root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
112,909 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

340 Commits

Author SHA1 Message Date
GitLab Bot 888bb81daa Add latest changes from gitlab-org/gitlab@master 2021-07-02 18:08:28 +00:00
GitLab Bot 97eb4a0095 Add latest changes from gitlab-org/gitlab@master 2021-06-29 21:07:38 +00:00
GitLab Bot b49ebeb658 Add latest changes from gitlab-org/gitlab@master 2021-06-06 00:10:09 +00:00
GitLab Bot 84d72a5660 Add latest changes from gitlab-org/gitlab@master 2021-05-26 21:10:49 +00:00
GitLab Bot a32e60a7ea Add latest changes from gitlab-org/gitlab@master 2021-05-20 12:10:26 +00:00
GitLab Bot 0ae8428c8e Add latest changes from gitlab-org/gitlab@master 2021-05-11 21:10:21 +00:00
GitLab Bot 415153114a Add latest changes from gitlab-org/gitlab@master 2021-05-05 00:10:41 +00:00
GitLab Bot 24f8aa38dc Add latest changes from gitlab-org/gitlab@master 2021-05-04 18:10:03 +00:00
GitLab Bot be4b3134a2 Add latest changes from gitlab-org/gitlab@master 2021-05-04 15:10:36 +00:00
GitLab Bot 7e1e45d40a Add latest changes from gitlab-org/gitlab@master 2021-04-23 15:09:37 +00:00
GitLab Bot 08c975cb5d Add latest changes from gitlab-org/gitlab@master 2021-04-12 03:09:13 +00:00
GitLab Bot f986ce9ffa Add latest changes from gitlab-org/gitlab@master 2021-03-23 18:09:05 +00:00
GitLab Bot 67cdffe4de Add latest changes from gitlab-org/gitlab@master 2021-03-16 09:11:17 +00:00
GitLab Bot 9c0f4306f6 Add latest changes from gitlab-org/gitlab@master 2021-03-11 15:09:10 +00:00
GitLab Bot 232e7582b0 Add latest changes from gitlab-org/gitlab@master 2021-02-22 15:10:48 +00:00
GitLab Bot fca2dd4d55 Add latest changes from gitlab-org/gitlab@master 2021-02-18 18:10:41 +00:00
GitLab Bot 38c3d32553 Add latest changes from gitlab-org/gitlab@master 2021-02-17 03:08:59 +00:00
GitLab Bot ff89c3c372 Add latest changes from gitlab-org/gitlab@master 2021-01-26 15:08:58 +00:00
GitLab Bot ef8c47e97e Add latest changes from gitlab-org/gitlab@master 2021-01-20 15:10:29 +00:00
GitLab Bot f23a9a17ed Add latest changes from gitlab-org/gitlab@master 2021-01-18 12:10:41 +00:00
GitLab Bot fd320d0858 Add latest changes from gitlab-org/gitlab@master 2021-01-07 21:10:18 +00:00
GitLab Bot 020afca749 Add latest changes from gitlab-org/gitlab@master 2020-12-21 06:10:03 +00:00
GitLab Bot 5a2284f350 Add latest changes from gitlab-org/gitlab@master 2020-12-16 12:09:53 +00:00
GitLab Bot 03d56c8af0 Add latest changes from gitlab-org/gitlab@master 2020-12-09 21:09:43 +00:00
GitLab Bot 3a966afb3e Add latest changes from gitlab-org/gitlab@master 2020-12-07 21:10:08 +00:00
GitLab Bot f276d29487 Add latest changes from gitlab-org/gitlab@master 2020-12-07 15:09:49 +00:00
GitLab Bot bbd9e2c915 Add latest changes from gitlab-org/gitlab@master 2020-12-03 15:09:46 +00:00
GitLab Bot 33827e3a53 Add latest changes from gitlab-org/gitlab@master 2020-11-23 15:09:37 +00:00
