diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 07:50:46 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-11-30 07:50:46 +0300 |
| commit | e6572d41b847c839ce49bc022a8cd1b99216798b (patch) | |
| tree | 419eeffb09aafcd9d5a82e43c823b8cfbf88963e /app/models | |
| parent | 1f6654659564013b8aa4f3572158cb63d3a519c1 (diff) | |
Add latest changes from gitlab-org/security/gitlab@15-6-stable-ee
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/hooks/web_hook.rb | 6 | ||||
| -rw-r--r-- | app/models/hooks/web_hook_log.rb | 7 | ||||
| -rw-r--r-- | app/models/integrations/jira.rb | 5 | ||||
| -rw-r--r-- | app/models/repository.rb | 8 |
4 files changed, 21 insertions, 5 deletions
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 05e50c17988..946cdda2e75 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -39,6 +39,8 @@ class WebHook < ApplicationRecord validates :token, format: { without: /\n/ } after_initialize :initialize_url_variables + + before_validation :reset_token before_validation :set_branch_filter_nil, \ if: -> { branch_filter_strategy_all_branches? && enhanced_webhook_support_regex? } validates :push_events_branch_filter, \ @@ -218,6 +220,10 @@ class WebHook < ApplicationRecord private + def reset_token + self.token = nil if url_changed? && !encrypted_token_changed? + end + def next_failure_count recent_failures.succ.clamp(1, MAX_FAILURES) end diff --git a/app/models/hooks/web_hook_log.rb b/app/models/hooks/web_hook_log.rb index 2b26147b494..9de6f2a1b57 100644 --- a/app/models/hooks/web_hook_log.rb +++ b/app/models/hooks/web_hook_log.rb @@ -48,6 +48,13 @@ class WebHookLog < ApplicationRecord request_data == OVERSIZE_REQUEST_DATA end + def request_headers + super unless web_hook.token? + super if self[:request_headers]['X-Gitlab-Token'] == _('[REDACTED]') + + self[:request_headers].merge('X-Gitlab-Token' => _('[REDACTED]')) + end + private def obfuscate_basic_auth diff --git a/app/models/integrations/jira.rb b/app/models/integrations/jira.rb index 30497c0110e..65492bfd9c2 100644 --- a/app/models/integrations/jira.rb +++ b/app/models/integrations/jira.rb @@ -97,7 +97,10 @@ module Integrations def self.valid_jira_cloud_url?(url) return false unless url.present? - !!URI(url).hostname&.end_with?(JIRA_CLOUD_HOST) + uri = URI.parse(url) + uri.is_a?(URI::HTTPS) && !!uri.hostname&.end_with?(JIRA_CLOUD_HOST) + rescue URI::InvalidURIError + false end def data_fields diff --git a/app/models/repository.rb b/app/models/repository.rb index 95d1b815e74..90e87de4a5b 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -984,12 +984,12 @@ class Repository end end - def clone_as_mirror(url, http_authorization_header: "") - import_repository(url, http_authorization_header: http_authorization_header, mirror: true) + def clone_as_mirror(url, http_authorization_header: "", resolved_address: "") + import_repository(url, http_authorization_header: http_authorization_header, mirror: true, resolved_address: resolved_address) end - def fetch_as_mirror(url, forced: false, refmap: :all_refs, prune: true, http_authorization_header: "") - fetch_remote(url, refmap: refmap, forced: forced, prune: prune, http_authorization_header: http_authorization_header) + def fetch_as_mirror(url, forced: false, refmap: :all_refs, prune: true, http_authorization_header: "", resolved_address: "") + fetch_remote(url, refmap: refmap, forced: forced, prune: prune, http_authorization_header: http_authorization_header, resolved_address: resolved_address) end def fetch_source_branch!(source_repository, source_branch, local_ref) |