Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
2e75e93c
Commit
2e75e93c
authored
6 years ago
by
Douglas Barbosa Alexandre
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Does not allow an import_url with SSH protocol
parent
0602fcb6
No related merge requests found
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
57 additions
and
28 deletions
+57
-28
app/models/project.rb
app/models/project.rb
+8
-5
changelogs/unreleased/da-fix-does-not-import-projects-over-ssh.yml
...s/unreleased/da-fix-does-not-import-projects-over-ssh.yml
+5
-0
spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
+2
-2
spec/models/project_spec.rb
spec/models/project_spec.rb
+41
-20
spec/services/projects/import_service_spec.rb
spec/services/projects/import_service_spec.rb
+1
-1
No files found.
app/models/project.rb
View file @
2e75e93c
...
...
@@ -49,8 +49,11 @@ class Project < ActiveRecord::Base
attachments:
2
}.
freeze
# Valids ports to import from
VALID_IMPORT_PORTS
=
[
22
,
80
,
443
].
freeze
VALID_IMPORT_PORTS
=
[
80
,
443
].
freeze
VALID_IMPORT_PROTOCOLS
=
%w(http https git)
.
freeze
VALID_MIRROR_PORTS
=
[
22
,
80
,
443
].
freeze
VALID_MIRROR_PROTOCOLS
=
%w(http https ssh git)
.
freeze
cache_markdown_field
:description
,
pipeline: :description
...
...
@@ -305,10 +308,10 @@ class Project < ActiveRecord::Base
validates
:namespace
,
presence:
true
validates
:name
,
uniqueness:
{
scope: :namespace_id
}
validates
:import_url
,
url:
{
protocols:
%w(http https ssh git)
,
validates
:import_url
,
url:
{
protocols:
->
(
project
)
{
project
.
persisted?
?
VALID_MIRROR_PROTOCOLS
:
VALID_IMPORT_PROTOCOLS
},
ports:
->
(
project
)
{
project
.
persisted?
?
VALID_MIRROR_PORTS
:
VALID_IMPORT_PORTS
},
allow_localhost:
false
,
enforce_user:
true
,
ports:
VALID_IMPORT_PORTS
},
if:
[
:external_import?
,
:import_url_changed?
]
enforce_user:
true
},
if:
[
:external_import?
,
:import_url_changed?
]
validates
:star_count
,
numericality:
{
greater_than_or_equal_to:
0
}
validate
:check_limit
,
on: :create
validate
:check_repository_path_availability
,
on: :update
,
if:
->
(
project
)
{
project
.
renamed?
}
...
...
This diff is collapsed.
Click to expand it.
changelogs/unreleased/da-fix-does-not-import-projects-over-ssh.yml
0 → 100644
View file @
2e75e93c
---
title
:
Does not allow a SSH URI when importing new projects
merge_request
:
22309
author
:
type
:
fixed
This diff is collapsed.
Click to expand it.
spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
View file @
2e75e93c
...
...
@@ -11,7 +11,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do
owner:
"asd"
,
full_name:
'Vim repo'
,
visibility_level:
Gitlab
::
VisibilityLevel
::
PRIVATE
,
clone_url:
'
ssh://git@
bitbucket.org/asd/vim.git'
,
clone_url:
'
http://
bitbucket.org/asd/vim.git'
,
has_wiki?:
false
)
end
...
...
@@ -32,7 +32,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do
project_creator
=
described_class
.
new
(
repo
,
'vim'
,
namespace
,
user
,
access_params
)
project
=
project_creator
.
execute
expect
(
project
.
import_url
).
to
eq
(
"
ssh://git@
bitbucket.org/asd/vim.git"
)
expect
(
project
.
import_url
).
to
eq
(
"
http://
bitbucket.org/asd/vim.git"
)
expect
(
project
.
visibility_level
).
to
eq
(
Gitlab
::
VisibilityLevel
::
PRIVATE
)
end
end
This diff is collapsed.
Click to expand it.
spec/models/project_spec.rb
View file @
2e75e93c
...
...