GitLab Bot edd183a633 Add latest changes from gitlab-org/gitlab@master 2020-10-22 12:08:41 +00:00
GitLab Bot c2fcfe515f Add latest changes from gitlab-org/gitlab@master 2020-10-13 00:08:42 +00:00
GitLab Bot 0b4bb101ea Add latest changes from gitlab-org/gitlab@master 2020-10-01 18:10:20 +00:00
GitLab Bot 418c3b2900 Add latest changes from gitlab-org/gitlab@master 2020-09-30 09:10:11 +00:00
GitLab Bot a17eb314cf Add latest changes from gitlab-org/gitlab@master 2020-09-24 15:09:51 +00:00
GitLab Bot 28811a419e Add latest changes from gitlab-org/gitlab@master 2020-09-17 00:09:34 +00:00
GitLab Bot 692f4b734f Add latest changes from gitlab-org/gitlab@master 2020-09-03 21:08:18 +00:00
GitLab Bot fb10c412ec Add latest changes from gitlab-org/gitlab@master 2020-08-20 06:10:17 +00:00
GitLab Bot 89eff770d2 Add latest changes from gitlab-org/gitlab@master 2020-08-18 09:10:05 +00:00
GitLab Bot 968e01a6dd Add latest changes from gitlab-org/gitlab@master 2020-08-14 00:10:28 +00:00
GitLab Bot 3825437c53 Add latest changes from gitlab-org/gitlab@master 2020-08-13 21:10:04 +00:00
GitLab Bot ad9eb72915 Add latest changes from gitlab-org/gitlab@master 2020-08-05 21:09:40 +00:00
GitLab Bot 19c226e242 Add latest changes from gitlab-org/gitlab@master 2020-07-24 15:09:39 +00:00
GitLab Bot d5cf5cf4f7 Add latest changes from gitlab-org/gitlab@master 2020-07-17 00:09:37 +00:00
GitLab Bot fbf952e174 Add latest changes from gitlab-org/gitlab@master 2020-07-06 03:09:07 +00:00
GitLab Bot fe25c98fa8 Add latest changes from gitlab-org/gitlab@master 2020-07-01 21:08:51 +00:00
GitLab Bot 4584816f15 Add latest changes from gitlab-org/gitlab@master 2020-06-22 00:08:57 +00:00
GitLab Bot 12866a3931 Add latest changes from gitlab-org/gitlab@master 2020-06-19 09:08:35 +00:00
GitLab Bot b9f288cdfa Add latest changes from gitlab-org/gitlab@master 2020-06-19 00:09:12 +00:00
GitLab Bot 963838b90c Add latest changes from gitlab-org/gitlab@master 2020-06-05 09:08:05 +00:00
GitLab Bot 2164573e45 Add latest changes from gitlab-org/gitlab@master 2020-06-02 21:08:00 +00:00
GitLab Bot f0da8353ce Add latest changes from gitlab-org/gitlab@master 2020-05-30 06:08:31 +00:00
GitLab Bot d8b32df644 Add latest changes from gitlab-org/gitlab@master 2020-05-29 21:08:35 +00:00
GitLab Bot bc692af988 Add latest changes from gitlab-org/gitlab@master 2020-05-09 00:09:39 +00:00
GitLab Bot 2711c26bea Add latest changes from gitlab-org/gitlab@master 2020-03-24 00:09:24 +00:00
GitLab Bot 2fd92f2dc7 Add latest changes from gitlab-org/gitlab@master 2020-03-04 21:07:54 +00:00
GitLab Bot 2b3bfe8fc5 Add latest changes from gitlab-org/gitlab@master 2020-01-08 00:07:43 +00:00
GitLab Bot 170f0bdcde Add latest changes from gitlab-org/gitlab@master 2019-10-21 21:06:14 +00:00
GitLab Bot a712542edb Add latest changes from gitlab-org/gitlab@master 2019-10-08 15:06:04 +00:00
