Validate content of alternates file (!1946) · Merge requests · GitLab.org / gitaly

Sami Hiltunen requested to merge 2421-alternates-file-inclusion into master Mar 19, 2020

Validates contents of alternates file. Fixes a vulnerability where an RPC caller could include arbitrary files in a repository snapshot if the caller managed to overwrite the alternates file via another vulnerability.

The MR contains few related changes such as shuffling some test helpers around to avoid dependency cycles. I've tried to keep the commits atomic, reviewing is likely easier going commit by commit. If necessary, I can split the changes in to separate MRs as well.

Closes #2421

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖

Validate content of alternates file

Merge request reports