@@ -229,54 +229,75 @@ describe Project do
end
it
'does not allow an invalid URI as import_url'
do
project
2
=
build
(
:project
,
import_url:
'invalid://'
)
project
=
build
(
:project
,
import_url:
'invalid://'
)
expect
(
project2
).
not_to
be_valid
expect
(
project
).
not_to
be_valid
end
it
'does allow a SSH URI as import_url for persisted projects'
do
project
=
create
(
:project
)
project
.
import_url
=
'ssh://test@gitlab.com/project.git'
expect
(
project
).
to
be_valid
end
it
'does not allow a SSH URI as import_url for new projects'
do
project
=
build
(
:project
,
import_url:
'ssh://test@gitlab.com/project.git'
)
expect
(
project
).
not_to
be_valid
end
it
'does allow a valid URI as import_url'
do
project
2
=
build
(
:project
,
import_url:
'ssh://test@
gitlab.com/project.git'
)
project
=
build
(
:project
,
import_url:
'http://
gitlab.com/project.git'
)
expect
(
project
2
).
to
be_valid
expect
(
project
).
to
be_valid
end
it
'allows an empty URI'
do
project
2
=
build
(
:project
,
import_url:
''
)
project
=
build
(
:project
,
import_url:
''
)
expect
(
project
2
).
to
be_valid
expect
(
project
).
to
be_valid
end
it
'does not produce import data on an empty URI'
do
project
2
=
build
(
:project
,
import_url:
''
)
project
=
build
(
:project
,
import_url:
''
)
expect
(
project
2
.
import_data
).
to
be_nil
expect
(
project
.
import_data
).
to
be_nil
end
it
'does not produce import data on an invalid URI'
do
project
2
=
build
(
:project
,
import_url:
'test://'
)
project
=
build
(
:project
,
import_url:
'test://'
)
expect
(
project
2
.
import_data
).
to
be_nil
expect
(
project
.
import_data
).
to
be_nil
end
it
"does not allow import_url pointing to localhost"
do
project2
=
build
(
:project
,
import_url:
'http://localhost:9000/t.git'
)
project
=
build
(
:project
,
import_url:
'http://localhost:9000/t.git'
)
expect
(
project
).
to
be_invalid
expect
(
project
.
errors
[
:import_url
].
first
).
to
include
(
'Requests to localhost are not allowed'
)
end
it
"does not allow import_url with invalid ports for new projects"
do
project
=
build
(
:project
,
import_url:
'http://github.com:25/t.git'
)
expect
(
project
2
).
to
be_invalid
expect
(
project
2
.
errors
[
:import_url
].
first
).
to
include
(
'Requests to localhost are not allowed
'
)
expect
(
project
).
to
be_invalid
expect
(
project
.
errors
[
:import_url
].
first
).
to
include
(
'Only allowed ports are 80, 443
'
)
end
it
"does not allow import_url with invalid ports"
do
project2
=
build
(
:project
,
import_url:
'http://github.com:25/t.git'
)
it
"does not allow import_url with invalid ports for persisted projects"
do
project
=
create
(
:project
)
project
.
import_url
=
'http://github.com:25/t.git'
expect
(
project
2
).
to
be_invalid
expect
(
project
2
.
errors
[
:import_url
].
first
).
to
include
(
'Only allowed ports are 22, 80, 443'
)
expect
(
project
).
to
be_invalid
expect
(
project
.
errors
[
:import_url
].
first
).
to
include
(
'Only allowed ports are 22, 80, 443'
)
end
it
"does not allow import_url with invalid user"
do
project
2
=
build
(
:project
,
import_url:
'http://$user:password@github.com/t.git'
)
project
=
build
(
:project
,
import_url:
'http://$user:password@github.com/t.git'
)
expect
(
project
2
).
to
be_invalid
expect
(
project
2
.
errors
[
:import_url
].
first
).
to
include
(
'Username needs to start with an alphanumeric character'
)
expect
(
project
).
to
be_invalid
expect
(
project
.
errors
[
:import_url
].
first
).
to
include
(
'Username needs to start with an alphanumeric character'
)
end
describe
'project pending deletion'
do
...
...
This diff is collapsed.
Click to expand it.
spec/services/projects/import_service_spec.rb
View file @
2e75e93c
...
...
@@ -235,7 +235,7 @@ describe Projects::ImportService do
result
=
described_class
.
new
(
project
,
user
).
execute
expect
(
result
[
:status
]).
to
eq
:error
expect
(
result
[
:message
]).
to
include
(
'Only allowed ports are
22,
80, 443'
)
expect
(
result
[
:message
]).
to
include
(
'Only allowed ports are 80, 443'
)
end
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment