Skip to content

Fix git clone for projects with a trailing dot over HTTP

What does this MR do?

Projects with a trailing dot do not match the constraint applied on the repository_path for Git HTTP routes here, raising a route not found for these projects. This also breaks the Geo replication for these projects, since Geo sync repositories over HTTP(S).

Since we allow project paths to end with a dot, this MR changes the Gitlab::PathRegex.repository_route_regex, Gitlab::PathRegex.repository_git_route_regex, and Gitlab::PathRegex.repository_wiki_git_route_regex to match these projects.

  • Before:
❯ git clone http://gdk.test:3000/root/example..git
Cloning into 'example.'...
fatal: unable to update url base from redirection:
  asked for: http://gdk.test:3000/root/example..git/info/refs?service=git-upload-pack
   redirect: http://gdk.test:3000/users/sign_in
❯ git clone http://gdk.test:3000/root/foo1_.............git
Cloning into 'foo1_............'...
fatal: unable to update url base from redirection:
  asked for: http://gdk.test:3000/root/foo1_.............git/info/refs?service=git-upload-pack
   redirect: http://gdk.test:3000/users/sign_in
  • After:
❯ git clone http://gdk.test:3000/root/example..git
Cloning into 'example.'...
remote: Enumerating objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 3
Receiving objects: 100% (3/3), done.
❯ git clone http://gdk.test:3000/root/foo1_............git
Cloning into 'foo1_...........'...
warning: You appear to have cloned an empty repository.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related issues

Related to #334866 (closed)

Edited by Douglas Barbosa Alexandre

Merge request reports

Loading