• Kamil Trzciński's avatar
    Extract GitLab Pages using RubyZip · 66744469
    Kamil Trzciński authored
    RubyZip allows us to perform strong validation of
    expanded paths where we do extract file.
    
    We introduce the following additional checks
    to extract routines:
    
    1. None of path components can be symlinked,
    2. We drop privileges support for directories,
    3. Symlink source needs to point within the target directory,
       like `public/`,
    4. The symlink source needs to exist ahead of time.
    66744469
extract_params.rb 823 Bytes