diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:52:24 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-29 15:52:24 +0300 |
| commit | b56d907a1d9065c3df354007fa00daf30626a478 (patch) | |
| tree | 0868c35228207eece8e012bdc47a8829556d7758 /lib/gitlab | |
| parent | aee004311cd93409176ea4f6e2bdcd0601487e4b (diff) | |
Add latest changes from gitlab-org/security/gitlab@14-3-stable-ee
Diffstat (limited to 'lib/gitlab')
| -rw-r--r-- | lib/gitlab/fogbugz_import.rb | 11 | ||||
| -rw-r--r-- | lib/gitlab/fogbugz_import/client.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/fogbugz_import/http_adapter.rb | 21 | ||||
| -rw-r--r-- | lib/gitlab/string_regex_marker.rb | 10 |
4 files changed, 38 insertions, 6 deletions
diff --git a/lib/gitlab/fogbugz_import.rb b/lib/gitlab/fogbugz_import.rb new file mode 100644 index 00000000000..a4a52edd83e --- /dev/null +++ b/lib/gitlab/fogbugz_import.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +require 'fogbugz' + +module Gitlab + module FogbugzImport + # Custom adapter to validate the URL before each request + # This way we avoid DNS rebinds or other unsafe requests + ::Fogbugz.adapter[:http] = HttpAdapter + end +end diff --git a/lib/gitlab/fogbugz_import/client.rb b/lib/gitlab/fogbugz_import/client.rb index dd747a79673..024c1ae0439 100644 --- a/lib/gitlab/fogbugz_import/client.rb +++ b/lib/gitlab/fogbugz_import/client.rb @@ -1,7 +1,5 @@ # frozen_string_literal: true -require 'fogbugz' - module Gitlab module FogbugzImport class Client diff --git a/lib/gitlab/fogbugz_import/http_adapter.rb b/lib/gitlab/fogbugz_import/http_adapter.rb new file mode 100644 index 00000000000..bfae7a10f5b --- /dev/null +++ b/lib/gitlab/fogbugz_import/http_adapter.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +module Gitlab + module FogbugzImport + class HttpAdapter + def initialize(options = {}) + @root_url = options[:uri] + end + + def request(action, options = {}) + uri = Gitlab::Utils.append_path(@root_url, 'api.asp') + + params = { 'cmd' => action }.merge(options.fetch(:params, {})) + + response = Gitlab::HTTP.post(uri, body: params) + + response.body + end + end + end +end diff --git a/lib/gitlab/string_regex_marker.rb b/lib/gitlab/string_regex_marker.rb index f1982ff914c..8e0167a433e 100644 --- a/lib/gitlab/string_regex_marker.rb +++ b/lib/gitlab/string_regex_marker.rb @@ -2,18 +2,20 @@ module Gitlab class StringRegexMarker < StringRangeMarker - # rubocop: disable CodeReuse/ActiveRecord def mark(regex, group: 0, &block) ranges = [] + offset = 0 - raw_line.scan(regex) do - begin_index, end_index = Regexp.last_match.offset(group) + while match = regex.match(raw_line[offset..]) + begin_index = match.begin(group) + offset + end_index = match.end(group) + offset ranges << (begin_index..(end_index - 1)) + + offset = end_index end super(ranges, &block) end - # rubocop: enable CodeReuse/ActiveRecord end end |