GitLab Bot 80f61b4035 Add latest changes from gitlab-org/gitlab@master 2019-09-18 14:02:45 +00:00
Vladimir Shushlin 8c3d0703ed Allow to load ECDSA certificates for pages domains 
Just replace RSA.new with PKey.read
 2019-09-07 00:29:03 +00:00
Francisco Javier López 537eb0bb2d Avoid checking dns rebind protection in validation 2019-09-05 09:11:14 +00:00
George Koltsov 8abf920d1f Refactor SystemHookUrlValidator and specs 
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator
Refactor specs to move out shared examples to be used in both
system hooks and public url validators.
 2019-08-02 15:39:18 +01:00
George Koltsov ac7661924e Update security/webhooks.md doc page & specs 
Updating security/webhooks.md to match new behaviour
as well as drying up few specs to extract shared
examples
 2019-08-02 15:39:18 +01:00
George Koltsov e5e1c907c0 Add outbound requests setting for system hooks 
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
 2019-08-02 15:39:18 +01:00
Reuben Pereira 5c7f2853dc Allow blank but not nil in validations 
- The most common use case for qualified_domain_validator currently is
to allow blank ([]) but not allow nil. Modify the
qualified_domain_validator to support this use case.
 2019-07-31 06:54:03 +00:00
Reuben Pereira 42ecbcad10 Add validator for qualidied domain array 
- Validate that the entries contain no unicode, html tags and are not
larger than 255 characters.
 2019-07-23 19:47:17 +00:00
Bob Van Landuyt f138acb986 Lesser Namespace#name validations 
Since we use `Namespace#path` to build routes and URLs we can lessen
the restrictions on `Namespace#name` so it can accomodate a user's name.
 2019-07-09 18:09:45 +02:00
Heinrich Lee Yu 717824144f Fix color validation regex 
Also prevents ReDoS vulnerability
 2019-06-25 09:06:26 +08:00
Thong Kuah d119d3d1b2 Align UrlValidator to validate_url gem implementation. 
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: allow_nil, allow_blank, message.
Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
 2019-04-11 06:29:07 +00:00
Imre Farkas 9bc5ed14fe Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-09 15:38:58 +00:00
Andreas Brandl 46b1b9c1d6 Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'" 
This reverts merge request !26823
 2019-04-05 13:02:56 +00:00
Imre Farkas d9d7237d2e Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-05 11:45:47 +00:00
Mayra Cabrera ab06d1eda2 Renames Cluster#managed? to provided_by_user? 
This will allow to user the term managed? on
https://gitlab.com/gitlab-org/gitlab-ce/issues/56557. Managed? will be
used to distinct clusters that are automatically managed by GitLab
 2019-03-29 18:23:18 +00:00
Francisco Javier López 150f7c1e9c Fix Bitbucket import 
In ebf16ada85
we introduced a SHA validator, to ensure that the data provided in
merge request diffs, was legit. Nevertheless, the validator
assumed that the SHA should be 40 chars long.

