Geo route whitelisting is too optimistic

Review changes
Download
Patches
Plain diff

Brett Walker requested to merge 3274-geo-route-whitelisting into master Oct 30, 2017

Overview 5
Commits 6
Pipelines 7
Changes 3

What does this MR do?

Checks for the specific routes when whilelisting the lfs_route and grack_route by checking for a specific controller/action rather than a hardcoded path.

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Certain paths could have been incorrectly whitelisted. An example would be creating new file that ends in the path /info/lfs/objects/batch.

Screenshots (if relevant)

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
~~Documentation created/updated~~
~~API support added~~
Tests added for this feature/bug
Review
- Has been reviewed by UX
- Has been reviewed by Frontend
- Has been reviewed by Backend
- Has been reviewed by Database
Conform by the merge request performance guides
Conform by the style guides
Squashed related commits together

What are the relevant issue numbers?

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/3274

Edited Nov 02, 2017 by Brett Walker

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking