安全RCE之未授权访问分析(3)

u.route("GET", gitProjectPattern `info/refsz`, git.GetInfoRefsHandler(api)),u.route("POST", gitProjectPattern `git-upload-packz`, contentEncodingHandler(git.UploadPack(api)), withMatcher(isContentType("application/x-git-upload-pack-request"))),u.route("POST", gitProjectPattern `git-receive-packz`, contentEncodingHandler(git.ReceivePack(api)), withMatcher(isContentType("application/x-git-receive-pack-request"))),u.route("PUT", gitProjectPattern `gitlab-lfs/objects/([0-9a-f]{64})/([0-9] )z`, lfs.PutStore(api, signingProxy, preparers.lfs), withMatcher(isContentType("application/octet-stream")))
workhorse 能修改发送给 Rails 组件之前的请求信息。例如：当处理 Git LFS 上传时，workhorse 首先向 Rails 组件询问当前用户是否有执行权限，然后它将请求体储存在一个临时文件里，接着它将修改过后的包含此临时文件路径的请求体发送给 Rails 组件。
workhorse 能管理与 Rails 组件通信的长时间存活的websocket连接，代码如下：
// Terminal websocket u.wsRoute(projectPattern `-/environments/[0-9] /terminal.wsz`, channel.Handler(api)), u.wsRoute(projectPattern `-/jobs/[0-9] /terminal.wsz`, channel.Handler(api)),
使用ps -aux | grep "workhorse"命令可以看到gitlab-workhorse的默认启动参数