When we import a project from BitBucket, the retrieved SHA is
shorter (12 chars long). Therefore, this validator prevented to
create a valid MergeRequestDiff for ever MergeRequest (triggering
an exception).
 2019-03-14 10:05:17 +00:00
Stan Hu 6908c5f70e Merge branch 'fix/email_validator' into 'master' 
Align EmailValidator to validate_email gem implementation.

Closes #57352

See merge request gitlab-org/gitlab-ce!24971
 2019-03-09 00:05:59 +00:00
Horatiu Eugen Vlad c8c0ea6c52 Align EmailValidator to validate_email gem implementation. 
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: regex.
 2019-03-05 19:56:01 +00:00
Francisco Javier López ebf16ada85 Arbitrary file read via MergeRequestDiff 2019-03-04 18:36:34 +00:00
Thong Kuah 89f7bac3ba Comment why we can't use Gitlab::CurrentSettings 
See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833
 2019-02-20 10:50:58 +13:00
Bob Van Landuyt 7e55a227a5 Revert "Merge branch 'use_gitlab_current_settings' into 'master'" 
This reverts merge request !25370
 2019-02-19 12:58:05 +00:00
Thong Kuah 8a1b6041c8 Use Gitlab::CurrentSettings in UrlValidator 
Gitlab::CurrentSettings will create ApplicationSetting.current if not
present which means we don't have to use `&.`. We can also more easily
use stub_application_setting in specs
 2019-02-19 22:04:08 +13:00
Reuben Pereira f40b5860d7 Add table and model for error tracking settings 2019-01-07 17:55:21 +00:00
Clement Ho a89b526950 Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master' 
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only

See merge request gitlab-org/gitlab-ce!23627
 2018-12-08 03:02:18 +00:00
James Edwards-Jones 72c0059407 Allow URLs to be validated as ascii_only 
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
 2018-12-06 15:18:18 +00:00
Grzegorz Bizon 519d1054bc Add custom validation message for chronic duration attribute 2018-12-05 13:09:43 +01:00
Nick Thomas b73f3ce58f
Allow UrlValidator to work with attr_encrypted 2018-09-17 19:34:40 +01:00
Robert Speicher c7d1eef671 Merge branch 'rubocop-code-reuse' into 'master' 
Add RuboCop cops to enforce code reusing rules

See merge request gitlab-org/gitlab-ce!21391
 2018-09-13 14:53:05 +00:00
Yorick Peterse 2039c8280d
Disable existing offenses for the CodeReuse cops 
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
 2018-09-11 17:32:00 +02:00
gfyoung 0bdd2ed577 Enable frozen string in vestigial files 
Partially addresses #47424.
 2018-09-11 02:06:35 -07:00
Dmitriy Zaporozhets 464b0de1ac Merge branch 'filter-web-hooks-by-branch' into 'master' 
Filter web hooks by branch

See merge request gitlab-org/gitlab-ce!19513
 2018-09-05 13:39:41 +00:00
Duana Saskia 9d742e61a7 Refactor: move active hook filter to TriggerableHooks 2018-09-05 21:58:52 +10:00
Roger Rüttimann 93b9bfd93a Allow whitelisting for "external collaborator by default" setting 2018-08-30 12:53:06 +00:00
Duana Saskia ece6a1ea6e Filter project hooks by branch 
Allow specificying a branch filter for a project hook and only trigger
a project hook if either the branch filter is blank or the branch matches.
Only supported for push_events for now.
 2018-08-13 13:20:58 +02:00
gfyoung 720ed6f6ab Enable frozen string in apps/validators/*.rb 
Partially addresses #47424.
 2018-06-27 09:48:37 -07:00
Francisco Javier López 1418afc2d6 Avoid checking the user format in every url validation 2018-06-11 13:29:37 +00:00
Francisco Javier López 840f80d48b Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01 11:43:53 +00:00
Douwe Maan b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan 2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
James Edwards-Jones 590ddfdcba Adds validators and rack cookie helper 
These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
 2018-04-02 14:39:32 +01:00
Rob Watson 9d45951fca Add HTTPS-only pages 
Closes #28857
 2018-03-22 19:58:36 +01:00
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' 
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
 2018-03-21 14:39:21 +00:00
Francisco Javier López 8fe880dc06 Projects and groups badges API 2018-03-05 17:51:40 +00:00
Matija Čupić c65529e8f6
Skip variables duplicates validator if variable is already a duplicate 2018-02-22 23:09:24 +01:00
Kamil Trzciński 84c14ac0c2 Improve validation message and add changelog 2018-02-14 22:52:20 +01:00
Matija Čupić 48db60e479
Refactor variable duplicates error message 2018-02-14 20:26:54 +01:00
Matija Čupić 9a5ba5c674
Add more information in variable_duplicates validator error message 2018-02-13 23:51:04 +01:00
Matija Čupić a4b843e9b8
Refactor outer anonymous function into a do block 2018-02-13 17:59:08 +01:00
Matija Čupić c047fb860b
Disable public send cop in variables duplicates validator 2018-02-13 16:17:52 +01:00
Matija Čupić 532a966410
Extend variables_duplicates validator with scope handling 2018-02-13 15:17:26 +01:00
Douwe Maan a03d29da1d Validate User username only on Namespace, and bubble up appropriately 2018-02-06 12:09:03 -06:00
Filipa Lacerda 4b66bdfa1a Second iteration of Move Kubernetes from service to Cluster page 2017-12-05 12:00:02 +00:00
Jacopo 181cd299f9 Adds Rubocop rule for line break after guard clause 
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
 2017-11-16 17:58:29 +01:00
Grzegorz Bizon c71cf908cd Merge branch 'refactor-clusters' into 'master' 
Refactor Clusters to be consisted from GcpProvider and KubernetesPlatform

See merge request gitlab-org/gitlab-ce!14879
 2017-11-06 21:21:27 +00:00
Douwe Maan a10925e1c3 Reallow project paths ending in periods 2017-11-06 14:46:53 +01:00
Shinya Maeda 478e59fe8d specs for models. Improved details. 2017-10-30 03:48:45 +09:00
Shinya Maeda d0cff7f585 This works 2017-10-23 11:36:35 +03:00
Nick Thomas eb05bdc6f5 Move the key restriction validation to its own class 2017-08-30 20:50:44 +01:00
Shinya Maeda 9a9aaa564a Implement ayufan validator2 2017-07-06 00:59:45 +09:00
Shinya Maeda 1acaf75d9f Implement ayufan validator 2017-07-06 00:45:26 +09:00
Shinya Maeda dafc341794 Revert "Implement Ci::NestedUniquenessValidator" 
This reverts commit 8f0a2b6d78.
 2017-07-06 00:23:28 +09:00
Shinya Maeda 8f0a2b6d78 Implement Ci::NestedUniquenessValidator 2017-07-05 18:38:37 +09:00
Shinya Maeda c99f8e8884 Implement uniqueness_of_in_memory_validator 2017-07-05 18:36:19 +09:00
Bob Van Landuyt 79393a351d Rebuild the dynamic path before validating it 
Otherwise we won't validate updates to the path. Allowing users to
change the path to something that's not allowed.
 2017-06-21 16:09:35 +02:00
Bob Van Landuyt e564fe971f Rename `Gitlab::Git::EncodingHelper` to `Gitlab::EncodingHelper` 2017-06-01 21:21:14 +00:00
Bob Van Landuyt 33aed43e9d Avoid crash when trying to parse string with invalid UTF-8 sequence 2017-05-30 15:05:52 +00:00
Douwe Maan 43b1750892 Revert "Remove changes that are not absolutely necessary" 
This reverts commit b0498c176f
 2017-05-24 20:59:26 +00:00
Douwe Maan b0498c176f Remove changes that are not absolutely necessary 2017-05-23 20:38:35 -05:00
Douwe Maan 4345bb8c50 Fix ambiguous routing issues by teaching router about reserved words 2017-05-23 20:38:24 -05:00
Bob Van Landuyt 4b9eab02b8 Reject EE reserved namespace paths in CE as well 2017-05-04 18:11:31 +02:00
Bob Van Landuyt 49a8e5f510 Don't validate reserved words if the format doesn't match 
Because it also won't match the sophisticated format we have for
detecting reserved names. We don't want to confuse the user with 2
error messages
 2017-05-02 17:26:32 +02:00
Bob Van Landuyt 29f2001102 Update comments 2017-05-02 13:49:09 +02:00
Bob Van Landuyt a035ebbe06 Update path validation & specs 2017-05-02 10:47:01 +02:00
Bob Van Landuyt c853dd6158 Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator 2017-05-02 09:13:41 +02:00
Bob Van Landuyt 08b1bc3489 Reject group-routes as names of child namespaces 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 1e14c3c852 Reject paths following namespace for paths including 2 `*` 
Reject the part following `/*namespace_id/:project_id` for paths
containing 2 wildcard parameters
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 2c7ca43bdd Allow `graphs` & `refs` project names 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 12735eefcd Minor style adjustments 2017-05-01 11:14:24 +02:00
Bob Van Landuyt ea8e86dac8 Use `%r{}` regexes to avoid having to escape `/` 2017-05-01 11:14:24 +02:00
Bob Van Landuyt e50f4bc066 The dynamic path validator can block out partial paths 
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs`
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt c5059cb4f7 Make path validation case-insensitive 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 9fb9414ec0 Reject `-` as a path 2017-05-01 11:14:24 +02:00
Bob Van Landuyt bccf8d86c5 Rename `NamespaceValidator` to `DynamicPathValidator` 
This reflects better that it validates paths instead of a namespace model
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 3143a5d260 Use the namespace validator for validating all paths 
Since the namespacevalidator now knows the difference between a
top-level and another path, this could all be handled there.
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 1498a9cb0f Check `has_parent?` for determining validation type 2017-05-01 11:14:24 +02:00
Bob Van Landuyt f7511caa5f Split off validating full paths 
The first part of a full path needs to be validated as a `top_level`
while the rest need to be validated as `wildcard`
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt e4f5b7ca21 Improve detection of reserved words from routes 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 74fcccaab3 Streamline the path validation in groups & projects 
`Project` uses `ProjectPathValidator` which is now a
`NamespaceValidator` that skips the format validation.

