diff options
| author | Reuben Pereira <rpereira@gitlab.com> | 2019-01-07 20:55:21 +0300 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2019-01-07 20:55:21 +0300 |
| commit | f40b5860d76a8ea5d964260834a6e83516b0f1fd (patch) | |
| tree | 2a8e92896130697178f5c989e49fa686f66ce073 /lib | |
| parent | 549ee8ada3b59278871a89720632584bc5cc11df (diff) | |
Add table and model for error tracking settings
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/import_export/import_export.yml | 4 | ||||
| -rw-r--r-- | lib/gitlab/import_export/relation_factory.rb | 1 | ||||
| -rw-r--r-- | lib/gitlab/url_blocker.rb | 18 |
3 files changed, 21 insertions, 2 deletions
diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index a1a374cef4a..7987533978c 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -74,6 +74,7 @@ project_tree: - :prometheus_metrics - :project_badges - :ci_cd_settings + - :error_tracking_setting # Only include the following attributes for the models specified. included_attributes: @@ -162,6 +163,9 @@ excluded_attributes: - :token_encrypted services: - :template + error_tracking_setting: + - :encrypted_token + - :encrypted_token_iv methods: labels: diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb index bce12103cce..099b488f68e 100644 --- a/lib/gitlab/import_export/relation_factory.rb +++ b/lib/gitlab/import_export/relation_factory.rb @@ -24,6 +24,7 @@ module Gitlab project_badges: 'Badge', metrics: 'MergeRequest::Metrics', ci_cd_settings: 'ProjectCiCdSetting', + error_tracking_setting: 'ErrorTracking::ProjectErrorTrackingSetting', links: 'Releases::Link' }.freeze USER_REFERENCES = %w[author_id assignee_id updated_by_id merged_by_id latest_closed_by_id user_id created_by_id last_edited_by_id merge_user_id resolved_by_id closed_by_id].freeze diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index 44c71f8431d..9b7b0db9525 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -8,16 +8,18 @@ module Gitlab BlockedUrlError = Class.new(StandardError) class << self - def validate!(url, ports: [], protocols: [], allow_localhost: false, allow_local_network: true, ascii_only: false, enforce_user: false) + def validate!(url, ports: [], protocols: [], allow_localhost: false, allow_local_network: true, ascii_only: false, enforce_user: false, enforce_sanitization: false) return true if url.nil? # Param url can be a string, URI or Addressable::URI uri = parse_url(url) + validate_html_tags!(uri) if enforce_sanitization + # Allow imports from the GitLab instance itself but only from the configured ports return true if internal?(uri) - port = uri.port || uri.default_port + port = get_port(uri) validate_protocol!(uri.scheme, protocols) validate_port!(port, ports) if ports.any? validate_user!(uri.user) if enforce_user @@ -50,6 +52,18 @@ module Gitlab private + def get_port(uri) + uri.port || uri.default_port + end + + def validate_html_tags!(uri) + uri_str = uri.to_s + sanitized_uri = ActionController::Base.helpers.sanitize(uri_str, tags: []) + if sanitized_uri != uri_str + raise BlockedUrlError, 'HTML/CSS/JS tags are not allowed' + end + end + def parse_url(url) raise Addressable::URI::InvalidURIError if multiline?(url) |