cruisecontrol.rb icon indicating copy to clipboard operation
cruisecontrol.rb copied to clipboard

Published 20 hours ago verified publisher icon thoughtworks

Project creation UI workflow requires validation

Open owenbyrne opened this issue 13 years ago • 2 comments

The project creation workflow through the UI (Add Project view etc.) requires validation as it's currently possible to rm -rf the ~/.cruise/projects directory by adding a blank project.

To reproduce: 1 - Add Project view 2 - Click create

Params should look like:

     "project"=>{"name"=>"",
     "source_control"=>{"repository"=>"",
     "source_control"=>"Git"}}}

SourceControl.create checks for nil instead of blank, so no exception is raised. raise ArgumentError, "options should include repository" unless scm_options[:repository]

Project.create catches an exception trying to checkout a local copy, given there's no project name it rm -rf the project directory in the rescue.

```FileUtils.rm_rf "#{dir}/#{project.name}"````

owenbyrne avatar Nov 09 '11 03:11 owenbyrne

This is definitely alarming; thanks for the report. Taking a look now.

bguthrie avatar Nov 13 '11 09:11 bguthrie

Thanks @eightbitraptor for posting the link to the fix . @bguthrie : Why is this fix not yet taken ? It's a very serious issue , in my opinion .

emilsoman avatar Sep 27 '12 10:09 emilsoman