root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
102,247 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

135 Commits

Author SHA1 Message Date
GitLab Bot 170f0bdcde Add latest changes from gitlab-org/gitlab@master 2019-10-21 21:06:14 +00:00
GitLab Bot a712542edb Add latest changes from gitlab-org/gitlab@master 2019-10-08 15:06:04 +00:00
GitLab Bot 80f61b4035 Add latest changes from gitlab-org/gitlab@master 2019-09-18 14:02:45 +00:00
Vladimir Shushlin 8c3d0703ed Allow to load ECDSA certificates for pages domains 
Just replace RSA.new with PKey.read
 2019-09-07 00:29:03 +00:00
Francisco Javier López 537eb0bb2d Avoid checking dns rebind protection in validation 2019-09-05 09:11:14 +00:00
George Koltsov 8abf920d1f Refactor SystemHookUrlValidator and specs 
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator
Refactor specs to move out shared examples to be used in both
system hooks and public url validators.
 2019-08-02 15:39:18 +01:00
George Koltsov ac7661924e Update security/webhooks.md doc page & specs 
Updating security/webhooks.md to match new behaviour
as well as drying up few specs to extract shared
examples
 2019-08-02 15:39:18 +01:00
George Koltsov e5e1c907c0 Add outbound requests setting for system hooks 
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
 2019-08-02 15:39:18 +01:00
Reuben Pereira 5c7f2853dc Allow blank but not nil in validations 
- The most common use case for qualified_domain_validator currently is
to allow blank ([]) but not allow nil. Modify the
qualified_domain_validator to support this use case.
 2019-07-31 06:54:03 +00:00
Reuben Pereira 42ecbcad10 Add validator for qualidied domain array 
- Validate that the entries contain no unicode, html tags and are not
larger than 255 characters.
 2019-07-23 19:47:17 +00:00
Bob Van Landuyt f138acb986 Lesser Namespace#name validations 
Since we use `Namespace#path` to build routes and URLs we can lessen
the restrictions on `Namespace#name` so it can accomodate a user's name.
 2019-07-09 18:09:45 +02:00
Heinrich Lee Yu 717824144f Fix color validation regex 
Also prevents ReDoS vulnerability
 2019-06-25 09:06:26 +08:00
Thong Kuah d119d3d1b2 Align UrlValidator to validate_url gem implementation. 
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: allow_nil, allow_blank, message.
Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
 2019-04-11 06:29:07 +00:00
Imre Farkas 9bc5ed14fe Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-09 15:38:58 +00:00
Andreas Brandl 46b1b9c1d6 Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'" 
This reverts merge request !26823
 2019-04-05 13:02:56 +00:00
Imre Farkas d9d7237d2e Move Contribution Analytics related spec in spec/features/groups/group_page_with_external_authorization_service_spec to EE 2019-04-05 11:45:47 +00:00
Mayra Cabrera ab06d1eda2 Renames Cluster#managed? to provided_by_user? 
This will allow to user the term managed? on
https://gitlab.com/gitlab-org/gitlab-ce/issues/56557. Managed? will be
used to distinct clusters that are automatically managed by GitLab
 2019-03-29 18:23:18 +00:00
Francisco Javier López 150f7c1e9c Fix Bitbucket import 
In ebf16ada85
we introduced a SHA validator, to ensure that the data provided in
merge request diffs, was legit. Nevertheless, the validator
assumed that the SHA should be 40 chars long.

When we import a project from BitBucket, the retrieved SHA is
shorter (12 chars long). Therefore, this validator prevented to
create a valid MergeRequestDiff for ever MergeRequest (triggering
an exception).
 2019-03-14 10:05:17 +00:00
Stan Hu 6908c5f70e Merge branch 'fix/email_validator' into 'master' 
Align EmailValidator to validate_email gem implementation.

