Commit b5b4bdf2 authored by Vasilii Iakliushin's avatar Vasilii Iakliushin

Validate that reference exists for atom format

* Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/351520
* Sentry error: https://sentry.gitlab.net/gitlab/gitlabcom/issues/3152528

**Problem**

We don't verify if provided ref exists if it has `.atom` suffix

**Solution**

Return 404 page when ref is missing.

Changelog: fixed
parent ece5fea4
...@@ -16,6 +16,8 @@ module ExtractsPath ...@@ -16,6 +16,8 @@ module ExtractsPath
id_without_atom = id.sub(/\.atom$/, '') id_without_atom = id.sub(/\.atom$/, '')
valid_refs = ref_names.select { |v| "#{id_without_atom}/".start_with?("#{v}/") } valid_refs = ref_names.select { |v| "#{id_without_atom}/".start_with?("#{v}/") }
raise InvalidPathError if valid_refs.blank?
valid_refs.max_by(&:length) valid_refs.max_by(&:length)
end end
......
...@@ -151,6 +151,20 @@ RSpec.describe Projects::CommitsController do ...@@ -151,6 +151,20 @@ RSpec.describe Projects::CommitsController do
expect(response.media_type).to eq('text/html') expect(response.media_type).to eq('text/html')
end end
end end
context 'when the ref does not exist' do
before do
get(:show, params: {
namespace_id: project.namespace,
project_id: project,
id: 'unknown.atom'
})
end
it 'returns 404 page' do
expect(response).to be_not_found
end
end
end end
end end
......
...@@ -209,8 +209,8 @@ RSpec.describe ExtractsPath do ...@@ -209,8 +209,8 @@ RSpec.describe ExtractsPath do
expect(extract_ref_without_atom('release/app/v1.0.0.atom')).to eq('release/app/v1.0.0') expect(extract_ref_without_atom('release/app/v1.0.0.atom')).to eq('release/app/v1.0.0')
end end
it 'returns nil if there are no matching refs' do it 'raises an error if there are no matching refs' do
expect(extract_ref_without_atom('foo.atom')).to eq(nil) expect { extract_ref_without_atom('foo.atom') }.to raise_error(ExtractsRef::InvalidPathError)
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment