diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-28 15:11:31 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-10-28 15:11:31 +0300 |
| commit | 2ebd699ede8f213f6e8f21ba7d1d9904197b2984 (patch) | |
| tree | ea8a020f8bc1ffce42e95f76629c72c59e94a7be /config | |
| parent | 25788905108838d95a62d7e3ad3ca16e6f6d0fda (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/hashie_mash_permitted_patch.rb | 53 | ||||
| -rw-r--r-- | config/open_api.yml | 2 |
2 files changed, 55 insertions, 0 deletions
diff --git a/config/initializers/hashie_mash_permitted_patch.rb b/config/initializers/hashie_mash_permitted_patch.rb new file mode 100644 index 00000000000..b793a408c91 --- /dev/null +++ b/config/initializers/hashie_mash_permitted_patch.rb @@ -0,0 +1,53 @@ +# frozen_string_literal: true + +# Pulls logic from https://github.com/Maxim-Filimonov/hashie-forbidden_attributes so we could drop the dependency. +# This gem is simply `Hashie::Mash` monkey patch to allow mass assignment bypassing `:permitted?` check. +# +# Reasons: +# 1. The gem was last updated 5 years ago and does not have CI setup to test under the latest Ruby/Rails. +# 2. There is a significant chance this logic is not used at all. +# We didn't find any explicit places in the code where we mass-assign to `Hashie::Mash`. +# Experimental MR where we dropped the gem showed that no tests from the full suite failed: +# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/101535 +# 3. The logic is very simple. Even if we need it, keeping it in our codebase is better than pulling a dependency. +# This logic will be visible and it will be one less gem to install. +# +# Next steps: +# 1. Keep the patch for at least one milestone in our codebase. Log its usage. +# 2. After that, check if there were any related log events. +# 3. If no usages were tracked, we could drop the patch (delete this file). +# 4. Otherwise, audit where and why we need it, and add a comment to that place. +# +# See discussion https://gitlab.com/gitlab-org/gitlab/-/issues/378398#note_1143133426 + +require 'hashie/mash' + +module Hashie + class Mash + module MonkeyPatch + def respond_to_missing?(method_name, *args) + if method_name == :permitted? + Gitlab::AppLogger.info(message: 'Hashie::Mash#respond_to?(:permitted?)', + caller: Gitlab::BacktraceCleaner.clean_backtrace(caller)) + + return false + end + + super + end + + def method_missing(method_name, *args) + if method_name == :permitted? + Gitlab::AppLogger.info(message: 'Hashie::Mash#permitted?', + caller: Gitlab::BacktraceCleaner.clean_backtrace(caller)) + + raise ArgumentError + end + + super + end + end + + prepend MonkeyPatch + end +end diff --git a/config/open_api.yml b/config/open_api.yml index 82a972e39bd..d7a170f2a22 100644 --- a/config/open_api.yml +++ b/config/open_api.yml @@ -18,5 +18,7 @@ metadata: description: Operations related to metadata of the GitLab instance - name: access_requests description: Operations related to access requests + - name: merge_requests + description: Operations related to merge requests - name: deployments description: Operations related to deployments |