diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:44:39 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-30 22:44:39 +0300 |
| commit | 6b43844c5d3496e30ecf05b01ee09c877ada5164 (patch) | |
| tree | b15387697c7fd4d226c356112a0a7d47ebde68f8 | |
| parent | 2be5e2c1605042dbe8974310b45174d855ded65d (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
33 files changed, 156 insertions, 428 deletions
@@ -183,7 +183,7 @@ gem 'typhoeus', '~> 1.4.0' # Used with Elasticsearch to support http keep-alive gem 'html-pipeline', '~> 2.14.3' gem 'deckar01-task_list', '2.3.2' gem 'gitlab-markup', '~> 1.9.0', require: 'github/markup' -gem 'commonmarker', '~> 0.23.10' +gem 'commonmarker', '~> 0.23.9' gem 'kramdown', '~> 2.3.1' gem 'RedCloth', '~> 4.3.2' gem 'rdoc', '~> 6.3.2' diff --git a/Gemfile.checksum b/Gemfile.checksum index 9d41d8915f7..b2c07e5a201 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -84,7 +84,7 @@ {"name":"coderay","version":"1.1.3","platform":"ruby","checksum":"dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b"}, {"name":"coercible","version":"1.0.0","platform":"ruby","checksum":"5081ad24352cc8435ce5472bc2faa30260c7ea7f2102cc6a9f167c4d9bffaadc"}, {"name":"colored2","version":"3.1.2","platform":"ruby","checksum":"b13c2bd7eeae2cf7356a62501d398e72fde78780bd26aec6a979578293c28b4a"}, -{"name":"commonmarker","version":"0.23.10","platform":"ruby","checksum":"fdd312ae2bb4071b2f3085d4d7533cb9f8d9057a2eaa0760228a65bc3ed565d1"}, +{"name":"commonmarker","version":"0.23.9","platform":"ruby","checksum":"2e739c85a6961531cb6f5ba5169f2c7f64471b7e700c64b048ec22a5b230811c"}, {"name":"concurrent-ruby","version":"1.2.2","platform":"ruby","checksum":"3879119b8b75e3b62616acc256c64a134d0b0a7a9a3fcba5a233025bcde22c4f"}, {"name":"connection_pool","version":"2.3.0","platform":"ruby","checksum":"677985be912f33c90f98f229aaa0c0ddb2ef8776f21929a36eeeb25251c944da"}, {"name":"cork","version":"0.3.0","platform":"ruby","checksum":"a0a0ac50e262f8514d1abe0a14e95e71c98b24e3378690e5d044daf0013ad4bc"}, diff --git a/Gemfile.lock b/Gemfile.lock index b056d21a752..3aaf6a45930 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -307,7 +307,7 @@ GEM coercible (1.0.0) descendants_tracker (~> 0.0.1) colored2 (3.1.2) - commonmarker (0.23.10) + commonmarker (0.23.9) concurrent-ruby (1.2.2) connection_pool (2.3.0) cork (0.3.0) @@ -1701,7 +1701,7 @@ DEPENDENCIES charlock_holmes (~> 0.7.7) circuitbox (= 2.0.0) cloud_profiler_agent (~> 0.0.0)! - commonmarker (~> 0.23.10) + commonmarker (~> 0.23.9) concurrent-ruby (~> 1.1) connection_pool (~> 2.0) countries (~> 4.0.0) diff --git a/app/controllers/groups/labels_controller.rb b/app/controllers/groups/labels_controller.rb index 61f9333bf95..2d821676677 100644 --- a/app/controllers/groups/labels_controller.rb +++ b/app/controllers/groups/labels_controller.rb @@ -4,8 +4,7 @@ class Groups::LabelsController < Groups::ApplicationController include ToggleSubscriptionAction before_action :label, only: [:edit, :update, :destroy] - before_action :authorize_group_for_admin_labels!, only: [:new, :create, :edit, :update, :destroy] - before_action :authorize_label_for_admin_label!, only: [:edit, :update, :destroy] + before_action :authorize_admin_labels!, only: [:new, :create, :edit, :update, :destroy] before_action :save_previous_label_path, only: [:edit] respond_to :html @@ -71,14 +70,10 @@ class Groups::LabelsController < Groups::ApplicationController protected - def authorize_group_for_admin_labels! + def authorize_admin_labels! return render_404 unless can?(current_user, :admin_label, @group) end - def authorize_label_for_admin_label! - return render_404 unless can?(current_user, :admin_label, @label) - end - def authorize_read_labels! return render_404 unless can?(current_user, :read_label, @group) end diff --git a/app/graphql/resolvers/group_issues_resolver.rb b/app/graphql/resolvers/group_issues_resolver.rb index 7bbc662c6c8..43f01395896 100644 --- a/app/graphql/resolvers/group_issues_resolver.rb +++ b/app/graphql/resolvers/group_issues_resolver.rb @@ -9,11 +9,6 @@ module Resolvers include GroupIssuableResolver - before_connection_authorization do |nodes, _| - projects = nodes.map(&:project) - ActiveRecord::Associations::Preloader.new(records: projects, associations: :namespace).call - end - def ready?(**args) if args.dig(:not, :release_tag).present? raise ::Gitlab::Graphql::Errors::ArgumentError, 'releaseTag filter is not allowed when parent is a group.' diff --git a/app/graphql/resolvers/issues_resolver.rb b/app/graphql/resolvers/issues_resolver.rb index 589366ba26d..17e3e159a5b 100644 --- a/app/graphql/resolvers/issues_resolver.rb +++ b/app/graphql/resolvers/issues_resolver.rb @@ -23,7 +23,6 @@ module Resolvers projects = nodes.map(&:project) ::Preloaders::UserMaxAccessLevelInProjectsPreloader.new(projects, current_user).execute ::Preloaders::GroupPolicyPreloader.new(projects.filter_map(&:group), current_user).execute - ActiveRecord::Associations::Preloader.new(records: projects, associations: :namespace).call end def ready?(**args) diff --git a/app/models/bulk_imports/entity.rb b/app/models/bulk_imports/entity.rb index 5ce27425ba5..94e4a8165eb 100644 --- a/app/models/bulk_imports/entity.rb +++ b/app/models/bulk_imports/entity.rb @@ -41,15 +41,19 @@ class BulkImports::Entity < ApplicationRecord validates :project, absence: true, if: :group validates :group, absence: true, if: :project validates :source_type, presence: true - validates :source_full_path, presence: true + validates :source_full_path, presence: true, format: { + with: Gitlab::Regex.bulk_import_source_full_path_regex, + message: Gitlab::Regex.bulk_import_source_full_path_regex_message + } + validates :destination_name, presence: true, if: -> { group || project } validates :destination_namespace, exclusion: [nil], if: :group validates :destination_namespace, presence: true, if: :project? validate :validate_parent_is_a_group, if: :parent validate :validate_imported_entity_type + validate :validate_destination_namespace_ascendency, if: :group_entity? - validate :validate_source_full_path_format enum source_type: { group_entity: 0, project_entity: 1 } @@ -217,15 +221,4 @@ class BulkImports::Entity < ApplicationRecord ) end end - - def validate_source_full_path_format - validator = group? ? NamespacePathValidator : ProjectPathValidator - - return if validator.valid_path?(source_full_path) - - errors.add( - :source_full_path, - Gitlab::Regex.bulk_import_source_full_path_regex_message - ) - end end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb index f4bba70e3cf..c70dc288710 100644 --- a/app/policies/project_policy.rb +++ b/app/policies/project_policy.rb @@ -561,7 +561,6 @@ class ProjectPolicy < BasePolicy enable :destroy_upload enable :admin_incident_management_timeline_event_tag enable :stop_environment - enable :read_import_error end rule { public_project & metrics_dashboard_allowed }.policy do diff --git a/app/services/error_tracking/list_projects_service.rb b/app/services/error_tracking/list_projects_service.rb index 1539e24df9d..35a8179d54d 100644 --- a/app/services/error_tracking/list_projects_service.rb +++ b/app/services/error_tracking/list_projects_service.rb @@ -20,20 +20,22 @@ module ErrorTracking def project_error_tracking_setting (super || project.build_error_tracking_setting).tap do |setting| + url_changed = !setting.api_url&.start_with?(params[:api_host]) + setting.api_url = ErrorTracking::ProjectErrorTrackingSetting.build_api_url_from( api_host: params[:api_host], organization_slug: 'org', project_slug: 'proj' ) - setting.token = token(setting) + setting.token = token(setting, url_changed) setting.enabled = true end end strong_memoize_attr :project_error_tracking_setting - def token(setting) - return if setting.api_url_changed? && masked_token? + def token(setting, url_changed) + return if url_changed && masked_token? # Use param token if not masked, otherwise use database token return params[:token] unless masked_token? diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index 77ab71057d2..499efd3f60d 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -684,9 +684,6 @@ If a site profile is linked to a security policy, a user cannot edit the profile [Scan execution policies](../policies/scan-execution-policies.md) for more information. -NOTE: -If a site profile's Target URL or Authenticated URL is updated, the request headers and password fields associated with that profile are cleared. - When a validated site profile's file, header, or meta tag is edited, the site's [validation status](#site-profile-validation) is revoked. diff --git a/lib/api/entities/project_import_status.rb b/lib/api/entities/project_import_status.rb index a7e7cd9ff73..59388aacafd 100644 --- a/lib/api/entities/project_import_status.rb +++ b/lib/api/entities/project_import_status.rb @@ -17,15 +17,8 @@ module API project.import_state&.relation_hard_failures(limit: 100) || [] end - expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, options| - next unless options[:current_user] - next unless project.import_state&.last_error - - if Ability.allowed?(options[:current_user], :read_import_error, project) - project.import_state&.last_error - else - _("Ask a maintainer to check the import status for more details.") - end + expose :import_error, documentation: { type: 'string', example: 'Error message' } do |project, _options| + project.import_state&.last_error end expose :stats, documentation: { type: 'object' } do |project, _options| diff --git a/lib/api/project_import.rb b/lib/api/project_import.rb index c28d0ae2def..6639b3ec346 100644 --- a/lib/api/project_import.rb +++ b/lib/api/project_import.rb @@ -111,7 +111,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) + present(response.payload, with: Entities::ProjectImportStatus) else render_api_error!(response.message, response.http_status) end @@ -134,7 +134,7 @@ module API end route_setting :skip_authentication, true get ':id/import' do - present user_project, with: Entities::ProjectImportStatus, current_user: current_user + present user_project, with: Entities::ProjectImportStatus end params do @@ -182,7 +182,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) + present(response.payload, with: Entities::ProjectImportStatus) else render_api_error!(response.message, response.http_status) end @@ -241,7 +241,7 @@ module API ).execute if response.success? - present(response.payload, with: Entities::ProjectImportStatus, current_user: current_user) + present(response.payload, with: Entities::ProjectImportStatus) else render_api_error!(response.message, response.http_status) end diff --git a/lib/api/validations/validators/bulk_imports.rb b/lib/api/validations/validators/bulk_imports.rb index 67dc084cc12..f8ad5ed6d14 100644 --- a/lib/api/validations/validators/bulk_imports.rb +++ b/lib/api/validations/validators/bulk_imports.rb @@ -32,7 +32,8 @@ module API class DestinationNamespacePath < Grape::Validations::Validators::Base def validate_param!(attr_name, params) return if params[attr_name].blank? - return if NamespacePathValidator.valid_path?(params[attr_name]) + + return if params[attr_name] =~ Gitlab::Regex.bulk_import_destination_namespace_path_regex raise Grape::Exceptions::Validation.new( params: [@scope.full_name(attr_name)], @@ -43,10 +44,7 @@ module API class SourceFullPath < Grape::Validations::Validators::Base def validate_param!