Merge pull request #5475 from nkukard/esc-strings

Escape strings

Merge pull request #5475 from nkukard/esc-strings
Escape strings
Dmitriy Zaporozhets
2 parents d55428b8 aca7f56f
Showing 1 changed file with 16 additions and 14 deletions Show diff stats
lib/gitlab/backend/shell.rb
+require "shellwords"
+
 module Gitlab
   class Shell
     class AccessDenied < StandardError; end
@@ -10,7 +12,7 @@ module Gitlab
     #   add_repository("gitlab/gitlab-ci")
     #
     def add_repository(name)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", "#{name}.git"
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", Shellwords.shellescape("#{name}.git")
     end
  
     # Import repository
@@ -21,7 +23,7 @@ module Gitlab
     #   import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git")
     #
     def import_repository(name, url)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", "#{name}.git", url
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", Shellwords.shellescape("#{name}.git"), Shellwords.shellescape(url)
     end
  
     # Move repository
@@ -33,7 +35,7 @@ module Gitlab
     #   mv_repository("gitlab/gitlab-ci", "randx/gitlab-ci-new.git")
     #
     def mv_repository(path, new_path)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", "#{path}.git", "#{new_path}.git"
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape("#{new_path}.git")
     end
  
     # Update HEAD for repository
@@ -45,7 +47,7 @@ module Gitlab
     #  update_repository_head("gitlab/gitlab-ci", "3-1-stable")
     #
     def update_repository_head(path, branch)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "update-head", "#{path}.git", branch
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "update-head", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch)
     end
  
     # Fork repository to new namespace
@@ -57,18 +59,18 @@ module Gitlab
     #  fork_repository("gitlab/gitlab-ci", "randx")
     #
     def fork_repository(path, fork_namespace)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", "#{path}.git", fork_namespace
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(fork_namespace)
     end
  
     # Remove repository from file system
     #
-    # name - project path with namespace
+    # path - project path with namespace
     #
     # Ex.
     #   remove_repository("gitlab/gitlab-ci")
     #
-    def remove_repository(name)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", "#{name}.git"
+    def remove_repository(path)
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", Shellwords.shellescape("#{path}.git")
     end
  
     # Add repository branch from passed ref
@@ -81,7 +83,7 @@ module Gitlab
     #   add_branch("gitlab/gitlab-ci", "4-0-stable", "master")
     #
     def add_branch(path, branch_name, ref)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-branch", "#{path}.git", branch_name, ref
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-branch", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch_name), Shellwords.shellescape(ref)
     end
  
     # Remove repository branch
@@ -93,7 +95,7 @@ module Gitlab
     #   rm_branch("gitlab/gitlab-ci", "4-0-stable")
     #
     def rm_branch(path, branch_name)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-branch", "#{path}.git", branch_name
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-branch", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch_name)
     end
  
     # Add repository tag from passed ref
@@ -106,7 +108,7 @@ module Gitlab
     #   add_tag("gitlab/gitlab-ci", "v4.0", "master")
     #
     def add_tag(path, tag_name, ref)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-tag", "#{path}.git", tag_name, ref
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-tag", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(tag_name), Shellwords.shellescape(ref)
     end
  
     # Remove repository tag
@@ -118,7 +120,7 @@ module Gitlab
     #   rm_tag("gitlab/gitlab-ci", "v4.0")
     #
     def rm_tag(path, tag_name)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-tag", "#{path}.git", tag_name
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-tag", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(tag_name)
     end
  
     # Add new key to gitlab-shell
@@ -127,7 +129,7 @@ module Gitlab
     #   add_key("key-42", "sha-rsa ...")
     #
     def add_key(key_id, key_content)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", key_id, key_content
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", Shellwords.shellescape(key_id), Shellwords.shellescape(key_content)
     end
  
     # Remove ssh key from gitlab shell
@@ -136,7 +138,7 @@ module Gitlab
     #   remove_key("key-342", "sha-rsa ...")
     #
     def remove_key(key_id, key_content)
-      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", key_id, key_content
+      system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", Shellwords.shellescape(key_id), Shellwords.shellescape(key_content)
     end
  
