debian-mirror-gitlab/lib/api/validations/validators/file_path.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

22 lines
655 B
Ruby
Raw Normal View History

2020-04-22 19:07:51 +05:30
# frozen_string_literal: true
module API
module Validations
module Validators
class FilePath < Grape::Validations::Base
def validate_param!(attr_name, params)
2020-10-24 23:57:45 +05:30
options = @option.is_a?(Hash) ? @option : {}
path_allowlist = options.fetch(:allowlist, [])
2020-04-22 19:07:51 +05:30
path = params[attr_name]
2022-05-07 20:08:51 +05:30
Gitlab::Utils.check_allowed_absolute_path_and_path_traversal!(path, path_allowlist)
2021-06-08 01:23:25 +05:30
rescue StandardError
2021-02-22 17:27:13 +05:30
raise Grape::Exceptions::Validation.new(
params: [@scope.full_name(attr_name)],
message: "should be a valid file path"
)
2020-04-22 19:07:51 +05:30
end
end
end
end
end