Allow to use untrusted Regexp via feature flag

This brings support for untrusted regexp for 'only:refs:' when
enabled via feature flag: alllow_unsafe_ruby_regexp.

This is by default disabled, and should not be used in production

1 files changed, 15 insertions, 1 deletions

diff --git a/lib/gitlab/config/entry/validators.rb b/lib/gitlab/config/entry/validators.rb
index d0ee94370ba..746fe83f90f 100644
--- a/lib/gitlab/config/entry/validators.rb
+++ b/lib/gitlab/config/entry/validators.rb
@@ -129,6 +129,12 @@ module Gitlab
             end
           end
 
+          protected
+
+          def fallback
+            false
+          end
+
           private
 
           def matches_syntax?(value)
@@ -137,7 +143,7 @@ module Gitlab
 
           def validate_regexp(value)
             matches_syntax?(value) &&
-              Gitlab::UntrustedRegexp::RubySyntax.valid?(value)
+              Gitlab::UntrustedRegexp::RubySyntax.valid?(value, fallback: fallback)
           end
         end
 
@@ -162,6 +168,14 @@ module Gitlab
           end
         end
 
+        class ArrayOfStringsOrRegexpsWithFallbackValidator < ArrayOfStringsOrRegexpsValidator
+          protected
+
+          def fallback
+            true
+          end
+        end
+
         class ArrayOfStringsOrStringValidator < RegexpValidator
           def validate_each(record, attribute, value)
             unless validate_array_of_strings_or_string(value)