diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 09:07:33 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-24 09:07:33 +0300 |
| commit | 9933e246c88dfa3d62eb0bab258539711663b904 (patch) | |
| tree | a8222689407ac2f5d69106bfa13a1d5812cd3d58 | |
| parent | c37c3ec359084406ca67e175ef66b8c186db6636 (diff) | |
Add latest changes from gitlab-org/gitlab@master
24 files changed, 189 insertions, 218 deletions
diff --git a/.rubocop_todo/layout/argument_alignment.yml b/.rubocop_todo/layout/argument_alignment.yml index 765de6db997..506fe38ab51 100644 --- a/.rubocop_todo/layout/argument_alignment.yml +++ b/.rubocop_todo/layout/argument_alignment.yml @@ -506,18 +506,6 @@ Layout/ArgumentAlignment: - 'app/graphql/types/work_items/widgets/start_and_due_date_update_input_type.rb' - 'app/graphql/types/x509_certificate_type.rb' - 'app/graphql/types/x509_issuer_type.rb' - - 'app/models/discussion.rb' - - 'app/models/environment.rb' - - 'app/models/generic_commit_status.rb' - - 'app/models/grafana_integration.rb' - - 'app/models/group.rb' - - 'app/models/group_group_link.rb' - - 'app/models/hooks/web_hook.rb' - - 'app/models/integration.rb' - - 'app/models/integrations/apple_app_store.rb' - - 'app/models/integrations/base_chat_notification.rb' - - 'app/models/integrations/jira.rb' - - 'app/models/jira_connect_installation.rb' - 'app/models/lfs_object.rb' - 'app/models/packages/cleanup/policy.rb' - 'app/models/packages/conan/metadatum.rb' diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 0f3143606ff..a612c1e89a5 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -263,12 +263,12 @@ class ProjectsController < Projects::ApplicationController @project.add_export_job(current_user: current_user) redirect_to( - edit_project_path(@project, anchor: 'js-export-project'), + edit_project_path(@project, anchor: 'js-project-advanced-settings'), notice: _("Project export started. A download link will be sent by email and made available on this page.") ) rescue Project::ExportLimitExceeded => e redirect_to( - edit_project_path(@project, anchor: 'js-export-project'), + edit_project_path(@project, anchor: 'js-project-advanced-settings'), alert: e.to_s ) end @@ -279,13 +279,13 @@ class ProjectsController < Projects::ApplicationController send_upload(@project.export_file, attachment: @project.export_file.filename) else redirect_to( - edit_project_path(@project, anchor: 'js-export-project'), + edit_project_path(@project, anchor: 'js-project-advanced-settings'), alert: _("The file containing the export is not available yet; it may still be transferring. Please try again later.") ) end else redirect_to( - edit_project_path(@project, anchor: 'js-export-project'), + edit_project_path(@project, anchor: 'js-project-advanced-settings'), alert: _("Project export link has expired. Please generate a new export from your project settings.") ) end @@ -298,7 +298,7 @@ class ProjectsController < Projects::ApplicationController flash[:alert] = _("Project export could not be deleted.") end - redirect_to(edit_project_path(@project, anchor: 'js-export-project')) + redirect_to(edit_project_path(@project, anchor: 'js-project-advanced-settings')) end def generate_new_export @@ -306,7 +306,7 @@ class ProjectsController < Projects::ApplicationController export else redirect_to( - edit_project_path(@project, anchor: 'js-export-project'), + edit_project_path(@project, anchor: 'js-project-advanced-settings'), alert: _("Project export could not be deleted.") ) end diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 1a966739401..b797a204d7f 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -29,7 +29,7 @@ class UploadsController < ApplicationController before_action :authorize_create_access!, only: [:create, :authorize] before_action :verify_workhorse_api!, only: [:authorize] - feature_category :not_owned # rubocop:todo Gitlab/AvoidFeatureCategoryNotOwned + feature_category :team_planning def self.model_classes MODEL_CLASSES diff --git a/app/models/discussion.rb b/app/models/discussion.rb index 83c85f30178..dc4794ed3cd 100644 --- a/app/models/discussion.rb +++ b/app/models/discussion.rb @@ -13,23 +13,23 @@ class Discussion attr_reader :context_noteable attr_accessor :notes - delegate :created_at, - :project, - :author, - :noteable, - :commit_id, - :confidential?, - :for_commit?, - :for_design?, - :for_merge_request?, - :noteable_ability_name, - :to_ability_name, - :editable?, - :resolved_by_id, - :system_note_visible_for?, - :resource_parent, - :save, - to: :first_note + delegate :created_at, + :project, + :author, + :noteable, + :commit_id, + :confidential?, + :for_commit?, + :for_design?, + :for_merge_request?, + :noteable_ability_name, + :to_ability_name, + :editable?, + :resolved_by_id, + :system_note_visible_for?, + :resource_parent, + :save, + to: :first_note def declarative_policy_delegate first_note diff --git a/app/models/environment.rb b/app/models/environment.rb index e34b43d0a7c..8480272eced 100644 --- a/app/models/environment.rb +++ b/app/models/environment.rb @@ -36,12 +36,12 @@ class Environment < ApplicationRecord Deployment::FINISHED_STATUSES.each do |status| has_one :"last_#{status}_deployment", -> { where(status: status).ordered }, - class_name: 'Deployment', inverse_of: :environment + class_name: 'Deployment', inverse_of: :environment end Deployment::UPCOMING_STATUSES.each do |status| has_one :"last_#{status}_deployment", -> { where(status: status).ordered_as_upcoming }, - class_name: 'Deployment', inverse_of: :environment + class_name: 'Deployment', inverse_of: :environment end has_one :latest_opened_most_severe_alert, -> { order_severity_with_open_prometheus_alert }, class_name: 'AlertManagement::Alert', inverse_of: :environment @@ -53,22 +53,22 @@ class Environment < ApplicationRecord after_save :clear_reactive_cache! validates :name, - presence: true, - uniqueness: { scope: :project_id }, - length: { maximum: 255 }, - format: { with: Gitlab::Regex.environment_name_regex, - message: Gitlab::Regex.environment_name_regex_message } + presence: true, + uniqueness: { scope: :project_id }, + length: { maximum: 255 }, + format: { with: Gitlab::Regex.environment_name_regex, + message: Gitlab::Regex.environment_name_regex_message } validates :slug, - presence: true, - uniqueness: { scope: :project_id }, - length: { maximum: 24 }, - format: { with: Gitlab::Regex.environment_slug_regex, - message: Gitlab::Regex.environment_slug_regex_message } + presence: true, + uniqueness: { scope: :project_id }, + length: { maximum: 24 }, + format: { with: Gitlab::Regex.environment_slug_regex, + message: Gitlab::Regex.environment_slug_regex_message } validates :external_url, - length: { maximum: 255 }, - allow_nil: true + length: { maximum: 255 }, + allow_nil: true # Currently, the tier presence is validaed for newly created environments. # After the `BackfillEnvironmentTiers` background migration has been completed, we should remove `on: :create`. @@ -237,8 +237,7 @@ class Environment < ApplicationRecord def self.nested group('COALESCE(environment_type, id::text)', 'COALESCE(environment_type, name)') - .select('COALESCE(environment_type, id::text), COALESCE(environment_type, name) AS name', - 'COUNT(*) AS size', 'MAX(id) AS last_id') + .select('COALESCE(environment_type, id::text), COALESCE(environment_type, name) AS name', 'COUNT(*) AS size', 'MAX(id) AS last_id') .order('name ASC') end diff --git a/app/models/generic_commit_status.rb b/app/models/generic_commit_status.rb index b02074849a1..f795585dfc5 100644 --- a/app/models/generic_commit_status.rb +++ b/app/models/generic_commit_status.rb @@ -3,9 +3,7 @@ class GenericCommitStatus < CommitStatus EXTERNAL_STAGE_IDX = 1_000_000 - validates :target_url, addressable_url: true, - length: { maximum: 255 }, - allow_nil: true + validates :target_url, addressable_url: true, length: { maximum: 255 }, allow_nil: true validate :name_uniqueness_across_types, unless: :importing? # GitHub compatible API diff --git a/app/models/grafana_integration.rb b/app/models/grafana_integration.rb index 71abfd3f6da..37e69102521 100644 --- a/app/models/grafana_integration.rb +++ b/app/models/grafana_integration.rb @@ -11,8 +11,8 @@ class GrafanaIntegration < ApplicationRecord before_validation :check_token_changes validates :grafana_url, - length: { maximum: 1024 }, - addressable_url: { enforce_sanitization: true, ascii_only: true } + length: { maximum: 1024 }, + addressable_url: { enforce_sanitization: true, ascii_only: true } validates :encrypted_token, :project, presence: true diff --git a/app/models/group.rb b/app/models/group.rb index 9ef1d3f12f3..bf249981012 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -152,17 +152,19 @@ class Group < Namespace validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 } validates :name, - html_safety: true, - format: { with: Gitlab::Regex.group_name_regex, - message: Gitlab::Regex.group_name_regex_message }, - if: :name_changed? + html_safety: true, + format: { + with: Gitlab::Regex.group_name_regex, + message: Gitlab::Regex.group_name_regex_message + }, + if: :name_changed? validates :group_feature, presence: true add_authentication_token_field :runners_token, - encrypted: :required, - format_with_prefix: :runners_token_prefix, - require_prefix_for_validation: true + encrypted: :required, + format_with_prefix: :runners_token_prefix, + require_prefix_for_validation: true after_create :post_create_hook after_create -> { create_or_load_association(:group_feature) } @@ -974,9 +976,11 @@ class Group < Namespace end def max_member_access(user_ids) - Gitlab::SafeRequestLoader.execute(resource_key: max_member_access_for_resource_key(User), - resource_ids: user_ids, - default_value: Gitlab::Access::NO_ACCESS) do |user_ids| + Gitlab::SafeRequestLoader.execute( + resource_key: max_member_access_for_resource_key(User), + resource_ids: user_ids, + default_value: Gitlab::Access::NO_ACCESS + ) do |user_ids| members_with_parents.where(user_id: user_ids).group(:user_id).maximum(:access_level) end end @@ -1037,8 +1041,7 @@ class Group < Namespace # the respective group_group_links.group_access. member_columns = GroupMember.attribute_names.map do |column_name| if column_name == 'access_level' - smallest_value_arel([cte_alias[:group_access], group_member_table[:access_level]], - 'access_level') + smallest_value_arel([cte_alias[:group_access], group_member_table[:access_level]], 'access_level') else group_member_table[column_name] end diff --git a/app/models/group_group_link.rb b/app/models/group_group_link.rb index fdb8fb9ed75..dba52aa51cd 100644 --- a/app/models/group_group_link.rb +++ b/app/models/group_group_link.rb @@ -10,8 +10,7 @@ class GroupGroupLink < ApplicationRecord validates :shared_group_id, uniqueness: { scope: [:shared_with_group_id], message: N_('The group has already been shared with this group') } validates :shared_with_group, presence: true - validates :group_access, inclusion: { in: Gitlab::Access.all_values }, - presence: true + validates :group_access, inclusion: { in: Gitlab::Access.all_values }, presence: true scope :non_guests, -> { where('group_access > ?', Gitlab::Access::GUEST) } diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 5ccbc926a71..6dc1c9f290a 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -9,23 +9,23 @@ class WebHook < ApplicationRecord SECRET_MASK = '************' attr_encrypted :token, - mode: :per_attribute_iv, - algorithm: 'aes-256-gcm', - key: Settings.attr_encrypted_db_key_base_32 + mode: :per_attribute_iv, + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_32 attr_encrypted :url, - mode: :per_attribute_iv, - algorithm: 'aes-256-gcm', - key: Settings.attr_encrypted_db_key_base_32 + mode: :per_attribute_iv, + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_32 attr_encrypted :url_variables, - mode: :per_attribute_iv, - key: Settings.attr_encrypted_db_key_base_32, - algorithm: 'aes-256-gcm', - marshal: true, - marshaler: ::Gitlab::Json, - encode: false, - encode_iv: false + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_32, + algorithm: 'aes-256-gcm', + marshal: true, + marshaler: ::Gitlab::Json, + encode: false, + encode_iv: false has_many :web_hook_logs diff --git a/app/models/integration.rb b/app/models/integration.rb index 0f716862032..43e923511bb 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -55,13 +55,13 @@ class Integration < ApplicationRecord SNOWPLOW_EVENT_LABEL = 'redis_hll_counters.ecosystem.ecosystem_total_unique_counts_monthly' attr_encrypted :properties, - mode: :per_attribute_iv, - key: Settings.attr_encrypted_db_key_base_32, - algorithm: 'aes-256-gcm', - marshal: true, - marshaler: ::Gitlab::Json, - encode: false, - encode_iv: false + mode: :per_attribute_iv, + key: Settings.attr_encrypted_db_key_base_32, + algorithm: 'aes-256-gcm', + marshal: true, + marshaler: ::Gitlab::Json, + encode: false, + encode_iv: false # Handle assignment of props with symbol keys. # To do this correctly, we need to call the method generated by attr_encrypted. diff --git a/app/models/integrations/apple_app_store.rb b/app/models/integrations/apple_app_store.rb index 5e502cce927..809715651b9 100644 --- a/app/models/integrations/apple_app_store.rb +++ b/app/models/integrations/apple_app_store.rb @@ -18,18 +18,16 @@ module Integrations end field :app_store_issuer_id, - section: SECTION_TYPE_CONNECTION, - required: true, - title: -> { s_('AppleAppStore|The Apple App Store Connect Issuer ID.') } + section: SECTION_TYPE_CONNECTION, + required: true, + title: -> { s_('AppleAppStore|The Apple App Store Connect Issuer ID.') } field :app_store_key_id, - section: SECTION_TYPE_CONNECTION, - required: true, - title: -> { s_('AppleAppStore|The Apple App Store Connect Key ID.') } - - field :app_store_private_key_file_name, - section: SECTION_TYPE_CONNECTION + section: SECTION_TYPE_CONNECTION, + required: true, + title: -> { s_('AppleAppStore|The Apple App Store Connect Key ID.') } + field :app_store_private_key_file_name, section: SECTION_TYPE_CONNECTION field :app_store_private_key, api_only: true def title diff --git a/app/models/integrations/base_chat_notification.rb b/app/models/integrations/base_chat_notification.rb index 963ba918089..4477f3d207f 100644 --- a/app/models/integrations/base_chat_notification.rb +++ b/app/models/integrations/base_chat_notification.rb @@ -35,9 +35,9 @@ module Integrations boolean_accessor :notify_only_broken_pipelines, :notify_only_default_branch validates :webhook, - presence: true, - public_url: true, - if: -> (integration) { integration.activated? && integration.requires_webhook? } + presence: true, + public_url: true, + if: -> (integration) { integration.activated? && integration.requires_webhook? } validates :labels_to_be_notified_behavior, inclusion: { in: LABEL_NOTIFICATION_BEHAVIOURS }, allow_blank: true, if: :activated? validate :validate_channel_limit, if: :activated? diff --git a/app/models/integrations/jira.rb b/app/models/integrations/jira.rb index f10b7872277..b550f9dade2 100644 --- a/app/models/integrations/jira.rb +++ b/app/models/integrations/jira.rb @@ -40,11 +40,11 @@ module Integrations validate :validate_jira_cloud_auth_type_is_basic, if: :activated? validates :jira_issue_transition_id, - format: { - with: Gitlab::Regex.jira_transition_id_regex, - message: ->(*_) { s_("JiraService|IDs must be a list of numbers that can be split with , or ;") } - }, - allow_blank: true + format: { + with: Gitlab::Regex.jira_transition_id_regex, + message: ->(*_) { s_("JiraService|IDs must be a list of numbers that can be split with , or ;") } + }, + allow_blank: true # Jira Cloud version is deprecating authentication via username and password. # We should use username/password for Jira Server and email/api_token for Jira Cloud, @@ -60,57 +60,57 @@ module Integrations self.field_storage = :data_fields field :url, - section: SECTION_TYPE_CONNECTION, - required: true, - title: -> { s_('JiraService|Web URL') }, - help: -> { s_('JiraService|Base URL of the Jira instance') }, - placeholder: 'https://jira.example.com', - exposes_secrets: true + section: SECTION_TYPE_CONNECTION, + required: true, + title: -> { s_('JiraService|Web URL') }, + help: -> { s_('JiraService|Base URL of the Jira instance') }, + placeholder: 'https://jira.example.com', + exposes_secrets: true field :api_url, - section: SECTION_TYPE_CONNECTION, - title: -> { s_('JiraService|Jira API URL') }, - help: -> { s_('JiraService|If different from the Web URL') }, - exposes_secrets: true + section: SECTION_TYPE_CONNECTION, + title: -> { s_('JiraService|Jira API URL') }, + help: -> { s_('JiraService|If different from the Web URL') }, + exposes_secrets: true field :jira_auth_type, - type: 'select', - required: true, - section: SECTION_TYPE_CONNECTION, - title: -> { s_('JiraService|Authentication type') }, - choices: -> { - [ - [s_('JiraService|Basic'), AUTH_TYPE_BASIC], - [s_('JiraService|Jira personal access token (Jira Data Center and Jira Server only)'), AUTH_TYPE_PAT] - ] - } + type: 'select', + required: true, + section: SECTION_TYPE_CONNECTION, + title: -> { s_('JiraService|Authentication type') }, + choices: -> { + [ + [s_('JiraService|Basic'), AUTH_TYPE_BASIC], + [s_('JiraService|Jira personal access token (Jira Data Center and Jira Server only)'), AUTH_TYPE_PAT] + ] + } field :username, - section: SECTION_TYPE_CONNECTION, - required: false, - title: -> { s_('JiraService|Email or username') }, - help: -> { s_('JiraService|Email for Jira Cloud or username for Jira Data Center and Jira Server') } + section: SECTION_TYPE_CONNECTION, + required: false, + title: -> { s_('JiraService|Email or username') }, + help: -> { s_('JiraService|Email for Jira Cloud or username for Jira Data Center and Jira Server') } field :password, - section: SECTION_TYPE_CONNECTION, - required: true, - title: -> { s_('JiraService|API token or password') }, - non_empty_password_title: -> { s_('JiraService|New API token or password') }, - non_empty_password_help: -> { s_('JiraService|Leave blank to use your current configuration') }, - help: -> { s_('JiraService|API token for Jira Cloud or password for Jira Data Center and Jira Server') }, - is_secret: true + section: SECTION_TYPE_CONNECTION, + required: true, + title: -> { s_('JiraService|API token or password') }, + non_empty_password_title: -> { s_('JiraService|New API token or password') }, + non_empty_password_help: -> { s_('JiraService|Leave blank to use your current configuration') }, + help: -> { s_('JiraService|API token for Jira Cloud or password for Jira Data Center and Jira Server') }, + is_secret: true field :jira_issue_regex, - section: SECTION_TYPE_CONFIGURATION, - required: false, - title: -> { s_('JiraService|Jira issue regex') }, - help: -> { s_('JiraService|Use regular expression to match Jira issue keys.') } + section: SECTION_TYPE_CONFIGURATION, + required: false, + title: -> { s_('JiraService|Jira issue regex') }, + help: -> { s_('JiraService|Use regular expression to match Jira issue keys.') } field :jira_issue_prefix, - section: SECTION_TYPE_CONFIGURATION, - required: false, - title: -> { s_('JiraService|Jira issue prefix') }, - help: -> { s_('JiraService|Use a prefix to match Jira issue keys.') } + section: SECTION_TYPE_CONFIGURATION, + required: false, + title: -> { s_('JiraService|Jira issue prefix') }, + help: -> { s_('JiraService|Use a prefix to match Jira issue keys.') } field :jira_issue_transition_id, api_only: true diff --git a/app/models/jira_connect_installation.rb b/app/models/jira_connect_installation.rb index f07f979a06d..9122f46d92c 100644 --- a/app/models/jira_connect_installation.rb +++ b/app/models/jira_connect_installation.rb @@ -4,9 +4,9 @@ class JiraConnectInstallation < ApplicationRecord include Gitlab::Routing attr_encrypted :shared_secret, - mode: :per_attribute_iv, - algorithm: 'aes-256-gcm', - key: Settings.attr_encrypted_db_key_base_32 + mode: :per_attribute_iv, + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_32 has_many :subscriptions, class_name: 'JiraConnectSubscription' diff --git a/app/services/spam/spam_verdict_service.rb b/app/services/spam/spam_verdict_service.rb index 1279adf327b..2ecd431fd91 100644 --- a/app/services/spam/spam_verdict_service.rb +++ b/app/services/spam/spam_verdict_service.rb @@ -68,7 +68,7 @@ module Spam begin result = spamcheck_client.spam?(spammable: target, user: user, context: context, extra_features: extra_features) - if result.evaluated? && Feature.enabled?(:user_spam_scores) + if result.evaluated? Abuse::TrustScore.create!(user: user, score: result.score, source: :spamcheck) end diff --git a/config/feature_flags/development/user_spam_scores.yml b/config/feature_flags/development/user_spam_scores.yml deleted file mode 100644 index 1d685a9fb16..00000000000 --- a/config/feature_flags/development/user_spam_scores.