diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-25 19:31:46 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-02-25 19:32:06 +0300 |
| commit | e92c90758eb4126acc84962d37bb273d6d87b27b (patch) | |
| tree | 6d5f4ca9731a6aa76b80372276c68ab39e0f4149 /app/assets | |
| parent | b485c8c3723dc5aaba15ab9fa258010d1ec66d61 (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-8-stable-ee
Diffstat (limited to 'app/assets')
| -rw-r--r-- | app/assets/javascripts/snippets/components/show.vue | 13 | ||||
| -rw-r--r-- | app/assets/javascripts/snippets/mixins/snippets.js | 1 |
2 files changed, 13 insertions, 1 deletions
diff --git a/app/assets/javascripts/snippets/components/show.vue b/app/assets/javascripts/snippets/components/show.vue index 35d88d5ec8e..ee8b00c1f5d 100644 --- a/app/assets/javascripts/snippets/components/show.vue +++ b/app/assets/javascripts/snippets/components/show.vue @@ -1,5 +1,5 @@ <script> -import { GlLoadingIcon } from '@gitlab/ui'; +import { GlAlert, GlLoadingIcon } from '@gitlab/ui'; import eventHub from '~/blob/components/eventhub'; import { SNIPPET_MARK_VIEW_APP_START, @@ -23,6 +23,7 @@ export default { EmbedDropdown, SnippetHeader, SnippetTitle, + GlAlert, GlLoadingIcon, SnippetBlob, CloneDropdownButton, @@ -35,6 +36,9 @@ export default { canBeCloned() { return Boolean(this.snippet.sshUrlToRepo || this.snippet.httpUrlToRepo); }, + hasUnretrievableBlobs() { + return this.snippet.hasUnretrievableBlobs; + }, }, beforeCreate() { performanceMarkAndMeasure({ mark: SNIPPET_MARK_VIEW_APP_START }); @@ -66,6 +70,13 @@ export default { data-qa-selector="clone_button" /> </div> + <gl-alert v-if="hasUnretrievableBlobs" variant="danger" class="gl-mb-3" :dismissible="false"> + {{ + __( + 'WARNING: This snippet contains hidden files which might be used to mask malicious behavior. Exercise caution if cloning and executing code from this snippet.', + ) + }} + </gl-alert> <snippet-blob v-for="blob in blobs" :key="blob.path" diff --git a/app/assets/javascripts/snippets/mixins/snippets.js b/app/assets/javascripts/snippets/mixins/snippets.js index b72befef56b..0b3cca4e53a 100644 --- a/app/assets/javascripts/snippets/mixins/snippets.js +++ b/app/assets/javascripts/snippets/mixins/snippets.js @@ -17,6 +17,7 @@ export const getSnippetMixin = { // Set `snippet.blobs` since some child components are coupled to this. if (!isEmpty(res)) { + res.hasUnretrievableBlobs = res.blobs?.hasUnretrievableBlobs || false; // It's possible for us to not get any blobs in a response. // In this case, we should default to current blobs. res.blobs = res.blobs ? res.blobs.nodes : blobsDefault; |