Guard against empty filenames for job artifacts (!165212) · Merge requests · GitLab.org / GitLab

Sam Figueroa requested to merge sf/bugfix/artifact-download-audit-480694 into master Sep 05, 2024

What does this MR do and why?

Guard against empty filenames for job artifacts

In some cases the file might not exist. def present_carrierwave_file! guards for this with a not_found! In those cases we can skip the audit of the attempted download since the user will receive a 404.
Refs: #480694
Fixes: #438129

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Trigger a job that produces artifacts
Attempt to download the artifact in the UI or via API curl --location --header "PRIVATE-TOKEN: XXXXXXX" "https://localhost:3000/api/v4/projects/<PROJID>/jobs/artifacts/<ARTIFACT>/download
Should not return 500
View audits

Edited Sep 09, 2024 by Sam Figueroa

Guard against empty filenames for job artifacts

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports