Skip to content

G
gitlab-ce
Commit dfe0f9ee authored by Douwe Maan's avatar Douwe Maan
Browse files
Options

Use more specific regexes.

parent 3f7531d6
Show whitespace changes
Inline Side-by-side
Showing with 48 additions and 44 deletions
app/models/namespace.rb
View file @ dfe0f9ee
...@@ -24,8 +24,8 @@ class Namespace < ActiveRecord::Base ...@@ -24,8 +24,8 @@ class Namespace < ActiveRecord::Base
validates :name, validates :name,
presence: true, uniqueness: true, presence: true, uniqueness: true,
length: { within: 0..255 }, length: { within: 0..255 },
format: { with: Gitlab::Regex.name_regex, format: { with: Gitlab::Regex.namespace_name_regex,
message: Gitlab::Regex.name_regex_message } message: Gitlab::Regex.namespace_name_regex_message }
validates :description, length: { within: 0..255 } validates :description, length: { within: 0..255 }
validates :path, validates :path,
...@@ -33,8 +33,8 @@ class Namespace < ActiveRecord::Base ...@@ -33,8 +33,8 @@ class Namespace < ActiveRecord::Base
presence: true, presence: true,
length: { within: 1..255 }, length: { within: 1..255 },
exclusion: { in: Gitlab::Blacklist.path }, exclusion: { in: Gitlab::Blacklist.path },
format: { with: Gitlab::Regex.path_regex, format: { with: Gitlab::Regex.namespace_regex,
message: Gitlab::Regex.path_regex_message } message: Gitlab::Regex.namespace_regex_message }
delegate :name, to: :owner, allow_nil: true, prefix: true delegate :name, to: :owner, allow_nil: true, prefix: true
......
app/models/project.rb
View file @ dfe0f9ee
...@@ -124,12 +124,12 @@ class Project < ActiveRecord::Base ...@@ -124,12 +124,12 @@ class Project < ActiveRecord::Base
presence: true, presence: true,
length: { within: 0..255 }, length: { within: 0..255 },
format: { with: Gitlab::Regex.project_name_regex, format: { with: Gitlab::Regex.project_name_regex,
message: Gitlab::Regex.project_regex_message } message: Gitlab::Regex.project_name_regex_message }
validates :path, validates :path,
presence: true, presence: true,
length: { within: 0..255 }, length: { within: 0..255 },
format: { with: Gitlab::Regex.path_regex, format: { with: Gitlab::Regex.project_path_regex,
message: Gitlab::Regex.path_regex_message } message: Gitlab::Regex.project_path_regex_message }
validates :issues_enabled, :merge_requests_enabled, validates :issues_enabled, :merge_requests_enabled,
:wiki_enabled, inclusion: { in: [true, false] } :wiki_enabled, inclusion: { in: [true, false] }
validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true validates :issues_tracker_id, length: { maximum: 255 }, allow_blank: true
......
app/models/snippet.rb
View file @ dfe0f9ee
...@@ -33,8 +33,8 @@ class Snippet < ActiveRecord::Base ...@@ -33,8 +33,8 @@ class Snippet < ActiveRecord::Base
validates :file_name, validates :file_name,
presence: true, presence: true,
length: { within: 0..255 }, length: { within: 0..255 },
format: { with: Gitlab::Regex.path_regex, format: { with: Gitlab::Regex.file_name_regex,
message: Gitlab::Regex.path_regex_message } message: Gitlab::Regex.file_name_regex_message }
validates :content, presence: true validates :content, presence: true
validates :visibility_level, inclusion: { in: Gitlab::VisibilityLevel.values } validates :visibility_level, inclusion: { in: Gitlab::VisibilityLevel.values }
......
app/models/user.rb
View file @ dfe0f9ee
...@@ -129,8 +129,8 @@ class User < ActiveRecord::Base ...@@ -129,8 +129,8 @@ class User < ActiveRecord::Base
presence: true, presence: true,
uniqueness: { case_sensitive: false }, uniqueness: { case_sensitive: false },
exclusion: { in: Gitlab::Blacklist.path }, exclusion: { in: Gitlab::Blacklist.path },
format: { with: Gitlab::Regex.username_regex, format: { with: Gitlab::Regex.namespace_regex,
message: Gitlab::Regex.username_regex_message } message: Gitlab::Regex.namespace_regex_message }
validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true
validate :namespace_uniq, if: ->(user) { user.username_changed? } validate :namespace_uniq, if: ->(user) { user.username_changed? }
......