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -name: user_spam_scores -introduced_by_url: 'https://gitlab.com/gitlab-org/gitlab/-/merge_requests/118706' -rollout_issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/408753' -milestone: '16.0' -type: development -group: group::antiabuse -default_enabled: false diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index fa7c4972c91..8be1e1716ec 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -13,7 +13,8 @@ module Gitlab create_protected_branch: 'You are not allowed to create protected branches on this project.', invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.', non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.', - prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.' + prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.', + invalid_branch_name: 'You cannot create a branch with an invalid name.' }.freeze LOG_MESSAGES = { @@ -45,6 +46,10 @@ module Gitlab if branch_name =~ %r{\A\h{40}(/|\z)} raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name] end + + unless Gitlab::GitRefValidator.validate(branch_name) + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:invalid_branch_name] + end end def protected_branch_checks diff --git a/lib/gitlab/ci/parsers/security/common.rb b/lib/gitlab/ci/parsers/security/common.rb index 447136df81f..21408beb8cb 100644 --- a/lib/gitlab/ci/parsers/security/common.rb +++ b/lib/gitlab/ci/parsers/security/common.rb @@ -279,7 +279,6 @@ module Gitlab end def finding_name(data, identifiers, location) - return data['message'] if data['message'].present? return data['name'] if data['name'].present? identifier = identifiers.find(&:cve?) || identifiers.find(&:cwe?) || identifiers.first diff --git a/lib/gitlab/ci/reports/security/finding.rb b/lib/gitlab/ci/reports/security/finding.rb index bf48c7d0bb7..d439149158a 100644 --- a/lib/gitlab/ci/reports/security/finding.rb +++ b/lib/gitlab/ci/reports/security/finding.rb @@ -82,7 +82,6 @@ module Gitlab details signatures description - message cve solution ].index_with do |key| @@ -174,10 +173,6 @@ module Gitlab original_data['description'] end - def message - original_data['message'] - end - def solution original_data['solution'] end diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index b652aba1fff..d1c4cbbe591 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -1541,7 +1541,7 @@ RSpec.describe ProjectsController, feature_category: :projects do it 'returns 302' do post action, params: { namespace_id: project.namespace, id: project } - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end context 'when the project storage_size exceeds the application setting max_export_size' do @@ -1551,7 +1551,7 @@ RSpec.describe ProjectsController, feature_category: :projects do post action, params: { namespace_id: project.namespace, id: project } - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to include('The project size exceeds the export limit.') end end @@ -1563,7 +1563,7 @@ RSpec.describe ProjectsController, feature_category: :projects do post action, params: { namespace_id: project.namespace, id: project } - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to be_nil end end @@ -1574,7 +1574,7 @@ RSpec.describe ProjectsController, feature_category: :projects do post action, params: { namespace_id: project.namespace, id: project } - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to be_nil end end @@ -1617,7 +1617,7 @@ RSpec.describe ProjectsController, feature_category: :projects do get action, params: { namespace_id: project.namespace, id: project } expect(flash[:alert]).to include('file containing the export is not available yet') - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end end @@ -1696,7 +1696,7 @@ RSpec.describe ProjectsController, feature_category: :projects do it 'returns 302' do post action, params: { namespace_id: project.namespace, id: project } - expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end end diff --git a/spec/lib/gitlab/checks/branch_check_spec.rb b/spec/lib/gitlab/checks/branch_check_spec.rb index 7f535e86d69..7ce267c535f 100644 --- a/spec/lib/gitlab/checks/branch_check_spec.rb +++ b/spec/lib/gitlab/checks/branch_check_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Gitlab::Checks::BranchCheck do +RSpec.describe Gitlab::Checks::BranchCheck, feature_category: :source_code_management do include_context 'change access checks context' describe '#validate!' do @@ -46,6 +46,23 @@ RSpec.describe Gitlab::Checks::BranchCheck do expect { subject.validate! }.not_to raise_error end end + + context 'when branch name is invalid' do + let(:ref) { 'refs/heads/-wrong' } + + it 'prohibits branches with an invalid name' do + expect { subject.validate! }.to raise_error(Gitlab::GitAccess::ForbiddenError, 'You cannot create a branch with an invalid name.') + end + + context 'deleting an invalid branch' do + let(:ref) { 'refs/heads/-wrong' } + let(:newrev) { '0000000000000000000000000000000000000000' } + + it "doesn't prohibit the deletion of an invalid branch name" do + expect { subject.validate! }.not_to raise_error + end + end + end end context 'protected branches check' do diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb index 421aa29f860..dc16ddf4e0e 100644 --- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb @@ -183,55 +183,44 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common, feature_category: :vulnera describe 'parsing finding.name' do let(:artifact) { build(:ci_job_artifact, :common_security_report_with_blank_names) } - context 'when message is provided' do - it 'sets message from the report as a finding name' do - finding = report.findings.find { |x| x.compare_key == 'CVE-1020' } - expected_name = Gitlab::Json.parse(finding.raw_metadata)['message'] + context 'when name is provided' do + it 'sets name from the report as a name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-1030' } + expected_name = Gitlab::Json.parse(finding.raw_metadata)['name'] expect(finding.name).to eq(expected_name) end end - context 'when message is not provided' do - context 'and name is provided' do - it 'sets name from the report as a name' do - finding = report.findings.find { |x| x.compare_key == 'CVE-1030' } - expected_name = Gitlab::Json.parse(finding.raw_metadata)['name'] + context 'when name is not provided' do + context 'when location does not exist' do + let(:location) { nil } - expect(finding.name).to eq(expected_name) + it 'returns only identifier name' do + finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } + expect(finding.name).to eq("CVE-2017-11429") end end - context 'and name is not provided' do - context 'when location does not exist' do - let(:location) { nil } - - it 'returns only identifier name' do + context 'when location exists' do + context 'when CVE identifier exists' do + it 'combines identifier with location to create name' do finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } - expect(finding.name).to eq("CVE-2017-11429") + expect(finding.name).to eq("CVE-2017-11429 in yarn.lock") end end - context 'when location exists' do - context 'when CVE identifier exists' do - it 'combines identifier with location to create name' do - finding = report.findings.find { |x| x.compare_key == 'CVE-2017-11429' } - expect(finding.name).to eq("CVE-2017-11429 in yarn.lock") - end - end - - context 'when CWE identifier exists' do - it 'combines identifier with location to create name' do - finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' } - expect(finding.name).to eq("CWE-2017-11429 in yarn.lock") - end + context 'when CWE identifier exists' do + it 'combines identifier with location to create name' do + finding = report.findings.find { |x| x.compare_key == 'CWE-2017-11429' } + expect(finding.name).to eq("CWE-2017-11429 in yarn.lock") end + end - context 'when neither CVE nor CWE identifier exist' do - it 'combines identifier with location to create name' do - finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' } - expect(finding.name).to eq("other-2017-11429 in yarn.lock") - end + context 'when neither CVE nor CWE identifier exist' do + it 'combines identifier with location to create name' do + finding = report.findings.find { |x| x.compare_key == 'OTHER-2017-11429' } + expect(finding.name).to eq("other-2017-11429 in yarn.lock") end end end diff --git a/spec/services/spam/spam_verdict_service_spec.rb b/spec/services/spam/spam_verdict_service_spec.rb index 00e320ed56c..6b14cf33041 100644 --- a/spec/services/spam/spam_verdict_service_spec.rb +++ b/spec/services/spam/spam_verdict_service_spec.rb @@ -271,17 +271,6 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency expect(user.spam_score).to eq(0.0) end end - - context 'user spam score feature is disabled' do - before do - stub_feature_flags(user_spam_scores: false) - end - - it 'returns the verdict and does not update the spam score' do - expect(subject).to eq(ALLOW) - expect(user.spam_score).to eq(0.0) - end - end end context 'when recaptcha is enabled' do |