50
51 # Remove repository from file system 51 # Remove repository from file system
@@ -56,7 +56,7 @@ module Gitlab @@ -56,7 +56,7 @@ module Gitlab
56 # remove_repository("gitlab/gitlab-ci") 56 # remove_repository("gitlab/gitlab-ci")
57 # 57 #
58 def remove_repository(name) 58 def remove_repository(name)
59 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects rm-project #{name}.git") 59 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", "#{name}.git"
60 end 60 end
61 61
62 # Add new key to gitlab-shell 62 # Add new key to gitlab-shell
@@ -65,7 +65,7 @@ module Gitlab @@ -65,7 +65,7 @@ module Gitlab
65 # add_key("key-42", "sha-rsa ...") 65 # add_key("key-42", "sha-rsa ...")
66 # 66 #
67 def add_key(key_id, key_content) 67 def add_key(key_id, key_content)
68 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys add-key #{key_id} \"#{key_content}\"") 68 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", key_id, key_content
69 end 69 end
70 70
71 # Remove ssh key from gitlab shell 71 # Remove ssh key from gitlab shell
@@ -74,7 +74,7 @@ module Gitlab @@ -74,7 +74,7 @@ module Gitlab
74 # remove_key("key-342", "sha-rsa ...") 74 # remove_key("key-342", "sha-rsa ...")
75 # 75 #
76 def remove_key(key_id, key_content) 76 def remove_key(key_id, key_content)
77 - system("#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys rm-key #{key_id} \"#{key_content}\"") 77 + system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", key_id, key_content
78 end 78 end
79 79
80 # Add empty directory for storing repositories 80 # Add empty directory for storing repositories