Geo route whitelisting is too optimistic
What does this MR do?
Checks for the specific routes when whilelisting the lfs_route
and grack_route
by checking for a specific controller/action rather than a hardcoded path.
Are there points in the code the reviewer needs to double check?
Why was this MR needed?
Certain paths could have been incorrectly whitelisted. An example would be creating new file that ends in the path /info/lfs/objects/batch
.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together
What are the relevant issue numbers?
Edited by Brett Walker