15 files changed, 299 insertions, 141 deletions

diff --git a/spec/lib/banzai/filter/relative_link_filter_spec.rb b/spec/lib/banzai/filter/relative_link_filter_spec.rb
index 8ff971114d6..a714fa50f5f 100644
--- a/spec/lib/banzai/filter/relative_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/relative_link_filter_spec.rb
@@ -83,6 +83,11 @@ describe Banzai::Filter::RelativeLinkFilter do
     expect { filter(act) }.not_to raise_error
   end
 
+  it 'does not explode with an escaped null byte' do
+    act = link("/%00")
+    expect { filter(act) }.not_to raise_error
+  end
+
   it 'does not raise an exception with a space in the path' do
     act = link("/uploads/d18213acd3732630991986120e167e3d/Landscape_8.jpg  \nBut here's some more unexpected text :smile:)")
     expect { filter(act) }.not_to raise_error
diff --git a/spec/lib/feature_spec.rb b/spec/lib/feature_spec.rb
index 6f05914f915..403e0785d1b 100644
--- a/spec/lib/feature_spec.rb
+++ b/spec/lib/feature_spec.rb
@@ -40,7 +40,7 @@ describe Feature do
         .once
         .and_call_original
 
-      expect(Rails.cache)
+      expect(Gitlab::ThreadMemoryCache.cache_backend)
         .to receive(:fetch)
         .once
         .with('flipper:persisted_names', expires_in: 1.minute)
diff --git a/spec/lib/gitlab/asciidoc_spec.rb b/spec/lib/gitlab/asciidoc_spec.rb
index 0f933ac5464..8f2434acd26 100644
--- a/spec/lib/gitlab/asciidoc_spec.rb
+++ b/spec/lib/gitlab/asciidoc_spec.rb
@@ -56,7 +56,7 @@ module Gitlab
           },
           'pre' => {
             input: '```mypre"><script>alert(3)</script>',
-            output: "<div>\n<div>\n<pre lang=\"mypre\">\"&gt;<code></code></pre>\n</div>\n</div>"
+            output: "<div>\n<div>\n<pre class=\"code highlight js-syntax-highlight plaintext\" lang=\"plaintext\" v-pre=\"true\"><code><span id=\"LC1\" class=\"line\" lang=\"plaintext\">\"&gt;</span></code></pre>\n</div>\n</div>"
           }
         }
 
@@ -67,6 +67,72 @@ module Gitlab
         end
       end
 
+      context 'with fenced block' do
+        it 'highlights syntax' do
+          input = <<~ADOC
+            ```js
+            console.log('hello world')
+            ```
+          ADOC
+
+          output = <<~HTML
+            <div>
+            <div>
+            <pre class="code highlight js-syntax-highlight javascript" lang="javascript" v-pre="true"><code><span id="LC1" class="line" lang="javascript"><span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">hello world</span><span class="dl">'</span><span class="p">)</span></span></code></pre>
+            </div>
+            </div>
+          HTML
+
+          expect(render(input, context)).to include(output.strip)
+        end
+      end
+
+      context 'with listing block' do
+        it 'highlights syntax' do
+          input = <<~ADOC
+            [source,c++]
+            .class.cpp
+            ----
+            #include <stdio.h>
+
+            for (int i = 0; i < 5; i++) {
+              std::cout<<"*"<<std::endl;
+            }
+            ----
+          ADOC
+
+          output = <<~HTML
+            <div>
+            <div>class.cpp</div>
+            <div>
+            <pre class="code highlight js-syntax-highlight cpp" lang="cpp" v-pre="true"><code><span id="LC1" class="line" lang="cpp"><span class="cp">#include &lt;stdio.h&gt;</span></span>
+            <span id="LC2" class="line" lang="cpp"></span>
+            <span id="LC3" class="line" lang="cpp"><span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="mi">5</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span></span>
+            <span id="LC4" class="line" lang="cpp">  <span class="n">std</span><span class="o">::</span><span class="n">cout</span><span class="o">&lt;&lt;</span><span class="s">"*"</span><span class="o">&lt;&lt;</span><span class="n">std</span><span class="o">::</span><span class="n">endl</span><span class="p">;</span></span>
+            <span id="LC5" class="line" lang="cpp"><span class="p">}</span></span></code></pre>
+            </div>
+            </div>
+          HTML
+
+          expect(render(input, context)).to include(output.strip)
+        end
+      end
+
+      context 'with stem block' do
+        it 'does not apply syntax highlighting' do
+          input = <<~ADOC
+            [stem]
+            ++++
+            \sqrt{4} = 2
+            ++++
+          ADOC
+
+          output = "<div>\n<div>\n\\$ qrt{4} = 2\\$\n</div>\n</div>"
+
+          expect(render(input, context)).to include(output)
+        end
+      end
+
       context 'external links' do
         it 'adds the `rel` attribute to the link' do
           output = render('link:https://google.com[Google]', context)
diff --git a/spec/lib/gitlab/auth_spec.rb b/spec/lib/gitlab/auth_spec.rb
index 3b5ca7c950c..d9c73cff01e 100644
--- a/spec/lib/gitlab/auth_spec.rb
+++ b/spec/lib/gitlab/auth_spec.rb
@@ -309,6 +309,15 @@ describe Gitlab::Auth do
             .to eq(auth_success)
         end
 
+        it 'succeeds when custom login and token are valid' do
+          deploy_token = create(:deploy_token, username: 'deployer', read_registry: false, projects: [project])
+          auth_success = Gitlab::Auth::Result.new(deploy_token, project, :deploy_token, [:download_code])
+
+          expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'deployer')
+          expect(gl_auth.find_for_git_client('deployer', deploy_token.token, project: project, ip: 'ip'))
+            .to eq(auth_success)
+        end
+
         it 'fails when login is not valid' do
           expect(gl_auth).to receive(:rate_limit!).with('ip', success: false, login: 'random_login')
           expect(gl_auth.find_for_git_client('random_login', deploy_token.token, project: project, ip: 'ip'))
diff --git a/spec/lib/gitlab/background_migration/migrate_system_uploads_to_new_folder_spec.rb b/spec/lib/gitlab/background_migration/migrate_system_uploads_to_new_folder_spec.rb
deleted file mode 100644
index ea8bdd48e72..00000000000
--- a/spec/lib/gitlab/background_migration/migrate_system_uploads_to_new_folder_spec.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-require 'spec_helper'
-
-# rubocop:disable RSpec/FactoriesInMigrationSpecs
-describe Gitlab::BackgroundMigration::MigrateSystemUploadsToNewFolder, :delete do
-  let(:migration) { described_class.new }
-
-  before do
-    allow(migration).to receive(:logger).and_return(Logger.new(nil))
-  end
-
-  describe '#perform' do
-    it 'renames the path of system-uploads' do
-      upload = create(:upload, model: create(:project), path: 'uploads/system/project/avatar.jpg')
-
-      migration.perform('uploads/system/', 'uploads/-/system/')
-
-      expect(upload.reload.path).to eq('uploads/-/system/project/avatar.jpg')
-    end
-  end
-end
-# rubocop:enable RSpec/FactoriesInMigrationSpecs
diff --git a/spec/lib/gitlab/background_migration/move_personal_snippet_files_spec.rb b/spec/lib/gitlab/background_migration/move_personal_snippet_files_spec.rb
deleted file mode 100644
index 593486fc56c..00000000000
--- a/spec/lib/gitlab/background_migration/move_personal_snippet_files_spec.rb
+++ /dev/null
@@ -1,74 +0,0 @@
-require 'spec_helper'
-
-# rubocop:disable RSpec/FactoriesInMigrationSpecs
-describe Gitlab::BackgroundMigration::MovePersonalSnippetFiles do
-  let(:test_dir) { File.join(Rails.root, 'tmp', 'tests', 'move_snippet_files_test') }
-  let(:old_uploads_dir) { File.join('uploads', 'system', 'personal_snippet') }
-  let(:new_uploads_dir) { File.join('uploads', '-', 'system', 'personal_snippet') }
-  let(:snippet) do
-    snippet = create(:personal_snippet)
-    create_upload_for_snippet(snippet)
-    snippet.update!(description: markdown_linking_file(snippet))
-    snippet
-  end
-
-  let(:migration) { described_class.new }
-
-  before do
-    allow(migration).to receive(:base_directory) { test_dir }
-  end
-
-  describe '#perform' do
-    it 'moves the file on the disk'  do
-      expected_path = File.join(test_dir, new_uploads_dir, snippet.id.to_s, "secret#{snippet.id}", 'upload.txt')
-
-      migration.perform(old_uploads_dir, new_uploads_dir)
-
-      expect(File.exist?(expected_path)).to be_truthy
-    end
-
-    it 'updates the markdown of the snippet' do
-      expected_path = File.join(new_uploads_dir, snippet.id.to_s, "secret#{snippet.id}", 'upload.txt')
-      expected_markdown = "[an upload](#{expected_path})"
-
-      migration.perform(old_uploads_dir, new_uploads_dir)
-
-      expect(snippet.reload.description).to eq(expected_markdown)
-    end
-
-    it 'updates the markdown of notes' do
-      expected_path = File.join(new_uploads_dir, snippet.id.to_s, "secret#{snippet.id}", 'upload.txt')
-      expected_markdown = "with [an upload](#{expected_path})"
-
-      note = create(:note_on_personal_snippet, noteable: snippet, note: "with #{markdown_linking_file(snippet)}")
-
-      migration.perform(old_uploads_dir, new_uploads_dir)
-
-      expect(note.reload.note).to eq(expected_markdown)
-    end
-  end
-
-  def create_upload_for_snippet(snippet)
-    snippet_path = path_for_file_in_snippet(snippet)
-    path = File.join(old_uploads_dir, snippet.id.to_s, snippet_path)
-    absolute_path = File.join(test_dir, path)
-
-    FileUtils.mkdir_p(File.dirname(absolute_path))
-    FileUtils.touch(absolute_path)
-
-    create(:upload, model: snippet, path: snippet_path, uploader: PersonalFileUploader)
-  end
-
-  def path_for_file_in_snippet(snippet)
-    secret = "secret#{snippet.id}"
-    filename = 'upload.txt'
-
-    File.join(secret, filename)
-  end
-
-  def markdown_linking_file(snippet)
-    path = File.join(old_uploads_dir, snippet.id.to_s, path_for_file_in_snippet(snippet))
-    "[an upload](#{path})"
-  end
-end
-# rubocop:enable RSpec/FactoriesInMigrationSpecs
diff --git a/spec/lib/gitlab/ci/config_spec.rb b/spec/lib/gitlab/ci/config_spec.rb
index 7f336ee853e..4e8bff3d738 100644
--- a/spec/lib/gitlab/ci/config_spec.rb
+++ b/spec/lib/gitlab/ci/config_spec.rb
@@ -90,6 +90,27 @@ describe Gitlab::Ci::Config do
       end
     end
 