Closes #57352

See merge request gitlab-org/gitlab-ce!24971
 2019-03-09 00:05:59 +00:00
Horatiu Eugen Vlad c8c0ea6c52 Align EmailValidator to validate_email gem implementation. 
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: regex.
 2019-03-05 19:56:01 +00:00
Francisco Javier López ebf16ada85 Arbitrary file read via MergeRequestDiff 2019-03-04 18:36:34 +00:00
Thong Kuah 89f7bac3ba Comment why we can't use Gitlab::CurrentSettings 
See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833
 2019-02-20 10:50:58 +13:00
Bob Van Landuyt 7e55a227a5 Revert "Merge branch 'use_gitlab_current_settings' into 'master'" 
This reverts merge request !25370
 2019-02-19 12:58:05 +00:00
Thong Kuah 8a1b6041c8 Use Gitlab::CurrentSettings in UrlValidator 
Gitlab::CurrentSettings will create ApplicationSetting.current if not
present which means we don't have to use `&.`. We can also more easily
use stub_application_setting in specs
 2019-02-19 22:04:08 +13:00
Reuben Pereira f40b5860d7 Add table and model for error tracking settings 2019-01-07 17:55:21 +00:00
Clement Ho a89b526950 Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master' 
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only

See merge request gitlab-org/gitlab-ce!23627
 2018-12-08 03:02:18 +00:00
James Edwards-Jones 72c0059407 Allow URLs to be validated as ascii_only 
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
 2018-12-06 15:18:18 +00:00
Grzegorz Bizon 519d1054bc Add custom validation message for chronic duration attribute 2018-12-05 13:09:43 +01:00
Nick Thomas b73f3ce58f
Allow UrlValidator to work with attr_encrypted 2018-09-17 19:34:40 +01:00
Robert Speicher c7d1eef671 Merge branch 'rubocop-code-reuse' into 'master' 
Add RuboCop cops to enforce code reusing rules

See merge request gitlab-org/gitlab-ce!21391
 2018-09-13 14:53:05 +00:00
Yorick Peterse 2039c8280d
Disable existing offenses for the CodeReuse cops 
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
 2018-09-11 17:32:00 +02:00
gfyoung 0bdd2ed577 Enable frozen string in vestigial files 
Partially addresses #47424.
 2018-09-11 02:06:35 -07:00
Dmitriy Zaporozhets 464b0de1ac Merge branch 'filter-web-hooks-by-branch' into 'master' 
Filter web hooks by branch

See merge request gitlab-org/gitlab-ce!19513
 2018-09-05 13:39:41 +00:00
Duana Saskia 9d742e61a7 Refactor: move active hook filter to TriggerableHooks 2018-09-05 21:58:52 +10:00
Roger Rüttimann 93b9bfd93a Allow whitelisting for "external collaborator by default" setting 2018-08-30 12:53:06 +00:00
Duana Saskia ece6a1ea6e Filter project hooks by branch 
Allow specificying a branch filter for a project hook and only trigger
a project hook if either the branch filter is blank or the branch matches.
Only supported for push_events for now.
 2018-08-13 13:20:58 +02:00
gfyoung 720ed6f6ab Enable frozen string in apps/validators/*.rb 
Partially addresses #47424.
 2018-06-27 09:48:37 -07:00
Francisco Javier López 1418afc2d6 Avoid checking the user format in every url validation 2018-06-11 13:29:37 +00:00
Francisco Javier López 840f80d48b Add validation to webhook and service URLs to ensure they are not blocked because of SSRF 2018-06-01 11:43:53 +00:00
Douwe Maan b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan 2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
James Edwards-Jones 590ddfdcba Adds validators and rack cookie helper 
These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
 2018-04-02 14:39:32 +01:00
Rob Watson 9d45951fca Add HTTPS-only pages 
Closes #28857
 2018-03-22 19:58:36 +01:00
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' 
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
 2018-03-21 14:39:21 +00:00
Francisco Javier López 8fe880dc06 Projects and groups badges API 2018-03-05 17:51:40 +00:00
Matija Čupić c65529e8f6
Skip variables duplicates validator if variable is already a duplicate 2018-02-22 23:09:24 +01:00
Kamil Trzciński 84c14ac0c2 Improve validation message and add changelog 2018-02-14 22:52:20 +01:00
Matija Čupić 48db60e479
Refactor variable duplicates error message 2018-02-14 20:26:54 +01:00
Matija Čupić 9a5ba5c674
Add more information in variable_duplicates validator error message 2018-02-13 23:51:04 +01:00
Matija Čupić a4b843e9b8
Refactor outer anonymous function into a do block 2018-02-13 17:59:08 +01:00