diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/ci/build/duration_parser.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/components/instance_path.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/ci/config/entry/job.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/jwt.rb | 3 | ||||
-rw-r--r-- | lib/gitlab/config/entry/legacy_validation_helpers.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/import_export/command_line_util.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/import_export/project/relation_factory.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/search/abuse_detection.rb | 32 | ||||
-rw-r--r-- | lib/gitlab/search/params.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/time_tracking_formatter.rb | 6 |
10 files changed, 49 insertions, 20 deletions
diff --git a/lib/gitlab/ci/build/duration_parser.rb b/lib/gitlab/ci/build/duration_parser.rb index 97049a4f876..9385dccd5f3 100644 --- a/lib/gitlab/ci/build/duration_parser.rb +++ b/lib/gitlab/ci/build/duration_parser.rb @@ -41,7 +41,7 @@ module Gitlab def parse return if never? - ChronicDuration.parse(value, use_complete_matcher: true) + ChronicDuration.parse(value) end def validation_cache diff --git a/lib/gitlab/ci/components/instance_path.rb b/lib/gitlab/ci/components/instance_path.rb index 17c784c4d54..648a4e06475 100644 --- a/lib/gitlab/ci/components/instance_path.rb +++ b/lib/gitlab/ci/components/instance_path.rb @@ -5,6 +5,7 @@ module Gitlab module Components class InstancePath include Gitlab::Utils::StrongMemoize + include ::Gitlab::LoopHelpers LATEST_VERSION_KEYWORD = '~latest' TEMPLATES_DIR = 'templates' @@ -60,9 +61,15 @@ module Gitlab # Given a path like "my-org/sub-group/the-project/path/to/component" # find the project "my-org/sub-group/the-project" by looking at all possible paths. def find_project_by_component_path(path) + return if path.start_with?('/') # exit early if path starts with `/` or it will loop forever. + possible_paths = [path] + index = nil + + loop_until(limit: 20) do + index = path.rindex('/') # find index of last `/` in a path + break unless index - while index = path.rindex('/') # find index of last `/` in a path possible_paths << (path = path[0..index - 1]) end diff --git a/lib/gitlab/ci/config/entry/job.rb b/lib/gitlab/ci/config/entry/job.rb index c40d665f320..bf8a99ef45e 100644 --- a/lib/gitlab/ci/config/entry/job.rb +++ b/lib/gitlab/ci/config/entry/job.rb @@ -177,7 +177,7 @@ module Gitlab def parsed_timeout return unless has_timeout? - ChronicDuration.parse(timeout.to_s, use_complete_matcher: true) + ChronicDuration.parse(timeout.to_s) end def ignored? diff --git a/lib/gitlab/ci/jwt.rb b/lib/gitlab/ci/jwt.rb index 4ba7b4cc6e1..3d63ec6dfb7 100644 --- a/lib/gitlab/ci/jwt.rb +++ b/lib/gitlab/ci/jwt.rb @@ -71,7 +71,8 @@ module Gitlab fields.merge!( environment: environment.name, environment_protected: environment_protected?.to_s, - deployment_tier: build.environment_tier + deployment_tier: build.environment_tier, + environment_action: build.environment_action ) end diff --git a/lib/gitlab/config/entry/legacy_validation_helpers.rb b/lib/gitlab/config/entry/legacy_validation_helpers.rb index ec67d65c526..1f70afbfb75 100644 --- a/lib/gitlab/config/entry/legacy_validation_helpers.rb +++ b/lib/gitlab/config/entry/legacy_validation_helpers.rb @@ -12,7 +12,7 @@ module Gitlab if parser && parser.respond_to?(:validate_duration) parser.validate_duration(value) else - ChronicDuration.parse(value, use_complete_matcher: true) + ChronicDuration.parse(value) end rescue ChronicDuration::DurationParseError false @@ -24,12 +24,7 @@ module Gitlab if parser && parser.respond_to?(:validate_duration_limit) parser.validate_duration_limit(value, limit) else - ChronicDuration.parse( - value, use_complete_matcher: true - ).second.from_now < - ChronicDuration.parse( - limit, use_complete_matcher: true - ).second.from_now + ChronicDuration.parse(value).second.from_now < ChronicDuration.parse(limit).second.from_now end rescue ChronicDuration::DurationParseError false diff --git a/lib/gitlab/import_export/command_line_util.rb b/lib/gitlab/import_export/command_line_util.rb index dfe0815f0a0..ea91b01afdb 100644 --- a/lib/gitlab/import_export/command_line_util.rb +++ b/lib/gitlab/import_export/command_line_util.rb @@ -141,7 +141,7 @@ module Gitlab raise HardLinkError, 'File shares hard link' if Gitlab::Utils::FileInfo.shares_hard_link?(filepath) - FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) + FileUtils.rm(filepath) if Gitlab::Utils::FileInfo.linked?(filepath) || File.pipe?(filepath) end true diff --git a/lib/gitlab/import_export/project/relation_factory.rb b/lib/gitlab/import_export/project/relation_factory.rb index 78d0735bbb5..7fb747fb5e3 100644 --- a/lib/gitlab/import_export/project/relation_factory.rb +++ b/lib/gitlab/import_export/project/relation_factory.rb @@ -81,6 +81,8 @@ module Gitlab private + attr_reader :relation_hash, :user + def invalid_relation? # Do not create relation if it is a legacy trigger legacy_trigger? diff --git a/lib/gitlab/search/abuse_detection.rb b/lib/gitlab/search/abuse_detection.rb index 1e4169f3fd7..1fd7c6cfe8d 100644 --- a/lib/gitlab/search/abuse_detection.rb +++ b/lib/gitlab/search/abuse_detection.rb @@ -6,6 +6,7 @@ module Gitlab include ActiveModel::Validations include AbuseValidators + MAX_PIPE_SYNTAX_FILTERS = 5 ABUSIVE_TERM_SIZE = 100 ALLOWED_CHARS_REGEX = %r{\A[[:alnum:]_\-\/\.!]+\z} @@ -57,10 +58,18 @@ module Gitlab validates :query_string, :repository_ref, :project_ref, no_abusive_coercion_from_string: true - attr_reader(*READABLE_PARAMS) + validate :no_abusive_pipes, if: :detect_abusive_pipes - def initialize(params) - READABLE_PARAMS.each { |p| instance_variable_set("@#{p}", params[p]) } + attr_reader(*READABLE_PARAMS) + attr_reader :raw_params, :detect_abusive_pipes + + def initialize(params, detect_abusive_pipes: true) + @raw_params = {} + READABLE_PARAMS.each do |p| + instance_variable_set("@#{p}", params[p]) + @raw_params[p] = params[p] + end + @detect_abusive_pipes = detect_abusive_pipes end private @@ -76,6 +85,23 @@ module Gitlab def stop_word_search? STOP_WORDS.include? query_string end + + def no_abusive_pipes + pipes = query_string.to_s.split('|') + errors.add(:query_string, 'too many pipe syntax filters') if pipes.length > MAX_PIPE_SYNTAX_FILTERS + + pipes.each do |q| + self.class.new(raw_params.merge(query_string: q), detect_abusive_pipes: false).tap do |p| + p.validate + + p.errors.messages_for(:query_string).each do |msg| + next if errors.added?(:query_string, msg) + + errors.add(:query_string, msg) + end + end + end + end end end end diff --git a/lib/gitlab/search/params.rb b/lib/gitlab/search/params.rb index 6eb24a92be6..a7896b7d80d 100644 --- a/lib/gitlab/search/params.rb +++ b/lib/gitlab/search/params.rb @@ -81,7 +81,7 @@ module Gitlab end def search_terms - @search_terms ||= query_string.split.select { |word| word.length >= MIN_TERM_LENGTH } + @search_terms ||= query_string.split end def not_too_many_terms diff --git a/lib/gitlab/time_tracking_formatter.rb b/lib/gitlab/time_tracking_formatter.rb index 26efb3b918d..647d7860ba3 100644 --- a/lib/gitlab/time_tracking_formatter.rb +++ b/lib/gitlab/time_tracking_formatter.rb @@ -17,10 +17,8 @@ module Gitlab begin ChronicDuration.parse( string, - CUSTOM_DAY_AND_MONTH_LENGTH.merge( - default_unit: 'hours', keep_zero: keep_zero, - use_complete_matcher: true - )) + CUSTOM_DAY_AND_MONTH_LENGTH.merge(default_unit: 'hours', keep_zero: keep_zero) + ) rescue StandardError nil end |