diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-30 15:58:09 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-30 15:58:09 +0300 |
commit | 2e3dadb11d5038aa77313666740db4c25408154d (patch) | |
tree | a8faf3c291ccbcc280462141a7e8ea3c98bc54b9 /lib | |
parent | 9a3cabd337d7eb6620071e72f3d7a04905e595a5 (diff) |
Add latest changes from gitlab-org/security/gitlab@16-4-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/ci/build/duration_parser.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/components/instance_path.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/ci/config/entry/job.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/jwt.rb | 3 | ||||
-rw-r--r-- | lib/gitlab/config/entry/legacy_validation_helpers.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/import_export/command_line_util.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/search/abuse_detection.rb | 32 | ||||
-rw-r--r-- | lib/gitlab/search/params.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/time_tracking_formatter.rb | 6 |
9 files changed, 20 insertions, 47 deletions
diff --git a/lib/gitlab/ci/build/duration_parser.rb b/lib/gitlab/ci/build/duration_parser.rb index 9385dccd5f3..97049a4f876 100644 --- a/lib/gitlab/ci/build/duration_parser.rb +++ b/lib/gitlab/ci/build/duration_parser.rb @@ -41,7 +41,7 @@ module Gitlab def parse return if never? - ChronicDuration.parse(value) + ChronicDuration.parse(value, use_complete_matcher: true) end def validation_cache diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb index 648a4e06475..17c784c4d54 100644 --- a/lib/gitlab/ci/components/instance_path.rb +++ b/lib/gitlab/ci/components/instance_path.rb @@ -5,7 +5,6 @@ module Gitlab module Components class InstancePath include Gitlab::Utils::StrongMemoize - include ::Gitlab::LoopHelpers LATEST_VERSION_KEYWORD = '~latest' TEMPLATES_DIR = 'templates' @@ -61,15 +60,9 @@ module Gitlab # Given a path like "my-org/sub-group/the-project/path/to/component" # find the project "my-org/sub-group/the-project" by looking at all possible paths. def find_project_by_component_path(path) - return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever. - possible_paths = [path] - index = nil - - loop_until(limit: 20) do - index = path.rindex('/') # find index of last `/` in a path - break unless index + while index = path.rindex('/') # find index of last `/` in a path possible_paths << (path = path[0..index - 1]) end diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb index bf8a99ef45e..c40d665f320 100644 --- a/lib/gitlab/ci/config/entry/job.rb +++ b/lib/gitlab/ci/config/entry/job.rb @@ -177,7 +177,7 @@ module Gitlab def parsed_timeout return unless has_timeout? - ChronicDuration.parse(timeout.to_s) + ChronicDuration.parse(timeout.to_s, use_complete_matcher: true) end def ignored? diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb index 3d63ec6dfb7..4ba7b4cc6e1 100644 --- a/lib/gitlab/ci/jwt.rb +++ b/lib/gitlab/ci/jwt.rb @@ -71,8 +71,7 @@ module Gitlab fields.merge!( environment: environment.name, environment_protected: environment_protected?.to_s, - deployment_tier: build.environment_tier, - environment_action: build.environment_action + deployment_tier: build.environment_tier ) end diff --git a/lib/gitlab/config/entry/legacy_validation_helpers.rb b/lib/gitlab/config/entry/legacy_validation_helpers.rb index 1f70afbfb75..ec67d65c526 100644 --- a/lib/gitlab/config/entry/legacy_validation_helpers.rb +++ b/lib/gitlab/config/entry/legacy_validation_helpers.rb @@ -12,7 +12,7 @@ module Gitlab if parser && parser.respond_to?(:validate_duration) parser.validate_duration(value) else - ChronicDuration.parse(value) + ChronicDuration.parse(value, use_complete_matcher: true) end rescue ChronicDuration::DurationParseError false @@ -24,7 +24,12 @@ module Gitlab if parser && parser.respond_to?(:validate_duration_limit) parser.validate_duration_limit(value, limit) else - ChronicDuration.parse(value).second.from_now < ChronicDuration.parse(limit).second.from_now + ChronicDuration.parse( + value, use_complete_matcher: true + ).second.from_now < + ChronicDuration.parse( + limit, use_complete_matcher: true + ).second.from_now end rescue ChronicDuration::DurationParseError false diff --git a/lib/gitlab/import_export/command_line_util.rb b/lib/gitlab/import_export/command_line_util.rb index ea91b01afdb..dfe0815f0a0 100644 --- a/lib/gitlab/import_export/command_line_util.rb +++ b/lib/gitlab/import_export/command_line_util.rb @@ -141,7 +141,7 @@ module Gitlab raise HardLinkError, 'File shares hard link' if Gitlab::Utils::FileInfo.shares_hard_link?(filepath) - FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) || File.pipe?(filepath) + FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) end true diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb index 1fd7c6cfe8d..1e4169f3fd7 100644 --- a/lib/gitlab/search/abuse_detection.rb +++ b/lib/gitlab/search/abuse_detection.rb @@ -6,7 +6,6 @@ module Gitlab include ActiveModel::Validations include AbuseValidators - MAX_PIPE_SYNTAX_FILTERS = 5 ABUSIVE_TERM_SIZE = 100 ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z} @@ -58,18 +57,10 @@ module Gitlab validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true - validate :no_abusive_pipes, if: :detect_abusive_pipes - attr_reader(*READABLE_PARAMS) - attr_reader :raw_params, :detect_abusive_pipes - - def initialize(params, detect_abusive_pipes: true) - @raw_params = {} - READABLE_PARAMS.each do |p| - instance_variable_set("@#{p}", params[p]) - @raw_params[p] = params[p] - end - @detect_abusive_pipes = detect_abusive_pipes + + def initialize(params) + READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) } end private @@ -85,23 +76,6 @@ module Gitlab def stop_word_search? STOP_WORDS.include? query_string end - - def no_abusive_pipes - pipes = query_string.to_s.split('|') - errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS - - pipes.each do |q| - self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p| - p.validate - - p.errors.messages_for(:query_string).each do |msg| - next if errors.added?(:query_string, msg) - - errors.add(:query_string, msg) - end - end - end - end end end end diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb index a7896b7d80d..6eb24a92be6 100644 --- a/lib/gitlab/search/params.rb +++ b/lib/gitlab/search/params.rb @@ -81,7 +81,7 @@ module Gitlab end def search_terms - @search_terms ||= query_string.split + @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH } end def not_too_many_terms diff --git a/lib/gitlab/time_tracking_formatter.rb b/lib/gitlab/time_tracking_formatter.rb index 647d7860ba3..26efb3b918d 100644 --- a/lib/gitlab/time_tracking_formatter.rb +++ b/lib/gitlab/time_tracking_formatter.rb @@ -17,8 +17,10 @@ module Gitlab begin ChronicDuration.parse( string, - CUSTOM_DAY_AND_MONTH_LENGTH.merge(default_unit: 'hours', keep_zero: keep_zero) - ) + CUSTOM_DAY_AND_MONTH_LENGTH.merge( + default_unit: 'hours', keep_zero: keep_zero, + use_complete_matcher: true + )) rescue StandardError nil end |