Repositories#Archive returns 500 with invalid URLs
Summary
When trying to download a repositories archive, if you add extra characters to the end of the URL or do not include the .zip
or other formats, you receive a 500 instead of a 404.
Steps to reproduce
- Navigate to a project (IE:
https://gitlab.com/gitlab-org/gitlab
) - Append the URL with
/-/archive/master/gitlab-master.zip''
or/-/archive/master/gitlab-master
Note the correct URL would be https://gitlab.com/gitlab-org/gitlab/-/archive/master/gitlab-master.zip
which works.
What is the current bug behavior?
URLs with invalid formats return a 500 instead of a 404.
What is the expected correct behavior?
Users should receive a 404.
Results of GitLab application Check
This happens on GitLab.com
Possible fixes
While the URL itself returns a 500, the 500 is coming from workhorse. Rails actually finds the best guess (last commit) and returns a 200, but workhorse is then delegated to handle the response. Workhorse returns an "Invalid format" error, but that is not captured anywhere and it happens after the request has already been "handled." It may be best to return 404 for any requests to this endpoint (in Rails) that do not match the path regex (/(zip|tar|tar\.gz|tgz|gz|tar\.bz2|tbz|tbz2|tb2|bz2)/
).