150f7c1e9c
Fix Bitbucket import
...
In ebf16ada85
2019-03-14 10:05:17 +00:00
6908c5f70e
Merge branch 'fix/email_validator' into 'master'
...
Align EmailValidator to validate_email gem implementation.
Closes #57352
See merge request gitlab-org/gitlab-ce!24971
2019-03-09 00:05:59 +00:00
c8c0ea6c52
Align EmailValidator to validate_email gem implementation.
...
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: regex.
2019-03-05 19:56:01 +00:00
ad2f711adf
Add frozen_string_literal to new files
2019-03-04 23:19:19 -08:00
ebf16ada85
Arbitrary file read via MergeRequestDiff
2019-03-04 18:36:34 +00:00
3197cd9b6c
remove newly supported regex feature from validation error test
2019-01-14 13:42:27 +01:00
f40b5860d7
Add table and model for error tracking settings
2019-01-07 17:55:21 +00:00
72c0059407
Allow URLs to be validated as ascii_only
...
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
2018-12-06 15:18:18 +00:00
c0e5d9afee
Merge branch 'security-fj-crlf-injection' into 'master'
...
[master] Fix CRLF issue in UrlValidator
See merge request gitlab/gitlabhq!2627
2018-11-28 19:14:06 -05:00
b73f3ce58f
Allow UrlValidator to work with attr_encrypted
2018-09-17 19:34:40 +01:00
464b0de1ac
Merge branch 'filter-web-hooks-by-branch' into 'master'
...
Filter web hooks by branch
See merge request gitlab-org/gitlab-ce!19513
2018-09-05 13:39:41 +00:00
93b9bfd93a
Allow whitelisting for "external collaborator by default" setting
2018-08-30 12:53:06 +00:00
ece6a1ea6e
Filter project hooks by branch
...
Allow specificying a branch filter for a project hook and only trigger
a project hook if either the branch filter is blank or the branch matches.
Only supported for push_events for now.
2018-08-13 13:20:58 +02:00
1418afc2d6
Avoid checking the user format in every url validation
2018-06-11 13:29:37 +00:00
840f80d48b
Add validation to webhook and service URLs to ensure they are not blocked because of SSRF
2018-06-01 11:43:53 +00:00
8fe880dc06
Projects and groups badges API
2018-03-05 17:51:40 +00:00
9a5ba5c674
Add more information in variable_duplicates validator error message
2018-02-13 23:51:04 +01:00
e5d9f4a374
Add specs for VariableDuplicates validator
2018-02-13 17:52:33 +01:00
a03d29da1d
Validate User username only on Namespace, and bubble up appropriately
2018-02-06 12:09:03 -06:00
a10925e1c3
Reallow project paths ending in periods
2017-11-06 14:46:53 +01:00
72a7b30c9f
Change all `:empty_project` to `:project`
2017-08-02 17:47:31 -04:00
9513bd18c4
Ensure all project factories use `:repository` trait or `:empty_project`
2017-08-01 14:51:52 -04:00
79393a351d
Rebuild the dynamic path before validating it
...
Otherwise we won't validate updates to the path. Allowing users to
change the path to something that's not allowed.
2017-06-21 16:09:35 +02:00
33aed43e9d
Avoid crash when trying to parse string with invalid UTF-8 sequence
2017-05-30 15:05:52 +00:00
43b1750892
Revert "Remove changes that are not absolutely necessary"
...
This reverts commit b0498c176f
2017-05-24 20:59:26 +00:00
b0498c176f
Remove changes that are not absolutely necessary
2017-05-23 20:38:35 -05:00
4345bb8c50
Fix ambiguous routing issues by teaching router about reserved words
2017-05-23 20:38:24 -05:00
e2b9420c11
Add a better error message when a certain path is missing
2017-05-02 11:48:54 +02:00
a035ebbe06
Update path validation & specs
2017-05-02 10:47:01 +02:00
c853dd6158
Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator
2017-05-02 09:13:41 +02:00
08b1bc3489
Reject group-routes as names of child namespaces
2017-05-01 11:14:24 +02:00
1e14c3c852
Reject paths following namespace for paths including 2 `*`
...
Reject the part following `/*namespace_id/:project_id` for paths
containing 2 wildcard parameters
2017-05-01 11:14:24 +02:00
ea8e86dac8
Use `%r{}` regexes to avoid having to escape `/`
2017-05-01 11:14:24 +02:00
e50f4bc066
The dynamic path validator can block out partial paths
...
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs`
2017-05-01 11:14:24 +02:00
c5059cb4f7
Make path validation case-insensitive
2017-05-01 11:14:24 +02:00
bccf8d86c5
Rename `NamespaceValidator` to `DynamicPathValidator`
...
This reflects better that it validates paths instead of a namespace model
2017-05-01 11:14:24 +02:00
f7511caa5f
Split off validating full paths
...
The first part of a full path needs to be validated as a `top_level`
while the rest need to be validated as `wildcard`
2017-05-01 11:14:24 +02:00
e4f5b7ca21
Improve detection of reserved words from routes
2017-05-01 11:14:24 +02:00
74fcccaab3
Streamline the path validation in groups & projects
...
`Project` uses `ProjectPathValidator` which is now a
`NamespaceValidator` that skips the format validation.
That way we're sure we are using the same collection of reserved
paths.
I updated the path constraints to reflect the changes: We now allow
some values that are only used on a top level namespace as a name for
a nested group/project.
2017-05-01 11:14:24 +02:00
536f2bdfd1
Add forbidden paths to the namespace validator
2017-05-01 11:14:23 +02:00
Francisco Javier López
Stan Hu
Horatiu Eugen Vlad
Roger Rüttimann
Reuben Pereira
James Edwards-Jones
Cindy Pallares
Nick Thomas
Dmitriy Zaporozhets
Roger Rüttimann
Duana Saskia
Matija Čupić
Douwe Maan
Robert Speicher
Bob Van Landuyt
Douwe Maan