Validate object pool relative paths (!1900) · Merge requests · GitLab.org / gitaly

Sami Hiltunen requested to merge 2148-object-pool-path-validation into master Mar 10, 2020

Validates that object pool relative paths follow the expected directory structure and naming patterns. This prevents path traversal attacks where the caller could delete arbitrary files and directories on the host.

The diff contains the validation code itself plus some necessary changes to the test helpers to generate the test paths following the expected format of @pools/ab/ab/<abab...>.git and @hashed/ab/ab/<abab...>.git

Closes #2418

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Validate object pool relative paths

Merge request reports