Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:05:41 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-12-03 13:05:41 +0300
commit: e12f099f39ef8fb81f9b91612f8b35aefba7347c (patch)
tree: 03f55fd572a093bd4d278a7baf683ea40451e07f /lib
parent: 01a6adb2b453b852a9348365c4e867d6a36ddeb1 (diff)
6 files changed, 19 insertions, 10 deletions
diff --git a/lib/api/lint.rb b/lib/api/lint.rb
index f1e19e9c3c5..3655cb56564 100644
--- a/lib/api/lint.rb
+++ b/lib/api/lint.rb
@@ -4,6 +4,16 @@ module API
   class Lint < ::API::Base
     feature_category :pipeline_authoring
 
+    helpers do
+      def can_lint_ci?
+        signup_unrestricted = Gitlab::CurrentSettings.signup_enabled? && !Gitlab::CurrentSettings.signup_limited?
+        internal_user = current_user.present? && !current_user.external?
+        is_developer = current_user.present? && current_user.projects.any? { |p| p.team.member?(current_user, Gitlab::Access::DEVELOPER) }
+
+        signup_unrestricted || internal_user || is_developer
+      end
+    end
+
     namespace :ci do
       desc 'Validation of .gitlab-ci.yml content'
       params do
@@ -12,7 +22,7 @@ module API
         optional :include_jobs, type: Boolean, desc: 'Whether or not to include CI jobs in the response'
       end
       post '/lint' do
-        unauthorized! if (Gitlab::CurrentSettings.signup_disabled? || Gitlab::CurrentSettings.signup_limited?) && current_user.nil?
+        unauthorized! unless can_lint_ci?
 
         result = Gitlab::Ci::Lint.new(project: nil, current_user: current_user)
           .validate(params[:content], dry_run: false)
diff --git a/lib/banzai/filter/front_matter_filter.rb b/lib/banzai/filter/front_matter_filter.rb
index d47900b816a..705400a5497 100644
--- a/lib/banzai/filter/front_matter_filter.rb
+++ b/lib/banzai/filter/front_matter_filter.rb
@@ -9,7 +9,7 @@ module Banzai
         html.sub(Gitlab::FrontMatter::PATTERN) do |_match|
           lang = $~[:lang].presence || lang_mapping[$~[:delim]]
 
-          ["```#{lang}:frontmatter", $~[:front_matter], "```", "\n"].join("\n")
+          ["```#{lang}:frontmatter", $~[:front_matter].strip!, "```", "\n"].join("\n")
         end
       end
     end
diff --git a/lib/gitlab/current_settings.rb b/lib/gitlab/current_settings.rb
index b9034cff447..2d2d8c41236 100644
--- a/lib/gitlab/current_settings.rb
+++ b/lib/gitlab/current_settings.rb
@@ -8,7 +8,7 @@ module Gitlab
       end
 
       def signup_limited?
-        domain_allowlist.present? || email_restrictions_enabled? || require_admin_approval_after_user_signup?
+        domain_allowlist.present? || email_restrictions_enabled? || require_admin_approval_after_user_signup? || user_default_external?
       end
 
       def current_application_settings
diff --git a/lib/gitlab/diff/lines_unfolder.rb b/lib/gitlab/diff/lines_unfolder.rb
index 6def3a074a3..04ed5857233 100644
--- a/lib/gitlab/diff/lines_unfolder.rb
+++ b/lib/gitlab/diff/lines_unfolder.rb
@@ -57,6 +57,7 @@ module Gitlab
           next false unless @position.unfoldable?
           next false if @diff_file.new_file? || @diff_file.deleted_file?
           next false unless @position.old_line
+          next false unless @position.old_line.is_a?(Integer)
           # Invalid position (MR import scenario)
           next false if @position.old_line > @blob.lines.size
           next false if @diff_file.diff_lines.empty?
diff --git a/lib/gitlab/front_matter.rb b/lib/gitlab/front_matter.rb
index 7612bd36aca..5c5c74ca1a0 100644
--- a/lib/gitlab/front_matter.rb
+++ b/lib/gitlab/front_matter.rb
@@ -11,13 +11,11 @@ module Gitlab
     DELIM = Regexp.union(DELIM_LANG.keys)
 
     PATTERN = %r{
-      \A(?:[^\r\n]*coding:[^\r\n]*)?         # optional encoding line
+      \A(?:[^\r\n]*coding:[^\r\n]*\R)?        # optional encoding line
       \s*
-      ^(?<delim>#{DELIM})[ \t]*(?<lang>\S*)  # opening front matter marker (optional language specifier)
-      \s*
-      ^(?<front_matter>.*?)                  # front matter block content (not greedy)
-      \s*
-      ^(\k<delim> | \.{3})                   # closing front matter marker
+      ^(?<delim>#{DELIM})[ \t]*(?<lang>\S*)\R # opening front matter marker (optional language specifier)
+      (?<front_matter>.*?)                    # front matter block content (not greedy)
+      ^(\k<delim> | \.{3})                    # closing front matter marker
       \s*
     }mx.freeze
   end
diff --git a/lib/gitlab/wiki_pages/front_matter_parser.rb b/lib/gitlab/wiki_pages/front_matter_parser.rb
index 45dc6cf7fd1..0ceec39782c 100644
--- a/lib/gitlab/wiki_pages/front_matter_parser.rb
+++ b/lib/gitlab/wiki_pages/front_matter_parser.rb
@@ -54,7 +54,7 @@ module Gitlab
 
         def initialize(delim = nil, lang = '', text = nil)
           @lang = lang.downcase.presence || Gitlab::FrontMatter::DELIM_LANG[delim]
-          @text = text
+          @text = text&.strip!
         end
 
         def data
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:05:41 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-12-03 13:05:41 +0300
commit	e12f099f39ef8fb81f9b91612f8b35aefba7347c (patch)
tree	03f55fd572a093bd4d278a7baf683ea40451e07f /lib
parent	01a6adb2b453b852a9348365c4e867d6a36ddeb1 (diff)