diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:36:41 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-07-31 17:37:06 +0300 |
commit | 8e13b6a8759a43bb8a90444139b4fbb4205a1b74 (patch) | |
tree | 7db3bb37340fbaec54819ff688ecaefc2d406c59 | |
parent | 1ebdda69d61ae26379f8fac27671103374031944 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | lib/banzai/filter/plantuml_filter.rb | 11 | ||||
-rw-r--r-- | lib/gitlab/asciidoc.rb | 11 | ||||
-rw-r--r-- | lib/gitlab/plantuml.rb | 20 | ||||
-rw-r--r-- | spec/lib/gitlab/plantuml_spec.rb | 59 |
5 files changed, 83 insertions, 20 deletions
diff --git a/config/application.rb b/config/application.rb index 1e2a6a69dc8..1b96e34bfcb 100644 --- a/config/application.rb +++ b/config/application.rb @@ -186,6 +186,7 @@ module Gitlab # - Any parameter containing `password` # - Any parameter containing `secret` # - Any parameter ending with `key` + # - Any parameter named `redirect`, filtered for security concerns of exposing sensitive information # - Two-factor tokens (:otp_attempt) # - Repo/Project Import URLs (:import_url) # - Build traces (:trace) @@ -228,6 +229,7 @@ module Gitlab variables content sharedSecret + redirect ) # This config option can be removed after Rails 7.1 by https://gitlab.com/gitlab-org/gitlab/-/issues/416270 diff --git a/lib/banzai/filter/plantuml_filter.rb b/lib/banzai/filter/plantuml_filter.rb index 2e5f1b29c52..7e6535b86fd 100644 --- a/lib/banzai/filter/plantuml_filter.rb +++ b/lib/banzai/filter/plantuml_filter.rb @@ -11,7 +11,7 @@ module Banzai def call return doc unless settings.plantuml_enabled? && doc.at_xpath(lang_tag) - plantuml_setup + Gitlab::Plantuml.configure doc.xpath(lang_tag).each do |node| img_tag = Nokogiri::HTML::DocumentFragment.parse( @@ -38,15 +38,6 @@ module Banzai def settings Gitlab::CurrentSettings.current_application_settings end - - def plantuml_setup - Asciidoctor::PlantUml.configure do |conf| - conf.url = settings.plantuml_url - conf.png_enable = settings.plantuml_enabled - conf.svg_enable = false - conf.txt_enable = false - end - end end end end diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb index 955cb14594f..31e8dcd84b7 100644 --- a/lib/gitlab/asciidoc.rb +++ b/lib/gitlab/asciidoc.rb @@ -78,20 +78,11 @@ module Gitlab context[:pipeline] = :ascii_doc context[:max_includes] = [MAX_INCLUDES, context[:max_includes]].compact.min - plantuml_setup + Gitlab::Plantuml.configure html = ::Asciidoctor.convert(input, asciidoc_opts) html = Banzai.render(html, context) html.html_safe end - - def self.plantuml_setup - Asciidoctor::PlantUml.configure do |conf| - conf.url = Gitlab::CurrentSettings.plantuml_url - conf.svg_enable = Gitlab::CurrentSettings.plantuml_enabled - conf.png_enable = Gitlab::CurrentSettings.plantuml_enabled - conf.txt_enable = false - end - end end end diff --git a/lib/gitlab/plantuml.rb b/lib/gitlab/plantuml.rb new file mode 100644 index 00000000000..9ec544452fd --- /dev/null +++ b/lib/gitlab/plantuml.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +require "asciidoctor_plantuml/plantuml" + +module Gitlab + module Plantuml + class << self + def configure + Asciidoctor::PlantUml.configure do |conf| + conf.url = Gitlab::CurrentSettings.plantuml_url + conf.png_enable = Gitlab::CurrentSettings.plantuml_enabled + conf.svg_enable = false + conf.txt_enable = false + + conf + end + end + end + end +end diff --git a/spec/lib/gitlab/plantuml_spec.rb b/spec/lib/gitlab/plantuml_spec.rb new file mode 100644 index 00000000000..c783dd66c48 --- /dev/null +++ b/spec/lib/gitlab/plantuml_spec.rb @@ -0,0 +1,59 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe Gitlab::Plantuml, feature_category: :shared do + describe ".configure" do + subject { described_class.configure } + + let(:plantuml_url) { "http://plantuml.foo.bar" } + + before do + allow(Gitlab::CurrentSettings).to receive(:plantuml_url).and_return(plantuml_url) + end + + context "when PlantUML is enabled" do + before do + allow(Gitlab::CurrentSettings).to receive(:plantuml_enabled).and_return(true) + end + + it "configures the endpoint URL" do + expect(subject.url).to eq(plantuml_url) + end + + it "enables PNG support" do + expect(subject.png_enable).to be_truthy + end + + it "disables SVG support" do + expect(subject.svg_enable).to be_falsey + end + + it "disables TXT support" do + expect(subject.txt_enable).to be_falsey + end + end + + context "when PlantUML is disabled" do + before do + allow(Gitlab::CurrentSettings).to receive(:plantuml_enabled).and_return(false) + end + + it "configures the endpoint URL" do + expect(subject.url).to eq(plantuml_url) + end + + it "enables PNG support" do + expect(subject.png_enable).to be_falsey + end + + it "disables SVG support" do + expect(subject.svg_enable).to be_falsey + end + + it "disables TXT support" do + expect(subject.txt_enable).to be_falsey + end + end + end +end |