Raise if path isn't a string
What does this MR do and why?
Related to https://gitlab.com/gitlab-org/gitlab/-/issues/371994
Kicking off a quick MR to see if specs fail. I will clean it up with specs depending on how much stuff breaks (if at all!)
Screenshots or screen recordings
N/A
How to set up and validate locally
From the rails console
[1] pry(main)> attack = [ ".." , "..", "..", "..", "..", "..", "..", "..", "..", "..", "etc", "passwd"]
=> ["..", "..", "..", "..", "..", "..", "..", "..", "..", "..", "etc", "passwd"]
[2] pry(main)> Gitlab::Utils.check_path_traversal! attack
Gitlab::Utils::PathTraversalAttackError: Invalid path
from /home/dcouture/gdk/canonical/gitlab/lib/gitlab/utils.rb:20:in `check_path_traversal!'
Previously this did not raise
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Dominic Couture