Follow-up from "Add BuildReportResult data model"
The following discussions from !32991 (merged) should be addressed:
-
@ahegyi started a discussion: (+2 comments) Can we introduce some kind of convention for the
filenameto avoid path traversal?Idea 1: Keep the
filenamesin a constant and always check against it.SCHEMAS = { "build_report_result_data": "build_report_result_data.json" # we could also include the full path to support EE schemas at some point. } # .... Rails.root.join('app', 'validators', 'json_schemas', "#{SCHEMAS.fetch(options[:filename])}").to_sIdea 2: filename should match the regex
[a-z0-9-] -
@ayufan started a discussion: @iamricecake @morefice Can we open additional MR that uses the same json schema validation for Daily Build Report?
Edited by Max Orefice