diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:11:19 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-06-28 15:11:42 +0300 |
| commit | f36b8d30e5026d0d4c76ca8103e53f241cf71d7c (patch) | |
| tree | 9a89500293f27b46acc47901bd7defdb96acf694 | |
| parent | 48c36378567b3dbadd780b03ecda571652cff400 (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-1-stable-ee
| -rw-r--r-- | app/controllers/projects/compare_controller.rb | 12 | ||||
| -rw-r--r-- | lib/gitlab/sidekiq_middleware/arguments_logger.rb | 3 | ||||
| -rw-r--r-- | spec/controllers/projects/compare_controller_spec.rb | 32 |
3 files changed, 41 insertions, 6 deletions
diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb index 266edd506d5..599bfd75e14 100644 --- a/app/controllers/projects/compare_controller.rb +++ b/app/controllers/projects/compare_controller.rb @@ -89,10 +89,14 @@ class Projects::CompareController < Projects::ApplicationController # target == start_ref == from def target_project strong_memoize(:target_project) do - next source_project.default_merge_request_target unless compare_params.key?(:from_project_id) - next source_project if compare_params[:from_project_id].to_i == source_project.id - - target_project = target_projects(source_project).find_by_id(compare_params[:from_project_id]) + target_project = + if !compare_params.key?(:from_project_id) + source_project.default_merge_request_target + elsif compare_params[:from_project_id].to_i == source_project.id + source_project + else + target_projects(source_project).find_by_id(compare_params[:from_project_id]) + end # Just ignore the field if it points at a non-existent or hidden project next source_project unless target_project && can?(current_user, :read_code, target_project) diff --git a/lib/gitlab/sidekiq_middleware/arguments_logger.rb b/lib/gitlab/sidekiq_middleware/arguments_logger.rb index 2c506786d83..a743663d66a 100644 --- a/lib/gitlab/sidekiq_middleware/arguments_logger.rb +++ b/lib/gitlab/sidekiq_middleware/arguments_logger.rb @@ -6,7 +6,8 @@ module Gitlab include Sidekiq::ServerMiddleware def call(worker, job, queue) - logger.info "arguments: #{Gitlab::Json.dump(job['args'])}" + loggable_args = Gitlab::ErrorTracking::Processor::SidekiqProcessor.loggable_arguments(job['args'], job['class']) + logger.info "arguments: #{Gitlab::Json.dump(loggable_args)}" yield end end diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index a49f8b51c12..7dc9bcd9677 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Projects::CompareController do +RSpec.describe Projects::CompareController, feature_category: :source_code_management do include ProjectForksHelper using RSpec::Parameterized::TableSyntax @@ -211,6 +211,36 @@ RSpec.describe Projects::CompareController do end end + context 'when the target project is the default source but hidden to the user' do + let(:project) { create(:project, :repository, :private) } + let(:from_ref) { 'improve%2Fmore-awesome' } + let(:to_ref) { 'feature' } + let(:whitespace) { nil } + + let(:request_params) do + { + namespace_id: project.namespace, + project_id: project, + from: from_ref, + to: to_ref, + w: whitespace, + page: page, + straight: straight + } + end + + it 'does not show the diff' do + allow(controller).to receive(:source_project).and_return(project) + expect(project).to receive(:default_merge_request_target).and_return(private_fork) + + show_request + + expect(response).to be_successful + expect(assigns(:diffs)).to be_empty + expect(assigns(:commits)).to be_empty + end + end + context 'when the source ref does not exist' do let(:from_project_id) { nil } let(:from_ref) { 'non-existent-source-ref' } |