     # Remove all ssh keys from gitlab shell
	1	+require "shellwords"
	2	+
1	3	module Gitlab
2	4	class Shell
3	5	class AccessDenied < StandardError; end
...	...	@@ -10,7 +12,7 @@ module Gitlab
10	12	# add_repository("gitlab/gitlab-ci")
11	13	#
12	14	def add_repository(name)
13		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", "#{name}.git"
	15	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "add-project", Shellwords.shellescape("#{name}.git")
14	16	end
15	17
16	18	# Import repository
...	...	@@ -21,7 +23,7 @@ module Gitlab
21	23	# import_repository("gitlab/gitlab-ci", "https://github.com/randx/six.git")
22	24	#
23	25	def import_repository(name, url)
24		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", "#{name}.git", url
	26	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "import-project", Shellwords.shellescape("#{name}.git"), Shellwords.shellescape(url)
25	27	end
26	28
27	29	# Move repository
...	...	@@ -33,7 +35,7 @@ module Gitlab
33	35	# mv_repository("gitlab/gitlab-ci", "randx/gitlab-ci-new.git")
34	36	#
35	37	def mv_repository(path, new_path)
36		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", "#{path}.git", "#{new_path}.git"
	38	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "mv-project", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape("#{new_path}.git")
37	39	end
38	40
39	41	# Update HEAD for repository
...	...	@@ -45,7 +47,7 @@ module Gitlab
45	47	# update_repository_head("gitlab/gitlab-ci", "3-1-stable")
46	48	#
47	49	def update_repository_head(path, branch)
48		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "update-head", "#{path}.git", branch
	50	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "update-head", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch)
49	51	end
50	52
51	53	# Fork repository to new namespace
...	...	@@ -57,18 +59,18 @@ module Gitlab
57	59	# fork_repository("gitlab/gitlab-ci", "randx")
58	60	#
59	61	def fork_repository(path, fork_namespace)
60		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", "#{path}.git", fork_namespace
	62	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "fork-project", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(fork_namespace)
61	63	end
62	64
63	65	# Remove repository from file system
64	66	#
65		- # name - project path with namespace
	67	+ # path - project path with namespace
66	68	#
67	69	# Ex.
68	70	# remove_repository("gitlab/gitlab-ci")
69	71	#
70		- def remove_repository(name)
71		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", "#{name}.git"
	72	+ def remove_repository(path)
	73	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-project", Shellwords.shellescape("#{path}.git")
72	74	end
73	75
74	76	# Add repository branch from passed ref
...	...	@@ -81,7 +83,7 @@ module Gitlab
81	83	# add_branch("gitlab/gitlab-ci", "4-0-stable", "master")
82	84	#
83	85	def add_branch(path, branch_name, ref)
84		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-branch", "#{path}.git", branch_name, ref
	86	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-branch", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch_name), Shellwords.shellescape(ref)
85	87	end
86	88
87	89	# Remove repository branch
...	...	@@ -93,7 +95,7 @@ module Gitlab
93	95	# rm_branch("gitlab/gitlab-ci", "4-0-stable")
94	96	#
95	97	def rm_branch(path, branch_name)
96		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-branch", "#{path}.git", branch_name
	98	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-branch", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(branch_name)
97	99	end
98	100
99	101	# Add repository tag from passed ref
...	...	@@ -106,7 +108,7 @@ module Gitlab
106	108	# add_tag("gitlab/gitlab-ci", "v4.0", "master")
107	109	#
108	110	def add_tag(path, tag_name, ref)
109		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-tag", "#{path}.git", tag_name, ref
	111	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "create-tag", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(tag_name), Shellwords.shellescape(ref)
110	112	end
111	113
112	114	# Remove repository tag
...	...	@@ -118,7 +120,7 @@ module Gitlab
118	120	# rm_tag("gitlab/gitlab-ci", "v4.0")
119	121	#
120	122	def rm_tag(path, tag_name)
121		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-tag", "#{path}.git", tag_name
	123	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-projects", "rm-tag", Shellwords.shellescape("#{path}.git"), Shellwords.shellescape(tag_name)
122	124	end
123	125
124	126	# Add new key to gitlab-shell
...	...	@@ -127,7 +129,7 @@ module Gitlab
127	129	# add_key("key-42", "sha-rsa ...")
128	130	#
129	131	def add_key(key_id, key_content)
130		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", key_id, key_content
	132	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "add-key", Shellwords.shellescape(key_id), Shellwords.shellescape(key_content)
131	133	end
132	134
133	135	# Remove ssh key from gitlab shell
...	...	@@ -136,7 +138,7 @@ module Gitlab
136	138	# remove_key("key-342", "sha-rsa ...")
137	139	#
138	140	def remove_key(key_id, key_content)
139		- system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", key_id, key_content
	141	+ system "#{gitlab_shell_user_home}/gitlab-shell/bin/gitlab-keys", "rm-key", Shellwords.shellescape(key_id), Shellwords.shellescape(key_content)
140	142	end
141	143
142	144	# Remove all ssh keys from gitlab shell
...	...