(attr_name, params) - full_path = params[attr_name] - - return if params['source_type'] == 'group_entity' && NamespacePathValidator.valid_path?(full_path) - return if params['source_type'] == 'project_entity' && ProjectPathValidator.valid_path?(full_path) + return if params[attr_name] =~ Gitlab::Regex.bulk_import_source_full_path_regex raise Grape::Exceptions::Validation.new( params: [@scope.full_name(attr_name)], diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index a75ad77f94f..26ca9d2547c 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -259,6 +259,28 @@ module Gitlab end module BulkImports + def bulk_import_destination_namespace_path_regex + # This regexp validates the string conforms to rules for a destination_namespace path: + # i.e does not start with a non-alphanumeric character, + # contains only alphanumeric characters, forward slashes, periods, and underscores, + # does not end with a period or forward slash, and has a relative path structure + # with no http protocol chars or leading or trailing forward slashes + # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/destination/namespace/path' + # the regex also allows for an empty string ('') to be accepted as this is allowed in + # a bulk_import POST request + @bulk_import_destination_namespace_path_regex ||= %r/((\A\z)|(\A[0-9a-z]*(-_.)?[0-9a-z])(\/?[0-9a-z]*[-_.]?[0-9a-z])+\z)/i + end + + def bulk_import_source_full_path_regex + # This regexp validates the string conforms to rules for a source_full_path path: + # i.e does not start with a non-alphanumeric character except for periods or underscores, + # contains only alphanumeric characters, forward slashes, periods, and underscores, + # does not end with a period or forward slash, and has a relative path structure + # with no http protocol chars or leading or trailing forward slashes + # eg 'source/full/path' or 'destination_namespace' not 'https://example.com/source/full/path' + @bulk_import_source_full_path_regex ||= %r/\A([.]?)[^\W](\/?([-_.+]*)*[0-9a-z][-_]*)+\z/i + end + def bulk_import_source_full_path_regex_message bulk_import_destination_namespace_path_regex_message end diff --git a/locale/gitlab.pot b/locale/gitlab.pot index f9834b74482..eb0c61c1924 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -6300,9 +6300,6 @@ msgstr "" msgid "AsanaService|User Personal Access Token. User must have access to the task. All comments are attributed to this user." msgstr "" -msgid "Ask a maintainer to check the import status for more details." -msgstr "" - msgid "Ask again later" msgstr "" @@ -14218,9 +14215,6 @@ msgstr "" msgid "DastProfiles|Minimum = 1 second, Maximum = 3600 seconds" msgstr "" -msgid "DastProfiles|Modifying the URL will clear any previously entered values for the additional request headers and password fields." -msgstr "" - msgid "DastProfiles|Monitors all HTTP requests sent to the target to find potential vulnerabilities." msgstr "" diff --git a/spec/controllers/groups/labels_controller_spec.rb b/spec/controllers/groups/labels_controller_spec.rb index 3ade85eee9d..916b2cf10dd 100644 --- a/spec/controllers/groups/labels_controller_spec.rb +++ b/spec/controllers/groups/labels_controller_spec.rb @@ -5,7 +5,6 @@ require 'spec_helper' RSpec.describe Groups::LabelsController, feature_category: :team_planning do let_it_be(:group) { create(:group) } let_it_be(:user) { create(:user) } - let_it_be(:another_user) { create(:user) } let_it_be(:project) { create(:project, namespace: group) } before do @@ -67,46 +66,6 @@ RSpec.describe Groups::LabelsController, feature_category: :team_planning do end end - shared_examples 'when current_user does not have ability to modify the label' do - before do - sign_in(another_user) - end - - it 'responds with status 404' do - group_request - - expect(response).to have_gitlab_http_status(:not_found) - end - - # No matter what permissions you have in a sub-group, you need the proper - # permissions in the group in order to modify a group label - # See https://gitlab.com/gitlab-org/gitlab/-/issues/387531 - context 'when trying to edit a parent group label from inside a subgroup' do - it 'responds with status 404' do - sub_group.add_owner(another_user) - sub_group_request - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - - describe 'GET #edit' do - let_it_be(:label) { create(:group_label, group: group) } - - it 'shows the edit page' do - get :edit, params: { group_id: group.to_param, id: label.to_param } - - expect(response).to have_gitlab_http_status(:ok) - end - - it_behaves_like 'when current_user does not have ability to modify the label' do - let_it_be(:sub_group) { create(:group, parent: group) } - let(:group_request) { get :edit, params: { group_id: group.to_param, id: label.to_param } } - let(:sub_group_request) { get :edit, params: { group_id: sub_group.to_param, id: label.to_param } } - end - end - describe 'POST #toggle_subscription' do it 'allows user to toggle subscription on group labels' do label = create(:group_label, group: group) @@ -140,20 +99,19 @@ RSpec.describe Groups::LabelsController, feature_category: :team_planning do end end - it_behaves_like 'when current_user does not have ability to modify the label' do - let_it_be(:label) { create(:group_label, group: group) } - let_it_be(:sub_group) { create(:group, parent: group) } - let(:group_request) { delete :destroy, params: { group_id: group.to_param, id: label.to_param } } - let(:sub_group_request) { delete :destroy, params: { group_id: sub_group.to_param, id: label.to_param } } - end - end + context 'when current_user does not have ability to destroy the label' do + let(:another_user) { create(:user) } - describe 'PUT #update' do - it_behaves_like 'when current_user does not have ability to modify the label' do - let_it_be(:label) { create(:group_label, group: group) } - let_it_be(:sub_group) { create(:group, parent: group) } - let(:group_request) { put :update, params: { group_id: group.to_param, id: label.to_param, label: { title: 'Test' } } } - let(:sub_group_request) { put :update, params: { group_id: sub_group.to_param, id: label.to_param, label: { title: 'Test' } } } + before do + sign_in(another_user) + end + + it 'responds with status 404' do + label = create(:group_label, group: group) + delete :destroy, params: { group_id: group.to_param, id: label.to_param } + + expect(response).to have_gitlab_http_status(:not_found) + end end end end diff --git a/spec/factories/bulk_import/entities.rb b/spec/factories/bulk_import/entities.rb index 04407947f14..a662d42c7c9 100644 --- a/spec/factories/bulk_import/entities.rb +++ b/spec/factories/bulk_import/entities.rb @@ -18,7 +18,6 @@ FactoryBot.define do trait(:project_entity) do source_type { :project_entity } - sequence(:source_full_path) { |n| "root/source-path-#{n}" } end trait :created do diff --git a/spec/helpers/nav/new_dropdown_helper_spec.rb b/spec/helpers/nav/new_dropdown_helper_spec.rb index 6047a3ca957..5ae057dc97d 100644 --- a/spec/helpers/nav/new_dropdown_helper_spec.rb +++ b/spec/helpers/nav/new_dropdown_helper_spec.rb @@ -22,7 +22,6 @@ RSpec.describe Nav::NewDropdownHelper, feature_category: :navigation do allow(helper).to receive(:can?).and_return(false) allow(user).to receive(:can_create_project?) { with_can_create_project } allow(user).to receive(:can_create_group?) { with_can_create_group } - allow(user).to receive(:can?).and_call_original allow(user).to receive(:can?).with(:create_snippet) { with_can_create_snippet } end diff --git a/spec/lib/api/entities/project_import_status_spec.rb b/spec/lib/api/entities/project_import_status_spec.rb index 5d7f06dc78e..37a18718950 100644 --- a/spec/lib/api/entities/project_import_status_spec.rb +++ b/spec/lib/api/entities/project_import_status_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures, feature_category: :importers do +RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures do describe '#as_json' do subject { entity.as_json } @@ -67,36 +67,14 @@ RSpec.describe API::Entities::ProjectImportStatus, :aggregate_failures, feature_ context 'when import has failed' do let(:project) { create(:project, :import_failed, import_type: 'import_type', import_correlation_id: correlation_id, import_last_error: 'error') } - let(:current_user) { create(:user) } - let(:options) { { current_user: current_user } } - let(:entity) { described_class.new(project, options) } - - context 'when user has access to read import status' do - before do - project.add_maintainer(current_user) - end - - it 'includes basic fields with import error' do - expect(subject[:import_status]).to eq('failed') - expect(subject[:import_type]).to eq('import_type') - expect(subject[:correlation_id]).to eq(correlation_id) - expect(subject[:import_error]).to eq('error') - expect(subject[:failed_relations]).to eq([]) - end - end + let(:entity) { described_class.new(project) } - context 'when user does not have access to read import status' do - before do - project.add_reporter(current_user) - end - - it 'includes basic fields with import error' do - expect(subject[:import_status]).to eq('failed') - expect(subject[:import_type]).to eq('import_type') - expect(subject[:correlation_id]).to eq(correlation_id) - expect(subject[:import_error]).to eq('Ask a maintainer to check the import status for more details.') - expect(subject[:failed_relations]).to eq([]) - end + it 'includes basic fields with import error' do + expect(subject[:import_status]).to eq('failed') + expect(subject[:import_type]).to eq('import_type') + expect(subject[:correlation_id]).to eq(correlation_id) + expect(subject[:import_error]).to eq('error') + expect(subject[:failed_relations]).to eq([]) end end diff --git a/spec/lib/api/validations/validators/bulk_imports/destination_namespace_path_spec.rb b/spec/lib/api/validations/validators/bulk_imports/destination_namespace_path_spec.rb deleted file mode 100644 index 39432c724a0..00000000000 --- a/spec/lib/api/validations/validators/bulk_imports/destination_namespace_path_spec.rb +++ /dev/null @@ -1,43 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe API::Validations::Validators::BulkImports::DestinationNamespacePath, feature_category: :importers do - include ApiValidatorsHelpers - - subject do - described_class.new(['test'], {}, false, scope.new) - end - - context 'when destination namespace param is valid' do - it 'raises a validation error', :aggregate_failures do - expect_validation_error('test' => '?gitlab') - expect_validation_error('test' => "Users's something") - expect_validation_error('test' => '/source') - expect_validation_error('test' => 'http:') - expect_validation_error('test' => 'https:') - expect_validation_error('test' => 'example.com/?stuff=true') - expect_validation_error('test' => 'example.com:5000/?stuff=true') - expect_validation_error('test' => 'http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test') - expect_validation_error('test' => 'good_for_me!') - expect_validation_error('test' => 'good_for+you') - expect_validation_error('test' => 'source/') - expect_validation_error('test' => '.source/full./path') - end - end - - context 'when