That way we're sure we are using the same collection of reserved
paths.

I updated the path constraints to reflect the changes: We now allow
some values that are only used on a top level namespace as a name for
a nested group/project.
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 536f2bdfd1 Add forbidden paths to the namespace validator 2017-05-01 11:14:23 +02:00
Bob Van Landuyt 56e031d303 Disallow some more namespaces 
These routes seem to be taken
 2017-05-01 11:14:23 +02:00
Shinya Maeda 4688eb47c6 Rename cron_time_zone to cron_timezone. Separate add_concurrent_foreign_key. 2017-04-06 23:46:59 +09:00
Shinya Maeda 4949e2b291 Separate cron_valid? and cron_time_zone_valid? 2017-04-06 23:46:59 +09:00
Shinya Maeda 914bef671f Move Ci::CronParser to Gitlab::Ci::CronParser 2017-04-06 23:46:58 +09:00
Shinya Maeda a67aff6d39 Add Import/Export Setting for trigger_schedule. Remove ref validation. 2017-04-06 23:46:58 +09:00
Shinya Maeda 934e949726 Fix rubocop issues. Use add_concurrent_foreign_key. 2017-04-06 23:46:58 +09:00
Shinya Maeda 57d082f358 Add validator 2017-04-06 23:46:58 +09:00
Douwe Maan 65aafb9917 Merge branch 'ssrf' into 'security' 
Protect server against SSRF in project import URLs

See merge request !2068
 2017-03-20 18:53:04 -07:00
Dmitriy Zaporozhets cd4db7b417
Reserve few project and nested group paths 
That have wildcard routes associated and not reserved yet: artifacts,
graphs, badges and refs

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2017-03-13 15:47:24 +02:00
Dmitriy Zaporozhets e6cc7a0a38
Restrict nested group names to prevent ambiguous routes 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2017-03-07 09:43:35 +02:00
Lin Jen-Shin 728b0a5fe0 Introduce DurationValidator, feedback: 
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9219#note_24032923
 2017-02-24 17:28:24 +08:00
Douwe Maan b7d8df503c Enable Style/MutableConstant 2017-02-23 09:31:56 -06:00
Kamil Trzcinski 63eb415610 Fix certificate validators 2017-01-31 22:53:58 +00:00
Kamil Trzcinski 930a7030b5 Implement proper verification of certificate's public_key against the private_key 2017-01-31 22:53:57 +00:00
Kamil Trzcinski 5f7257c27d Initial work on GitLab Pages update 2017-01-31 22:53:57 +00:00
Dmitriy Zaporozhets 3551a625a8
Whitelist next project names: assets, profile, public 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2017-01-06 11:14:17 +02:00
Dmitriy Zaporozhets 1c2d9015da
Whitelist next project names: notes, services 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-12-21 21:08:55 +02:00
Dmitriy Zaporozhets e1bf40e293
Whitelist next project names: help, ci, admin, search 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-12-21 16:50:38 +02:00
Dmitriy Zaporozhets 8b92e9c08b
Allow projects with dashboard as path 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-12-21 13:00:10 +02:00
Dmitriy Zaporozhets 6683fdcfb0
Add nested groups support to the routing 
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
 2016-11-23 14:08:36 +02:00
Nick Thomas ef696f592f Add `robots.txt` to the list of reserved namespaces 2016-10-11 02:58:26 +01:00
Robert Speicher d75a8297b8 Add '.well-known' to the list of reserved namespaces 
See https://gitlab.com/gitlab-org/gitlab-ce/issues/22759
 2016-09-29 10:36:38 +02:00
James Lopez 54a50bf81d refactor url validator to use sanitizer for check 2016-07-01 09:02:45 +02:00
James Lopez ef5713546b few more changes from suggestions 2016-06-30 17:22:56 +02:00
James Lopez 5b893d603d few changes based on feedback 2016-06-30 13:17:37 +02:00
James Lopez 8076d38a14 added more info on how addressable URI differs from what we use in UrlValidator 2016-06-24 11:35:32 +02:00
James Lopez 58c49966fa updated validator based on feedback 2016-06-23 17:18:02 +02:00
James Lopez 4273e07e00 fix comment 2016-06-20 17:25:51 +02:00
James Lopez 6d763831d0 fixed a few MySQL issues and added changelog 2016-06-20 17:20:53 +02:00
James Lopez 896e09d055 started working on a migration for projects that have current import_url issues 2016-06-20 15:31:03 +02:00
James Lopez a5abec905f fix addressable url validator 2016-06-20 11:34:34 +02:00
James Lopez 0e222f02d8 fixing URL validation for import_url on projects 2016-06-17 15:09:39 +02:00
evuez 4d0e2979b9 Allow webhooks URL to have leading and trailing spaces 2016-02-26 14:34:06 -05:00
Rémy Coutable b3635ee46a Re-add EmailValidator to avoid the repetition of format: { with: Devise.email_regexp } 2016-02-09 18:15:35 +01:00
Rémy Coutable b34963bc12 Validate email addresses using Devise.email_regexp 
Also:
- Get rid of legacy :strict_mode
- Get rid of custom :email validator
- Add some shared examples to spec emails validation
 2016-02-09 18:15:35 +01:00
Robert Schilling c3c0dda3f5 Blacklist 'new' 2016-01-08 10:19:22 +01:00
Robert Speicher 2379c8beea Inline Gitlab::Blacklist in NamespaceValidator 2015-12-07 16:57:26 -05:00
Robert Speicher 175f482c3c Add custom NamespaceNameValidator 2015-12-07 16:57:26 -05:00
Robert Speicher 9321d382bd Add custom NamespaceValidator 2015-12-07 16:57:26 -05:00
Robert Speicher ad6a771dc6 Add custom LineCodeValidator 2015-12-07 16:57:26 -05:00
Robert Speicher 96e51a0304 Minor EmailValidator refactor 2015-12-07 16:57:26 -05:00
Robert Speicher e48391b813 Add custom ColorValidator 2015-12-07 16:57:26 -05:00
Robert Speicher b3200c8c44 Move EmailValidator to app/validators 2015-12-07 16:57:26 -05:00
Robert Speicher d5ea93469b Add custom UrlValidator 2015-12-07 16:57:26 -05:00