app/services/files/create_service.rb
View file @ dfe0f9ee
...@@ -12,10 +12,10 @@ module Files ...@@ -12,10 +12,10 @@ module Files
file_name = File.basename(path) file_name = File.basename(path)
file_path = path file_path = path
unless file_name =~ Gitlab::Regex.path_regex unless file_name =~ Gitlab::Regex.file_name_regex
return error( return error(
'Your changes could not be committed, because the file name ' + 'Your changes could not be committed, because the file name ' +
Gitlab::Regex.path_regex_message Gitlab::Regex.file_name_regex_message
) )
end end
......
lib/gitlab/regex.rb
View file @ dfe0f9ee
...@@ -2,49 +2,64 @@ module Gitlab ...@@ -2,49 +2,64 @@ module Gitlab
module Regex module Regex
extend self extend self
def username_regex def namespace_regex
default_regex @namespace_regex ||= /\A[a-zA-Z0-9_.][a-zA-Z0-9_\-\.]*(?<!\.git)\z/.freeze
end end
def username_regex_message def namespace_regex_message
default_regex_message "can contain only letters, digits, '_', '-' and '.'. " \
"Cannot start with '-' or end in '.git'" \
end
def namespace_name_regex
@namespace_name_regex ||= /\A[a-zA-Z0-9_\-\. ]*\z/.freeze
end end
def namespace_name_regex_message
"can contain only letters, digits, '_', '-', '.' and space."
end
def project_name_regex def project_name_regex
/\A[a-zA-Z0-9_.][a-zA-Z0-9_\-\. ]*\z/ @project_name_regex ||= /\A[a-zA-Z0-9_.][a-zA-Z0-9_\-\. ]*\z/.freeze
end end
def project_regex_message def project_name_regex_message
"can contain only letters, digits, '_', '-' and '.' and space. " \ "can contain only letters, digits, '_', '-', '.' and space. " \
"It must start with letter, digit or '_'." "It must start with letter, digit or '_'."
end end
def name_regex
/\A[a-zA-Z0-9_\-\. ]*\z/ def project_path_regex
@project_path_regex ||= /\A[a-zA-Z0-9_.][a-zA-Z0-9_\-\.]*(?<!\.git)\z/.freeze
end end
def name_regex_message def project_path_regex_message
"can contain only letters, digits, '_', '-' and '.' and space." "can contain only letters, digits, '_', '-' and '.'. " \
"Cannot start with '-' or end in '.git'" \
end end
def path_regex
default_regex def file_name_regex
@file_name_regex ||= /\A[a-zA-Z0-9_\-\.]*\z/.freeze
end end
def path_regex_message def file_name_regex_message
default_regex_message "can contain only letters, digits, '_', '-' and '.'. "
end end
def archive_formats_regex def archive_formats_regex
#|zip|tar| tar.gz | tar.bz2 | # |zip|tar| tar.gz | tar.bz2 |
/(zip|tar|tar\.gz|tgz|gz|tar\.bz2|tbz|tbz2|tb2|bz2)/ @archive_formats_regex ||= /(zip|tar|tar\.gz|tgz|gz|tar\.bz2|tbz|tbz2|tb2|bz2)/.freeze
end end
def git_reference_regex def git_reference_regex
# Valid git ref regex, see: # Valid git ref regex, see:
# https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html # https://www.kernel.org/pub/software/scm/git/docs/git-check-ref-format.html
%r{ @git_reference_regex ||= %r{
(?! (?!
(?# doesn't begins with) (?# doesn't begins with)
\/| (?# rule #6) \/| (?# rule #6)
...@@ -60,18 +75,7 @@ module Gitlab ...@@ -60,18 +75,7 @@ module Gitlab
(?# doesn't end with) (?# doesn't end with)
(?<!\.lock) (?# rule #1) (?<!\.lock) (?# rule #1)
(?<![\/.]) (?# rule #6-7) (?<![\/.]) (?# rule #6-7)
}x }x.freeze
end
protected
def default_regex_message
"can contain only letters, digits, '_', '-' and '.'. " \
"Cannot start with '-' or end in '.git'" \
end
def default_regex
/\A[a-zA-Z0-9_.][a-zA-Z0-9_\-\.]*(?<!\.git)\z/
end end
end end
end end
spec/requests/api/projects_spec.rb
View file @ dfe0f9ee
...@@ -247,7 +247,7 @@ describe API::API, api: true do ...@@ -247,7 +247,7 @@ describe API::API, api: true do
expect(json_response['message']['name']).to eq([ expect(json_response['message']['name']).to eq([
'can\'t be blank', 'can\'t be blank',
'is too short (minimum is 0 characters)', 'is too short (minimum is 0 characters)',
Gitlab::Regex.project_regex_message Gitlab::Regex.project_name_regex_message
]) ])
expect(json_response['message']['path']).to eq([ expect(json_response['message']['path']).to eq([
'can\'t be blank', 'can\'t be blank',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7