destination namespace param is invalid' do - it 'does not raise a validation error', :aggregate_failures do - expect_no_validation_error('') - expect_no_validation_error('test' => '') - expect_no_validation_error('test' => 'source') - expect_no_validation_error('test' => 'source/full') - expect_no_validation_error('test' => 'source/full/path') - expect_no_validation_error('test' => 'sou_rce/fu-ll/pa.th') - expect_no_validation_error('test' => 'domain_namespace') - expect_no_validation_error('test' => 'gitlab-migration-test') - expect_no_validation_error('test' => '1-project-path') - expect_no_validation_error('test' => 'e-project-path') - end - end -end diff --git a/spec/lib/api/validations/validators/bulk_imports/source_full_path_validator_spec.rb b/spec/lib/api/validations/validators/bulk_imports/source_full_path_validator_spec.rb deleted file mode 100644 index f0d2121b0d6..00000000000 --- a/spec/lib/api/validations/validators/bulk_imports/source_full_path_validator_spec.rb +++ /dev/null @@ -1,168 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe API::Validations::Validators::BulkImports::SourceFullPath, feature_category: :importers do - include ApiValidatorsHelpers - using RSpec::Parameterized::TableSyntax - - subject do - described_class.new(['test'], {}, false, scope.new) - end - - let(:source_type_params) { { 'source_type' => source_type } } - - context 'when source_type is group_entity' do - let(:source_type) { 'group_entity' } - - context 'when source_full_path param is invalid' do - where(:invalid_param) do - [ - '', - '?gitlab', - "Users's something", - '/source', - 'http:', - 'https:', - 'example.com/?stuff=true', - 'example.com:5000/?stuff=true', - 'http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test', - 'good_for_me!', - 'good_for+you', - 'source/', - '.source/full/path.' - ] - end - - with_them do - it 'raises a validation error' do - params = source_type_params.merge('test' => invalid_param) - - expect_validation_error(params) - end - end - end - - context 'when source_full_path param is valid' do - where(:valid_param) do - [ - 'source', - 'source/full', - 'source/full/path', - 'sou_rce/fu-ll/pa.th', - 'source/full/path---', - 'source/full/..path', - 'domain_namespace', - 'gitlab-migration-test', - '1-project-path', - 'e-project-path' - ] - end - - with_them do - it 'does not raise a validation error' do - params = source_type_params.merge('test' => valid_param) - - expect_no_validation_error(params) - end - end - end - end - - context 'when source_type is project_entity' do - let(:source_type) { 'project_entity' } - - context 'when source_full_path param is invalid' do - where(:invalid_param) do - [ - '', - '?gitlab', - "Users's something", - '/source', - 'http:', - 'https:', - 'example.com/?stuff=true', - 'example.com:5000/?stuff=true', - 'http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test', - 'good_for_me!', - 'good_for+you', - 'source/', - 'source', - '.source/full./path', - 'domain_namespace', - 'gitlab-migration-test', - '1-project-path', - 'e-project-path' - ] - end - - with_them do - it 'raises a validation error' do - params = source_type_params.merge('test' => invalid_param) - - expect_validation_error(params) - end - end - end - - context 'when source_full_path param is valid' do - where(:valid_param) do - [ - 'source/full', - 'source/full/path', - 'sou_rce/fu-ll/pa.th', - 'source/full/path---', - 'source/full/..path' - ] - end - - with_them do - it 'does not raise a validation error' do - params = source_type_params.merge('test' => valid_param) - - expect_no_validation_error(params) - end - end - end - end - - context 'when source_type is invalid' do - let(:source_type) { '' } - - context 'when source_full_path param is invalid' do - where(:invalid_param) do - [ - '', - '?gitlab', - "Users's something", - '/source', - 'http:', - 'https:', - 'example.com/?stuff=true', - 'example.com:5000/?stuff=true', - 'http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test', - 'good_for_me!', - 'good_for+you', - 'source/', - '.source/full./path', - 'source', - 'source/full', - 'source/full/path', - 'sou_rce/fu-ll/pa.th', - 'domain_namespace', - 'gitlab-migration-test', - '1-project-path', - 'e-project-path' - ] - end - - with_them do - it 'raises a validation error' do - params = source_type_params.merge('test' => invalid_param) - - expect_validation_error(params) - end - end - end - end -end diff --git a/spec/lib/bulk_imports/common/pipelines/lfs_objects_pipeline_spec.rb b/spec/lib/bulk_imports/common/pipelines/lfs_objects_pipeline_spec.rb index c91b031de30..50640e1e4ba 100644 --- a/spec/lib/bulk_imports/common/pipelines/lfs_objects_pipeline_spec.rb +++ b/spec/lib/bulk_imports/common/pipelines/lfs_objects_pipeline_spec.rb @@ -7,7 +7,7 @@ RSpec.describe BulkImports::Common::Pipelines::LfsObjectsPipeline, feature_categ let_it_be(:oid) { 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' } let(:tmpdir) { Dir.mktmpdir } - let(:entity) { create(:bulk_import_entity, :project_entity, project: portable, source_xid: nil) } + let(:entity) { create(:bulk_import_entity, :project_entity, project: portable, source_full_path: 'test', source_xid: nil) } let(:tracker) { create(:bulk_import_tracker, entity: entity) } let(:context) { BulkImports::Pipeline::Context.new(tracker) } let(:lfs_dir_path) { tmpdir } @@ -53,7 +53,7 @@ RSpec.describe BulkImports::Common::Pipelines::LfsObjectsPipeline, feature_categ .to receive(:new) .with( configuration: context.configuration, - relative_url: "/#{entity.pluralized_name}/#{CGI.escape(entity.source_full_path)}/export_relations/download?relation=lfs_objects", + relative_url: "/#{entity.pluralized_name}/test/export_relations/download?relation=lfs_objects", tmpdir: tmpdir, filename: 'lfs_objects.tar.gz') .and_return(download_service) diff --git a/spec/lib/bulk_imports/common/pipelines/uploads_pipeline_spec.rb b/spec/lib/bulk_imports/common/pipelines/uploads_pipeline_spec.rb index 675ae935c1c..09c8c7b92c2 100644 --- a/spec/lib/bulk_imports/common/pipelines/uploads_pipeline_spec.rb +++ b/spec/lib/bulk_imports/common/pipelines/uploads_pipeline_spec.rb @@ -79,7 +79,7 @@ RSpec.describe BulkImports::Common::Pipelines::UploadsPipeline, feature_category .to receive(:new) .with( configuration: context.configuration, - relative_url: "/#{entity.pluralized_name}/#{CGI.escape(entity.source_full_path)}/export_relations/download?relation=uploads", + relative_url: "/#{entity.pluralized_name}/test/export_relations/download?relation=uploads", tmpdir: tmpdir, filename: 'uploads.tar.gz') .and_return(download_service) @@ -178,14 +178,14 @@ RSpec.describe BulkImports::Common::Pipelines::UploadsPipeline, feature_category context 'when importing to group' do let(:portable) { group } - let(:entity) { create(:bulk_import_entity, :group_entity, group: group, source_xid: nil) } + let(:entity) { create(:bulk_import_entity, :group_entity, group: group, source_full_path: 'test', source_xid: nil) } include_examples 'uploads import' end context 'when importing to project' do let(:portable) { project } - let(:entity) { create(:bulk_import_entity, :project_entity, project: project, source_xid: nil) } + let(:entity) { create(:bulk_import_entity, :project_entity, project: project, source_full_path: 'test', source_xid: nil) } include_examples 'uploads import' end diff --git a/spec/lib/bulk_imports/projects/pipelines/design_bundle_pipeline_spec.rb b/spec/lib/bulk_imports/projects/pipelines/design_bundle_pipeline_spec.rb index e65339ffdd0..87efad92131 100644 --- a/spec/lib/bulk_imports/projects/pipelines/design_bundle_pipeline_spec.rb +++ b/spec/lib/bulk_imports/projects/pipelines/design_bundle_pipeline_spec.rb @@ -9,7 +9,7 @@ RSpec.describe BulkImports::Projects::Pipelines::DesignBundlePipeline, feature_c let(:tmpdir) { Dir.mktmpdir } let(:design_bundle_path) { File.join(tmpdir, 'design.bundle') } let(:entity) do - create(:bulk_import_entity, :project_entity, project: portable, source_xid: nil) + create(:bulk_import_entity, :project_entity, project: portable, source_full_path: 'test', source_xid: nil) end let(:tracker) { create(:bulk_import_tracker, entity: entity) } @@ -52,8 +52,7 @@ RSpec.describe BulkImports::Projects::Pipelines::DesignBundlePipeline, feature_c .to receive(:new) .with( configuration: context.configuration, - relative_url: "/#{entity.pluralized_name}/#{CGI.escape(entity.source_full_path)}" \ - '/export_relations/download?relation=design', + relative_url: "/#{entity.pluralized_name}/test/export_relations/download?relation=design", tmpdir: tmpdir, filename: 'design.tar.gz') .and_return(download_service) diff --git a/spec/lib/bulk_imports/projects/pipelines/repository_bundle_pipeline_spec.rb b/spec/lib/bulk_imports/projects/pipelines/repository_bundle_pipeline_spec.rb index 2865215823a..5aae8c959fa 100644 --- a/spec/lib/bulk_imports/projects/pipelines/repository_bundle_pipeline_spec.rb +++ b/spec/lib/bulk_imports/projects/pipelines/repository_bundle_pipeline_spec.rb @@ -9,7 +9,7 @@ RSpec.describe BulkImports::Projects::Pipelines::RepositoryBundlePipeline, featu let(:tmpdir) { Dir.mktmpdir } let(:bundle_path) { File.join(tmpdir, 'repository.bundle') } let(:entity) do - create(:bulk_import_entity, :project_entity, project: portable, source_xid: nil) + create(:bulk_import_entity, :project_entity, project: portable, source_full_path: 'test', source_xid: nil) end let(:tracker) { create(:bulk_import_tracker, entity: entity) } @@ -62,8 +62,7 @@ RSpec.describe BulkImports::Projects::Pipelines::RepositoryBundlePipeline, featu .to receive(:new) .with( configuration: context.configuration, - relative_url: "/#{entity.pluralized_name}/#{CGI.escape(entity.source_full_path)}" \ - '/export_relations/download?relation=repository', + relative_url: "/#{entity.pluralized_name}/test/export_relations/download?relation=repository", tmpdir: tmpdir, filename: 'repository.tar.gz') .and_return(download_service) diff --git a/spec/lib/gitlab/regex_spec.rb b/spec/lib/gitlab/regex_spec.rb index f85395fb491..5e58282ff92 100644 --- a/spec/lib/gitlab/regex_spec.rb +++ b/spec/lib/gitlab/regex_spec.rb @@ -86,6 +86,36 @@ RSpec.describe Gitlab::Regex, feature_category: :tooling do } end + describe '.bulk_import_destination_namespace_path_regex' do + subject { described_class.bulk_import_destination_namespace_path_regex } + + it { is_expected.not_to match('?gitlab') } + it { is_expected.not_to match("Users's something") } + it { is_expected.not_to match('/source') } + it { is_expected.not_to match('http:') } + it { is_expected.not_to match('https:') } + it { is_expected.not_to match('example.com/?stuff=true') } + it { is_expected.not_to match('example.com:5000/?stuff=true') } + it { is_expected.not_to match('http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test') } + it { is_expected.not_to match('_good_for_me!') } + it { is_expected.not_to match('good_for+you') } + it { is_expected.not_to match('source/') } + it { is_expected.not_to match('.source/full./path') } + it { is_expected.not_to match('.source/.full/.path') } + it { is_expected.not_to match('_source') } + it { is_expected.not_to match('.source') } + + it { is_expected.to match('source') } + it { is_expected.to match('source/full') } + it { is_expected.to match('source/full/path') } + it { is_expected.to match('sou_rce/fu-ll/pa.th') } + it { is_expected.to match('domain_namespace') } + it { is_expected.to match('gitlab-migration-test') } + it { is_expected.to match('1-project-path') } + it { is_expected.to match('e-project-path') } + it { is_expected.to match('') } # it is possible to pass an empty string for destination_namespace in bulk_import POST request + end + describe '.bulk_import_source_full_path_regex_message' do subject { described_class.bulk_import_source_full_path_regex_message } @@ -99,6 +129,44 @@ RSpec.describe Gitlab::Regex, feature_category: :tooling do } end + describe '.bulk_import_source_full_path_regex' do + subject { described_class.bulk_import_source_full_path_regex } + + it { is_expected.not_to match("Users's something") } + it { is_expected.not_to match('/source') } + it { is_expected.not_to match('http:') } + it { is_expected.not_to match('https:') } + it { is_expected.not_to match('example.com/?stuff=true') } + it { is_expected.not_to match('example.com:5000/?stuff=true') } + it { is_expected.not_to match('http://gitlab.example/gitlab-org/manage/import/gitlab-migration-test') } + it { is_expected.not_to match('source/') } + it { is_expected.not_to match('') } + it { is_expected.not_to match('.source/full./path') } + it { is_expected.not_to match('?gitlab') } + it { is_expected.not_to match('_good_for_me!') } + it { is_expected.not_to match('group/@*%_my_other-project-----') } + it { is_expected.not_to match('_foog-for-me!') } + it { is_expected.not_to match('.source/full/path.') } + + it { is_expected.to match('good_for+you') } + it { is_expected.to match('source') } + it { is_expected.to match('.source') } + it { is_expected.to match('_source') } + it { is_expected.to match('source/full') } + it { is_expected.to match('source/full/path') } + it { is_expected.to match('domain_namespace') } + it { is_expected.to match('gitlab-migration-test') } + it { is_expected.to match('source/full/path-') } + it { is_expected.to match('.source/full/path') } + it { is_expected.to match('.source/.full/.path') } + it { is_expected.to match('source/full/.path') } + it { is_expected.to match('source/full/..path') } + it { is_expected.to match('source/full/---1path') } + it { is_expected.to match('source/full/-___path') } + it { is_expected.to match('source/full/path---') } + it { is_expected.to match('group/__my_other-project-----') } + end + describe '.group_path_regex' do subject { described_class.group_path_regex } diff --git a/spec/lib/gitlab/usage/metrics/instrumentations/count_bulk_imports_entities_metric_spec.rb b/spec/lib/gitlab/usage/metrics/instrumentations/count_bulk_imports_entities_metric_spec.rb index 4bd9c64c05a..317929f77e6 100644 --- a/spec/lib/gitlab/usage/metrics/instrumentations/count_bulk_imports_entities_metric_spec.rb +++ b/spec/lib/gitlab/usage/metrics/instrumentations/count_bulk_imports_entities_metric_spec.rb @@ -5,17 +5,17 @@ require 'spec_helper' RSpec.describe Gitlab::Usage::Metrics::Instrumentations::CountBulkImportsEntitiesMetric, feature_category: :importers do let_it_be(:user) { create(:user) } let_it_be(:bulk_import_projects) do - create_list(:bulk_import_entity, 2, :project_entity, created_at: 3.weeks.ago, status: 2) - create(:bulk_import_entity, :project_entity, created_at: 3.weeks.ago, status: 0) + create_list(:bulk_import_entity, 2, source_type: 'project_entity', created_at: 3.weeks.ago, status: 2) + create(:bulk_import_entity, source_type: 'project_entity', created_at: 3.weeks.ago, status: 0) end let_it_be(:bulk_import_groups) do - create_list(:bulk_import_entity, 2, :group_entity, created_at: 3.weeks.ago, status: 2) - create(:bulk_import_entity, :group_entity, created_at: 3.weeks.ago, status: 0) + create_list(:bulk_import_entity, 2, source_type: 'group_entity', created_at: 3.weeks.ago, status: 2) + create(:bulk_import_entity, source_type: 'group_entity', created_at: 3.weeks.ago, status: 0) end let_it_be(:old_bulk_import_project) do - create(:bulk_import_entity, :project_entity, created_at: 2.months.ago, status: 2) + create(:bulk_import_entity, source_type: 'project_entity', created_at: 2.months.ago, status: 2) end context 'with no source_type' do diff --git a/spec/lib/gitlab/usage/metrics/instrumentations/count_imported_projects_total_metric_spec.rb b/spec/lib/gitlab/usage/metrics/instrumentations/count_imported_projects_total_metric_spec.rb index ae2b06c03ba..bfc4240def6 100644 --- a/spec/lib/gitlab/usage/metrics/instrumentations/count_imported_projects_total_metric_spec.rb +++ b/spec/lib/gitlab/usage/metrics/instrumentations/count_imported_projects_total_metric_spec.rb @@ -15,15 +15,15 @@ RSpec.describe Gitlab::Usage::Metrics::Instrumentations::CountImportedProjectsTo let_it_be(:old_import) { create(:project, import_type: 'gitea', creator_id: user.id, created_at: 2.months.ago) } let_it_be(:bulk_import_projects) do - create_list(:bulk_import_entity, 3, :project_entity, created_at: 3.weeks.ago) + create_list(:bulk_import_entity, 3, source_type: 'project_entity', created_at: 3.weeks.ago) end let_it_be(:bulk_import_groups) do - create_list(:bulk_import_entity, 3, :group_entity, created_at: 3.weeks.ago) + create_list(:bulk_import_entity, 3, source_type: 'group_entity', created_at: 3.weeks.ago) end let_it_be(:old_bulk_import_project) do - create(:bulk_import_entity, :project_entity, created_at: 2.months.ago) + create(:bulk_import_entity, source_type: 'project_entity', created_at: 2.months.ago) end before do diff --git a/spec/models/bulk_imports/entity_spec.rb b/spec/models/bulk_imports/entity_spec.rb index ade73ce54c1..c7ace3d2b78 