root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
72,140 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

96 Commits

Author SHA1 Message Date
Douwe Maan b290d929bc
Rename allow_private_networks to allow_local_network 2018-04-02 17:24:19 +02:00
Douwe Maan 2e3bc6a941
Raise more descriptive errors when URLs are blocked 2018-04-02 17:20:01 +02:00
James Edwards-Jones 590ddfdcba Adds validators and rack cookie helper 
These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
 2018-04-02 14:39:32 +01:00
Rob Watson 9d45951fca Add HTTPS-only pages 
Closes #28857
 2018-03-22 19:58:36 +01:00
Douwe Maan 95ced3bb5f Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6' 
Server Side Request Forgery in Services and Web Hooks

See merge request gitlab/gitlabhq!2337
 2018-03-21 14:39:21 +00:00
Francisco Javier López 8fe880dc06 Projects and groups badges API 2018-03-05 17:51:40 +00:00
Matija Čupić c65529e8f6
Skip variables duplicates validator if variable is already a duplicate 2018-02-22 23:09:24 +01:00
Kamil Trzciński 84c14ac0c2 Improve validation message and add changelog 2018-02-14 22:52:20 +01:00
Matija Čupić 48db60e479
Refactor variable duplicates error message 2018-02-14 20:26:54 +01:00
Matija Čupić 9a5ba5c674
Add more information in variable_duplicates validator error message 2018-02-13 23:51:04 +01:00
Matija Čupić a4b843e9b8
Refactor outer anonymous function into a do block 2018-02-13 17:59:08 +01:00
Matija Čupić c047fb860b
Disable public send cop in variables duplicates validator 2018-02-13 16:17:52 +01:00
Matija Čupić 532a966410
Extend variables_duplicates validator with scope handling 2018-02-13 15:17:26 +01:00
Douwe Maan a03d29da1d Validate User username only on Namespace, and bubble up appropriately 2018-02-06 12:09:03 -06:00
Filipa Lacerda 4b66bdfa1a Second iteration of Move Kubernetes from service to Cluster page 2017-12-05 12:00:02 +00:00
Jacopo 181cd299f9 Adds Rubocop rule for line break after guard clause 
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
 2017-11-16 17:58:29 +01:00
Grzegorz Bizon c71cf908cd Merge branch 'refactor-clusters' into 'master' 
Refactor Clusters to be consisted from GcpProvider and KubernetesPlatform

See merge request gitlab-org/gitlab-ce!14879
 2017-11-06 21:21:27 +00:00
Douwe Maan a10925e1c3 Reallow project paths ending in periods 2017-11-06 14:46:53 +01:00
Shinya Maeda 478e59fe8d specs for models. Improved details. 2017-10-30 03:48:45 +09:00
Shinya Maeda d0cff7f585 This works 2017-10-23 11:36:35 +03:00
Nick Thomas eb05bdc6f5 Move the key restriction validation to its own class 2017-08-30 20:50:44 +01:00
Shinya Maeda 9a9aaa564a Implement ayufan validator2 2017-07-06 00:59:45 +09:00
Shinya Maeda 1acaf75d9f Implement ayufan validator 2017-07-06 00:45:26 +09:00
Shinya Maeda dafc341794 Revert "Implement Ci::NestedUniquenessValidator" 
This reverts commit 8f0a2b6d78.
 2017-07-06 00:23:28 +09:00
Shinya Maeda 8f0a2b6d78 Implement Ci::NestedUniquenessValidator 2017-07-05 18:38:37 +09:00
Shinya Maeda c99f8e8884 Implement uniqueness_of_in_memory_validator 2017-07-05 18:36:19 +09:00
Bob Van Landuyt 79393a351d Rebuild the dynamic path before validating it 
Otherwise we won't validate updates to the path. Allowing users to
change the path to something that's not allowed.
 2017-06-21 16:09:35 +02:00
Bob Van Landuyt e564fe971f Rename `Gitlab::Git::EncodingHelper` to `Gitlab::EncodingHelper` 2017-06-01 21:21:14 +00:00
Bob Van Landuyt 33aed43e9d Avoid crash when trying to parse string with invalid UTF-8 sequence 2017-05-30 15:05:52 +00:00
Douwe Maan 43b1750892 Revert "Remove changes that are not absolutely necessary" 
This reverts commit b0498c176f
 2017-05-24 20:59:26 +00:00
Douwe Maan b0498c176f Remove changes that are not absolutely necessary 2017-05-23 20:38:35 -05:00
Douwe Maan 4345bb8c50 Fix ambiguous routing issues by teaching router about reserved words 2017-05-23 20:38:24 -05:00
Bob Van Landuyt 4b9eab02b8 Reject EE reserved namespace paths in CE as well 2017-05-04 18:11:31 +02:00
Bob Van Landuyt 49a8e5f510 Don't validate reserved words if the format doesn't match 
Because it also won't match the sophisticated format we have for
detecting reserved names. We don't want to confuse the user with 2
error messages
 2017-05-02 17:26:32 +02:00
Bob Van Landuyt 29f2001102 Update comments 2017-05-02 13:49:09 +02:00
Bob Van Landuyt a035ebbe06 Update path validation & specs 2017-05-02 10:47:01 +02:00
Bob Van Landuyt c853dd6158 Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator 2017-05-02 09:13:41 +02:00
Bob Van Landuyt 08b1bc3489 Reject group-routes as names of child namespaces 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 1e14c3c852 Reject paths following namespace for paths including 2 `*` 
Reject the part following `/*namespace_id/:project_id` for paths
containing 2 wildcard parameters
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 2c7ca43bdd Allow `graphs` & `refs` project names 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 12735eefcd Minor style adjustments 2017-05-01 11:14:24 +02:00
Bob Van Landuyt ea8e86dac8 Use `%r{}` regexes to avoid having to escape `/` 2017-05-01 11:14:24 +02:00
Bob Van Landuyt e50f4bc066 The dynamic path validator can block out partial paths 
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs`
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt c5059cb4f7 Make path validation case-insensitive 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 9fb9414ec0 Reject `-` as a path 2017-05-01 11:14:24 +02:00
Bob Van Landuyt bccf8d86c5 Rename `NamespaceValidator` to `DynamicPathValidator` 
This reflects better that it validates paths instead of a namespace model
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 3143a5d260 Use the namespace validator for validating all paths 
Since the namespacevalidator now knows the difference between a
top-level and another path, this could all be handled there.
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt 1498a9cb0f Check `has_parent?` for determining validation type 2017-05-01 11:14:24 +02:00
Bob Van Landuyt f7511caa5f Split off validating full paths 
The first part of a full path needs to be validated as a `top_level`
while the rest need to be validated as `wildcard`
 2017-05-01 11:14:24 +02:00
Bob Van Landuyt e4f5b7ca21 Improve detection of reserved words from routes 2017-05-01 11:14:24 +02:00