6d37fe952b
Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ⚠️ - Potentially untested 💣 - No test coverage 🚥 - Test coverage of some sort exists (a test failed when error raised) 🚦 - Test coverage of return value (a test failed when nil used) ✅ - Permissions check tested - [x] ✅ app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] ✅ app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030 |
||
|---|---|---|
| .. | ||
| admin | ||
| ci | ||
| groups | ||
| import | ||
| oauth | ||
| profiles | ||
| projects | ||
| abuse_reports_controller_spec.rb | ||
| application_controller_spec.rb | ||
| autocomplete_controller_spec.rb | ||
| blob_controller_spec.rb | ||
| groups_controller_spec.rb | ||
| health_check_controller_spec.rb | ||
| help_controller_spec.rb | ||
| invites_controller_spec.rb | ||
| notification_settings_controller_spec.rb | ||
| projects_controller_spec.rb | ||
| registrations_controller_spec.rb | ||
| root_controller_spec.rb | ||
| sent_notifications_controller_spec.rb | ||
| sessions_controller_spec.rb | ||
| snippets_controller_spec.rb | ||
| uploads_controller_spec.rb | ||
| users_controller_spec.rb | ||