RubyGems - p4_web_api - Versions diffs - 2014.2.0.pre4 → 2014.2.0.pre5 - Mend

p4_web_api 2014.2.0.pre4 → 2014.2.0.pre5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/p4_web_api/app/files.rb +19 -7
data/lib/p4_web_api/change_helper.rb +4 -1
data/lib/p4_web_api/p4_util.rb +25 -0
data/lib/p4_web_api/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7928b3bca740696b9fb622b838ad6dfa0eb06857
-  data.tar.gz: abca39306fb28d24b7c986f19d11dcf041973904
+  metadata.gz: 7448a94ecf26d4514482e503978244ad96ae7b41
+  data.tar.gz: ccc6efa9cdbac3f0d7c3c1a0ddfd96ac8d83c4fc
 SHA512:
-  metadata.gz: 4f8f49dec8c3fcb072354ae86c4ce6e3f5ea46ece96c4a5052e8a24a7cf43499332374149dd8792302c5152026d2d908f20bac6ce4e1306025342a78c3207c21
-  data.tar.gz: b1f84f8cc8e6c1d192b769ca9066d415571349d3f182b49c492605e5c58b3b37511f9e5565dfb8ee584105014d3d1f0f30cdd73a65048b16e84ec4c46bdd6b36
+  metadata.gz: 30370200a5b0cd8bc25059088d453f61e75fe73f58e666fe9e51be0ead4538a14a0ce8e5a3c581ffc5576bcc5af620921775ad8046d03e7af757efd15877c320
+  data.tar.gz: e0f03da79600b959d7385a46086e94dab1b03a4b8e273476ad02bc5950306ea1a9f0ccc462955bb2615b5d9481520df028b2e80f2a83e9b85ede7a8248b8876d

data/lib/p4_web_api/app/files.rb CHANGED

@@ -12,14 +12,23 @@ module P4WebAPI
   class App < Sinatra::Base
     # Special depots only variant to match no path
     get '/v1/files' do
+      path = params['path']
       results = nil
-      open_p4 do |p4|
-        results = p4.run_depots
+      if path
+        open_p4 do |p4|
+          path = "//#{path}" unless path =~ %r{^//}
+          results = p4.run_files(path)
+        end
+        normalize_files(results) if settings.normalize_output
+      else
+        open_p4 do |p4|
+          results = p4.run_depots
+        end
+        normalize_depots(results) if settings.normalize_output
       end
-      normalize_depots(results) if settings.normalize_output
       results.to_json
     end
@@ -34,6 +43,8 @@ module P4WebAPI
     get '/v1/files/*' do
       dirs = params[:splat].select { |x| !x.empty? }
+      P4Util.assert_no_special_paths(dirs)
       results = nil
       open_p4 do |p4|
@@ -101,9 +112,10 @@ module P4WebAPI
       description = params['Description'] || 'Uploaded files'
       is_dir = params.key?('Files')
+      P4Util.assert_no_special_paths(path_parts)
       files = nil
       if is_dir
-        # TODO: 'clean' the directory path, avoiding refs like '...'
         dir_root = "//#{path_parts.join('/')}"
         files = params['Files'].map do |f|
@@ -113,7 +125,6 @@ module P4WebAPI
           }
         end
       else
-        # TODO: 'sanitize' this file path
         files = [
           {
             'DepotFile' => "//#{path_parts.join('/')}",
@@ -142,7 +153,8 @@ module P4WebAPI
       description = params['Description'] || 'Deleting file'
       path_parts = params[:splat].select { |x| !x.empty? }
-      # TODO: 'sanitize' this file path?
+      P4Util.assert_no_special_paths(path_parts)
       file_path = "//#{path_parts.join('/')}"
       open_p4_temp_client([file_path]) do |p4|

data/lib/p4_web_api/change_helper.rb CHANGED

@@ -1,5 +1,7 @@
 require 'base64'
+require_relative 'p4_util'
 module P4WebAPI
   # This class assists in creating changelists based on an array of file
   # changes, some of which may be file uploads.
@@ -86,7 +88,7 @@ module P4WebAPI
       end
       def exists?
-        !file_result.nil?
+        !file_result.nil? && file_result['action'] != 'delete'
       end
       #
@@ -104,6 +106,7 @@ module P4WebAPI
       end
       def upload_file(p4, change_id, client_root)
+        P4Util.assert_no_special_paths(@depot_file.split('/'))
         if exists?
           P4Util.mark_change('edit', p4, change_id, client_root, depot_file)
           P4Util.save_content(client_root, depot_file, content)

data/lib/p4_web_api/p4_util.rb CHANGED

@@ -59,6 +59,31 @@ module P4WebAPI
       fail P4WebAPI::P4Error.new(err.msgid, err.severity, err.to_s)
     end
+    # Assert that no relative directory or Perforce wildcard is in use for each
+    # string in the `paths` array.
+    def self.assert_no_special_paths(paths)
+      paths.each do |path|
+        if P4Util.wildcard?(path)
+          fail P4Error.default_error("The path '#{path}' contains a Perforce "\
+            'wildcard, which is not allowed')
+        end
+        if P4Util.relative_dir?(path)
+          fail P4Error.default_error("The path '#{path}' is a relative " \
+            'directory, which is not allowed')
+        end
+      end
+    end
+    # Returns true when `str` contains a Perforce wildcard
+    def self.wildcard?(str)
+      (str =~ /\.\.\./ || str =~ /\*/) != nil
+    end
+    # Returns true if str is '.' or '..'
+    def self.relative_dir?(str)
+      str == '.' || str == '..'
+    end
     # Returns true if the string looks like a Perforce authentication ticket.
     def self.p4_ticket?(str)
       /^[a-zA-Z0-9]{32,}$/.match(str) != nil

data/lib/p4_web_api/version.rb CHANGED

@@ -2,5 +2,5 @@
 # format, with a RubyGems-style suffix for 'prereleases'. Please use your branch
 # as the prerelease label.
 module P4WebAPI
-  VERSION = '2014.2.0.pre4'
+  VERSION = '2014.2.0.pre5'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: p4_web_api
 version: !ruby/object:Gem::Version
-  version: 2014.2.0.pre4
+  version: 2014.2.0.pre5
 platform: ruby
 authors:
 - Perforce Software, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-18 00:00:00.000000000 Z
+date: 2015-01-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler