Add latest changes from gitlab-org/gitlab@master

3 files changed, 65 insertions, 1 deletions

diff --git a/lib/gitlab/background_migration/drop_invalid_security_findings.rb b/lib/gitlab/background_migration/drop_invalid_security_findings.rb
new file mode 100644
index 00000000000..87551bb1b1e
--- /dev/null
+++ b/lib/gitlab/background_migration/drop_invalid_security_findings.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+module Gitlab
+  module BackgroundMigration
+    # Drop rows from security_findings where the uuid is NULL
+    class DropInvalidSecurityFindings
+      # rubocop:disable Style/Documentation
+      class SecurityFinding < ActiveRecord::Base
+        include ::EachBatch
+        self.table_name = 'security_findings'
+        scope :no_uuid, -> { where(uuid: nil) }
+      end
+      # rubocop:enable Style/Documentation
+
+      PAUSE_SECONDS = 0.1
+
+      def perform(start_id, end_id, sub_batch_size)
+        ranged_query = SecurityFinding
+          .where(id: start_id..end_id)
+          .no_uuid
+
+        ranged_query.each_batch(of: sub_batch_size) do |sub_batch|
+          first, last = sub_batch.pluck(Arel.sql('min(id), max(id)')).first
+
+          # The query need to be reconstructed because .each_batch modifies the default scope
+          # See: https://gitlab.com/gitlab-org/gitlab/-/issues/330510
+          SecurityFinding.unscoped
+            .where(id: first..last)
+            .no_uuid
+            .delete_all
+
+          sleep PAUSE_SECONDS
+        end
+
+        mark_job_as_succeeded(start_id, end_id, sub_batch_size)
+      end
+
+      private
+
+      def mark_job_as_succeeded(*arguments)
+        Gitlab::Database::BackgroundMigrationJob.mark_all_as_succeeded(
+          self.class.name.demodulize,
+          arguments
+        )
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/background_migration/remove_vulnerability_finding_links.rb b/lib/gitlab/background_migration/remove_vulnerability_finding_links.rb
new file mode 100644
index 00000000000..31fb5e97c5d
--- /dev/null
+++ b/lib/gitlab/background_migration/remove_vulnerability_finding_links.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # Remove vulnerability finding link records
+    # The records will be repopulated from the `raw_metadata`
+    # column of `vulnerability_occurrences` once the unique
+    # index is in place.
+    class RemoveVulnerabilityFindingLinks
+      include Gitlab::Database::DynamicModelHelpers
+
+      def perform(start_id, stop_id)
+        define_batchable_model('vulnerability_finding_links').where(id: start_id..stop_id).delete_all
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/content_security_policy/directives.rb b/lib/gitlab/content_security_policy/directives.rb
index 30f3c16247d..3b958f8c92e 100644
--- a/lib/gitlab/content_security_policy/directives.rb
+++ b/lib/gitlab/content_security_policy/directives.rb
@@ -8,7 +8,7 @@ module Gitlab
   module ContentSecurityPolicy
     module Directives
       def self.frame_src
-        "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
+        "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com https://www.googletagmanager.com/ns.html"
       end
 
       def self.script_src