Escape the query argument provided to `git grep` by `search_files`

Closes #14963.

Escape the query argument provided to `git grep` by `search_files`
Closes #14963.
5ffa8f05 · Robert Speicher · 600b94cd · 5ffa8f05 · 5ffa8f05
Commit 5ffa8f05 authored Apr 09, 2016 by Robert Speicher
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 1 deletion

app/models/repository.rb app/models/repository.rb +1 -1

spec/models/repository_spec.rb spec/models/repository_spec.rb +6 -0

No files found.
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -795,7 +795,7 @@ class Repository
  def search_files(query, ref)
    offset = 2
-    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{query} #{ref || root_ref})
+    args = %W(#{Gitlab.config.git.bin_path} grep -i -I -n --before-context #{offset} --after-context #{offset} -e #{Regexp.escape(query)} #{ref || root_ref})
    Gitlab::Popen.popen(args, path_to_repo).first.scrub.split(/^--$/)
  end

--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -94,6 +94,12 @@ describe Repository, models: true do
    it { is_expected.to be_an Array }
+    it 'regex-escapes the query string' do
+      results = repository.search_files("test\\", 'master')
+      expect(results.first).not_to start_with('fatal:')
+    end
    describe 'result' do
      subject { results.first }