Does not allow an import_url with SSH protocol

parent 0602fcb6
...@@ -49,8 +49,11 @@ class Project < ActiveRecord::Base ...@@ -49,8 +49,11 @@ class Project < ActiveRecord::Base
attachments: 2 attachments: 2
}.freeze }.freeze
# Valids ports to import from VALID_IMPORT_PORTS = [80, 443].freeze
VALID_IMPORT_PORTS = [22, 80, 443].freeze VALID_IMPORT_PROTOCOLS = %w(http https git).freeze
VALID_MIRROR_PORTS = [22, 80, 443].freeze
VALID_MIRROR_PROTOCOLS = %w(http https ssh git).freeze
cache_markdown_field :description, pipeline: :description cache_markdown_field :description, pipeline: :description
...@@ -305,10 +308,10 @@ class Project < ActiveRecord::Base ...@@ -305,10 +308,10 @@ class Project < ActiveRecord::Base
validates :namespace, presence: true validates :namespace, presence: true
validates :name, uniqueness: { scope: :namespace_id } validates :name, uniqueness: { scope: :namespace_id }
validates :import_url, url: { protocols: %w(http https ssh git), validates :import_url, url: { protocols: ->(project) { project.persisted? ? VALID_MIRROR_PROTOCOLS : VALID_IMPORT_PROTOCOLS },
ports: ->(project) { project.persisted? ? VALID_MIRROR_PORTS : VALID_IMPORT_PORTS },
allow_localhost: false, allow_localhost: false,
enforce_user: true, enforce_user: true }, if: [:external_import?, :import_url_changed?]
ports: VALID_IMPORT_PORTS }, if: [:external_import?, :import_url_changed?]
validates :star_count, numericality: { greater_than_or_equal_to: 0 } validates :star_count, numericality: { greater_than_or_equal_to: 0 }
validate :check_limit, on: :create validate :check_limit, on: :create
validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? } validate :check_repository_path_availability, on: :update, if: ->(project) { project.renamed? }
......
---
title: Does not allow a SSH URI when importing new projects
merge_request: 22309
author:
type: fixed
...@@ -11,7 +11,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do ...@@ -11,7 +11,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do
owner: "asd", owner: "asd",
full_name: 'Vim repo', full_name: 'Vim repo',
visibility_level: Gitlab::VisibilityLevel::PRIVATE, visibility_level: Gitlab::VisibilityLevel::PRIVATE,
clone_url: 'ssh://git@bitbucket.org/asd/vim.git', clone_url: 'http://bitbucket.org/asd/vim.git',
has_wiki?: false) has_wiki?: false)
end end
...@@ -32,7 +32,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do ...@@ -32,7 +32,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do
project_creator = described_class.new(repo, 'vim', namespace, user, access_params) project_creator = described_class.new(repo, 'vim', namespace, user, access_params)
project = project_creator.execute project = project_creator.execute
expect(project.import_url).to eq("ssh://git@bitbucket.org/asd/vim.git") expect(project.import_url).to eq("http://bitbucket.org/asd/vim.git")
expect(project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE) expect(project.visibility_level).to eq(Gitlab::VisibilityLevel::PRIVATE)
end end
end end
...@@ -229,54 +229,75 @@ describe Project do ...@@ -229,54 +229,75 @@ describe Project do
end end
it 'does not allow an invalid URI as import_url' do it 'does not allow an invalid URI as import_url' do
project2 = build(:project, import_url: 'invalid://') project = build(:project, import_url: 'invalid://')
expect(project2).not_to be_valid expect(project).not_to be_valid
end
it 'does allow a SSH URI as import_url for persisted projects' do
project = create(:project)
project.import_url = 'ssh://test@gitlab.com/project.git'
expect(project).to be_valid
end
it 'does not allow a SSH URI as import_url for new projects' do
project = build(:project, import_url: 'ssh://test@gitlab.com/project.git')
expect(project).not_to be_valid
end end
it 'does allow a valid URI as import_url' do it 'does allow a valid URI as import_url' do
project2 = build(:project, import_url: 'ssh://test@gitlab.com/project.git') project = build(:project, import_url: 'http://gitlab.com/project.git')
expect(project2).to be_valid expect(project).to be_valid
end end
it 'allows an empty URI' do it 'allows an empty URI' do
project2 = build(:project, import_url: '') project = build(:project, import_url: '')
expect(project2).to be_valid expect(project).to be_valid
end end
it 'does not produce import data on an empty URI' do it 'does not produce import data on an empty URI' do
project2 = build(:project, import_url: '') project = build(:project, import_url: '')
expect(project2.import_data).to be_nil expect(project.import_data).to be_nil
end end
it 'does not produce import data on an invalid URI' do it 'does not produce import data on an invalid URI' do
project2 = build(:project, import_url: 'test://') project = build(:project, import_url: 'test://')
expect(project2.import_data).to be_nil expect(project.import_data).to be_nil
end end
it "does not allow import_url pointing to localhost" do it "does not allow import_url pointing to localhost" do
project2 = build(:project, import_url: 'http://localhost:9000/t.git') project = build(:project, import_url: 'http://localhost:9000/t.git')
expect(project).to be_invalid
expect(project.errors[:import_url].first).to include('Requests to localhost are not allowed')
end
it "does not allow import_url with invalid ports for new projects" do
project = build(:project, import_url: 'http://github.com:25/t.git')
expect(project2).to be_invalid expect(project).to be_invalid
expect(project2.errors[:import_url].first).to include('Requests to localhost are not allowed') expect(project.errors[:import_url].first).to include('Only allowed ports are 80, 443')
end end
it "does not allow import_url with invalid ports" do it "does not allow import_url with invalid ports for persisted projects" do
project2 = build(:project, import_url: 'http://github.com:25/t.git') project = create(:project)
project.import_url = 'http://github.com:25/t.git'
expect(project2).to be_invalid expect(project).to be_invalid
expect(project2.errors[:import_url].first).to include('Only allowed ports are 22, 80, 443') expect(project.errors[:import_url].first).to include('Only allowed ports are 22, 80, 443')
end end
it "does not allow import_url with invalid user" do it "does not allow import_url with invalid user" do
project2 = build(:project, import_url: 'http://$user:password@github.com/t.git') project = build(:project, import_url: 'http://$user:password@github.com/t.git')
expect(project2).to be_invalid expect(project).to be_invalid
expect(project2.errors[:import_url].first).to include('Username needs to start with an alphanumeric character') expect(project.errors[:import_url].first).to include('Username needs to start with an alphanumeric character')
end end
describe 'project pending deletion' do describe 'project pending deletion' do
......
...@@ -235,7 +235,7 @@ describe Projects::ImportService do ...@@ -235,7 +235,7 @@ describe Projects::ImportService do
result = described_class.new(project, user).execute result = described_class.new(project, user).execute
expect(result[:status]).to eq :error expect(result[:status]).to eq :error
expect(result[:message]).to include('Only allowed ports are 22, 80, 443') expect(result[:message]).to include('Only allowed ports are 80, 443')
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment