The source project of this merge request has been removed.
Logs when potential path traversal attempt detected
What does this MR do and why?
Describe in detail what your merge request does and why.
This MR has addressed issue #255184 (closed). It added a warning log to application.log file when there is any path traversal detected.
I have tested this works on local dev.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
tail -f application.log
-
cd gitlab bundle exec rails console
Loading development environment (Rails 6.1.4.6)
[1] pry(main)> Gitlab::Utils.check_path_traversal!('..')
-
check application.log,
2022-02-22T06:40:40.178Z: {:message=>"Invalid path detected!", :path=>".."}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by nobody