100644 --- a/spec/models/bulk_imports/entity_spec.rb +++ b/spec/models/bulk_imports/entity_spec.rb @@ -24,20 +24,11 @@ RSpec.describe BulkImports::Entity, type: :model, feature_category: :importers d it { is_expected.to define_enum_for(:source_type).with_values(%i[group_entity project_entity]) } - context 'when source_type is group_entity' do - subject { build(:bulk_import_entity, :group_entity) } - + context 'when formatting with regexes' do it { is_expected.to allow_values('source', 'source/path', 'source/full/path').for(:source_full_path) } it { is_expected.not_to allow_values('/source', 'http://source/path', 'sou rce/full/path', '').for(:source_full_path) } end - context 'when source_type is project_entity' do - subject { build(:bulk_import_entity, :project_entity) } - - it { is_expected.to allow_values('source/path', 'source/full/path').for(:source_full_path) } - it { is_expected.not_to allow_values('/source', 'source', 'http://source/path', 'sou rce/full/path', '').for(:source_full_path) } - end - context 'when associated with a group and project' do it 'is invalid' do entity = build(:bulk_import_entity, group: build(:group), project: build(:project)) diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb index 210c1df5ca3..ee8d811971a 100644 --- a/spec/policies/project_policy_spec.rb +++ b/spec/policies/project_policy_spec.rb @@ -578,11 +578,6 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(maintainer, project)).to be_allowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(owner, project)).to be_allowed(:admin_incident_management_timeline_event_tag) end - - it 'allows to read import error' do - expect(described_class.new(maintainer, project)).to be_allowed(:read_import_error) - expect(described_class.new(owner, project)).to be_allowed(:read_import_error) - end end context 'when user is a developer/guest/reporter' do @@ -591,12 +586,6 @@ RSpec.describe ProjectPolicy, feature_category: :system_access do expect(described_class.new(guest, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) expect(described_class.new(reporter, project)).to be_disallowed(:admin_incident_management_timeline_event_tag) end - - it 'disallows reading the import error' do - expect(described_class.new(developer, project)).to be_disallowed(:read_import_error) - expect(described_class.new(guest, project)).to be_disallowed(:read_import_error) - expect(described_class.new(reporter, project)).to be_disallowed(:read_import_error) - end end context 'when user is not a member of the project' do diff --git a/spec/requests/api/bulk_imports_spec.rb b/spec/requests/api/bulk_imports_spec.rb index fdbfbf052d0..b159d4ad445 100644 --- a/spec/requests/api/bulk_imports_spec.rb +++ b/spec/requests/api/bulk_imports_spec.rb @@ -248,20 +248,6 @@ RSpec.describe API::BulkImports, feature_category: :importers do end end - context 'when the destination_namespace is invalid' do - it 'returns invalid error' do - params[:entities][0][:destination_namespace] = 'dest?nation-namespace' - - request - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['error']).to include('entities[0][destination_namespace] must have a relative path ' \ - 'structure with no HTTP protocol characters, or leading or ' \ - 'trailing forward slashes. Path segments must not start or end ' \ - 'with a special character, and must not contain consecutive ' \ - 'special characters.') - end - end - context 'when the destination_slug is invalid' do it 'returns invalid error when restricting special characters is disabled' do Feature.disable(:restrict_special_characters_in_namespace_path) diff --git a/spec/services/error_tracking/list_projects_service_spec.rb b/spec/services/error_tracking/list_projects_service_spec.rb index d91808edc8d..8408adcc21d 100644 --- a/spec/services/error_tracking/list_projects_service_spec.rb +++ b/spec/services/error_tracking/list_projects_service_spec.rb @@ -6,7 +6,7 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio let_it_be(:user) { create(:user) } let_it_be(:project, reload: true) { create(:project) } - let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/org/proj/' } + let(:sentry_url) { 'https://sentrytest.gitlab.com/api/0/projects/sentry-org/sentry-project' } let(:token) { 'test-token' } let(:new_api_host) { 'https://gitlab.com/' } let(:new_token) { 'new-token' } @@ -66,20 +66,6 @@ RSpec.describe ErrorTracking::ListProjectsService, feature_category: :integratio end end - context 'with the similar api host' do - let(:api_host) { 'https://sentrytest.gitlab.co' } - - it 'returns an error' do - expect(result[:message]).to start_with('Token is a required field') - expect(error_tracking_setting).not_to be_valid - expect(error_tracking_setting).not_to receive(:list_sentry_projects) - end - - it 'resets the token' do - expect { subject.execute }.to change { error_tracking_setting.token }.from(token).to(nil) - end - end - context 'with a new api host' do let(:api_host) { new_api_host } diff --git a/spec/support/shared_examples/features/search/redacted_search_results_shared_examples.rb b/spec/support/shared_examples/features/search/redacted_search_results_shared_examples.rb index f2052f4202d..cbd0ffbab21 100644 --- a/spec/support/shared_examples/features/search/redacted_search_results_shared_examples.rb +++ b/spec/support/shared_examples/features/search/redacted_search_results_shared_examples.rb @@ -254,7 +254,7 @@ RSpec.shared_examples 'a redacted search results' do end context 'with :with_api_entity_associations' do - it_behaves_like "redaction limits N+1 queries", limit: 15 + it_behaves_like "redaction limits N+1 queries", limit: 14 end end |