47 lines
1.5 KiB
Ruby
47 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Packages
|
|
module Debian
|
|
class FileEntry
|
|
include ActiveModel::Model
|
|
include ::Packages::FIPS
|
|
|
|
DIGESTS = %i[md5 sha1 sha256].freeze
|
|
FILENAME_REGEX = %r{\A[a-zA-Z0-9][a-zA-Z0-9_.~+-]*\z}.freeze
|
|
|
|
attr_accessor :filename,
|
|
:size,
|
|
:md5sum,
|
|
:section,
|
|
:priority,
|
|
:sha1sum,
|
|
:sha256sum,
|
|
:package_file
|
|
|
|
validates :filename, :size, :md5sum, :section, :priority, :sha1sum, :sha256sum, :package_file, presence: true
|
|
validates :filename, format: { with: FILENAME_REGEX }
|
|
validate :valid_package_file_digests, if: -> { md5sum.present? && sha1sum.present? && sha256sum.present? && package_file.present? }
|
|
|
|
def component
|
|
return 'main' if section.blank?
|
|
return 'main' unless section.include?('/')
|
|
|
|
section.split('/')[0]
|
|
end
|
|
|
|
private
|
|
|
|
def valid_package_file_digests
|
|
raise DisabledError, 'Debian registry is not FIPS compliant' if Gitlab::FIPS.enabled?
|
|
|
|
DIGESTS.each do |digest|
|
|
package_file_digest = package_file["file_#{digest}"]
|
|
sum = public_send("#{digest}sum") # rubocop:disable GitlabSecurity/PublicSend
|
|
next if package_file_digest == sum
|
|
|
|
errors.add("#{digest}sum".to_sym, "mismatch for #{filename}: #{package_file_digest} != #{sum}")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|