Add latest changes from gitlab-org/gitlab@master

7 files changed, 44 insertions, 30 deletions

diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb
index 24bfbfd93b8..50731d54fc0 100644
--- a/lib/gitlab/ci/components/instance_path.rb
+++ b/lib/gitlab/ci/components/instance_path.rb
@@ -5,6 +5,7 @@ module Gitlab
     module Components
       class InstancePath
         include Gitlab::Utils::StrongMemoize
+        include ::Gitlab::LoopHelpers
 
         LATEST_VERSION_KEYWORD = '~latest'
 
@@ -49,11 +50,18 @@ module Gitlab
         # Given a path like "my-org/sub-group/the-project/path/to/component"
         # find the project "my-org/sub-group/the-project" by looking at all possible paths.
         def find_project_by_component_path(path)
+          return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever.
+
           possible_paths = [path]
+          index = nil
+
+          loop_until(limit: 20) do
+            index = path.rindex('/') # find index of last `/` in a path
+            break unless index
 
-          while index = path.rindex('/') # find index of last `/` in a path
             possible_paths << (path = path[0..index - 1])
           end
+
           # remove shortest path as it is group
           possible_paths.pop
 
diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb
index 4ba7b4cc6e1..3d63ec6dfb7 100644
--- a/lib/gitlab/ci/jwt.rb
+++ b/lib/gitlab/ci/jwt.rb
@@ -71,7 +71,8 @@ module Gitlab
           fields.merge!(
             environment: environment.name,
             environment_protected: environment_protected?.to_s,
-            deployment_tier: build.environment_tier
+            deployment_tier: build.environment_tier,
+            environment_action: build.environment_action
           )
         end
 
diff --git a/lib/gitlab/import_export/command_line_util.rb b/lib/gitlab/import_export/command_line_util.rb
index b37ffcac8fd..523df1f9d5e 100644
--- a/lib/gitlab/import_export/command_line_util.rb
+++ b/lib/gitlab/import_export/command_line_util.rb
@@ -138,7 +138,7 @@ module Gitlab
 
           raise HardLinkError, 'File shares hard link' if Gitlab::Utils::FileInfo.shares_hard_link?(filepath)
 
-          FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath)
+          FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) || File.pipe?(filepath)
         end
 
         true
diff --git a/lib/gitlab/import_export/project/relation_factory.rb b/lib/gitlab/import_export/project/relation_factory.rb
index 943c997a056..8e34a6d73ba 100644
--- a/lib/gitlab/import_export/project/relation_factory.rb
+++ b/lib/gitlab/import_export/project/relation_factory.rb
@@ -81,6 +81,8 @@ module Gitlab
 
         private
 
+        attr_reader :relation_hash, :user
+
         def invalid_relation?
           # Do not create relation if it is a legacy trigger
           legacy_trigger?
diff --git a/lib/gitlab/jira/middleware.rb b/lib/gitlab/jira/middleware.rb
deleted file mode 100644
index 8a74729da49..00000000000
--- a/lib/gitlab/jira/middleware.rb
+++ /dev/null
@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module Gitlab
-  module Jira
-    class Middleware
-      def self.jira_dvcs_connector?(env)
-        env['HTTP_USER_AGENT']&.downcase&.start_with?('jira dvcs connector')
-      end
-
-      def initialize(app)
-        @app = app
-      end
-
-      def call(env)
-        if self.class.jira_dvcs_connector?(env)
-          env['HTTP_AUTHORIZATION'] = env['HTTP_AUTHORIZATION']&.sub('token', 'Bearer')
-        end
-
-        @app.call(env)
-      end
-    end
-  end
-end
diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb
index 1e4169f3fd7..1fd7c6cfe8d 100644
--- a/lib/gitlab/search/abuse_detection.rb
+++ b/lib/gitlab/search/abuse_detection.rb
@@ -6,6 +6,7 @@ module Gitlab
       include ActiveModel::Validations
       include AbuseValidators
 
+      MAX_PIPE_SYNTAX_FILTERS = 5
       ABUSIVE_TERM_SIZE = 100
       ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z}
 
@@ -57,10 +58,18 @@ module Gitlab
 
       validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true
 
-      attr_reader(*READABLE_PARAMS)
+      validate :no_abusive_pipes, if: :detect_abusive_pipes
 
-      def initialize(params)
-        READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) }
+      attr_reader(*READABLE_PARAMS)
+      attr_reader :raw_params, :detect_abusive_pipes
+
+      def initialize(params, detect_abusive_pipes: true)
+        @raw_params = {}
+        READABLE_PARAMS.each do |p|
+          instance_variable_set("@#{p}", params[p])
+          @raw_params[p] = params[p]
+        end
+        @detect_abusive_pipes = detect_abusive_pipes
       end
 
       private
@@ -76,6 +85,23 @@ module Gitlab
       def stop_word_search?
         STOP_WORDS.include? query_string
       end
+
+      def no_abusive_pipes
+        pipes = query_string.to_s.split('|')
+        errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS
+
+        pipes.each do |q|
+          self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p|
+            p.validate
+
+            p.errors.messages_for(:query_string).each do |msg|
+              next if errors.added?(:query_string, msg)
+
+              errors.add(:query_string, msg)
+            end
+          end
+        end
+      end
     end
   end
 end
diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb
index 6eb24a92be6..a7896b7d80d 100644
--- a/lib/gitlab/search/params.rb
+++ b/lib/gitlab/search/params.rb
@@ -81,7 +81,7 @@ module Gitlab
       end
 
       def search_terms
-        @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH }
+        @search_terms ||= query_string.split
       end
 
       def not_too_many_terms