diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-29 19:24:13 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-29 19:24:13 +0300 |
| commit | 925780caf1f669002af72d5a6be6a3a6551308cc (patch) | |
| tree | be5cc8aa2e44cac0710d8a839a172fd3d0f70685 /lib/gitlab | |
| parent | 693d15dcb2f33c01a442784c13933da3d1b8d52e (diff) | |
Add latest changes from gitlab-org/security/gitlab@16-6-stable-ee
Diffstat (limited to 'lib/gitlab')
| -rw-r--r-- | lib/gitlab/checks/branch_check.rb | 4 | ||||
| -rw-r--r-- | lib/gitlab/regex.rb | 4 |
2 files changed, 3 insertions, 5 deletions
diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index b675eca826a..3bedc483e75 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -13,7 +13,7 @@ module Gitlab create_protected_branch: 'You are not allowed to create protected branches on this project.', invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.', non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.', - prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.', + prohibited_hex_branch_name: 'You cannot create a branch with a SHA-1 or SHA-256 branch name.', invalid_branch_name: 'You cannot create a branch with an invalid name.' }.freeze @@ -43,7 +43,7 @@ module Gitlab def prohibited_branch_checks return if deletion? - if %r{\A#{Gitlab::Git::Commit::RAW_FULL_SHA_PATTERN}(-/|/|\z)}o.match?(branch_name) + if %r{\A#{Gitlab::Git::Commit::RAW_FULL_SHA_PATTERN}}o.match?(branch_name) raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name] end diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb index 6ac37986d5c..2de0a8d7b41 100644 --- a/lib/gitlab/regex.rb +++ b/lib/gitlab/regex.rb @@ -241,10 +241,8 @@ module Gitlab # Based on Jira's project key format # https://confluence.atlassian.com/adminjiraserver073/changing-the-project-key-format-861253229.html - # Avoids linking CVE IDs (https://cve.mitre.org/cve/identifiers/syntaxchange.html#new) as Jira issues. - # CVE IDs use the format of CVE-YYYY-NNNNNNN def jira_issue_key_regex(expression_escape: '\b') - /#{expression_escape}(?!CVE-\d+-\d+)[A-Z][A-Z_0-9]+-\d+/ + /#{expression_escape}([A-Z][A-Z_0-9]+-\d+)/ end def jira_issue_key_project_key_extraction_regex |