+    context 'when yml is too big' do
+      let(:yml) do
+        <<~YAML
+          --- &1
+          - hi
+          - *1
+        YAML
+      end
+
+      describe '.new' do
+        it 'raises error' do
+          expect(Gitlab::Sentry).to receive(:track_exception)
+
+          expect { config }.to raise_error(
+            described_class::ConfigError,
+            /The parsed YAML is too big/
+          )
+        end
+      end
+    end
+
     context 'when config logic is incorrect' do
       let(:yml) { 'before_script: "ls"' }
 
diff --git a/spec/lib/gitlab/config/loader/yaml_spec.rb b/spec/lib/gitlab/config/loader/yaml_spec.rb
index 44c9a3896a8..0affeb01f6a 100644
--- a/spec/lib/gitlab/config/loader/yaml_spec.rb
+++ b/spec/lib/gitlab/config/loader/yaml_spec.rb
@@ -8,7 +8,7 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns true' do
-        expect(loader.valid?).to be true
+        expect(loader).to be_valid
       end
     end
 
@@ -24,7 +24,7 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns false' do
-        expect(loader.valid?).to be false
+        expect(loader).not_to be_valid
       end
     end
 
@@ -43,7 +43,10 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#initialize' do
       it 'raises FormatError' do
-        expect { loader }.to raise_error(Gitlab::Config::Loader::FormatError, 'Unknown alias: bad_alias')
+        expect { loader }.to raise_error(
+          Gitlab::Config::Loader::FormatError,
+          'Unknown alias: bad_alias'
+        )
       end
     end
   end
@@ -53,7 +56,68 @@ describe Gitlab::Config::Loader::Yaml do
 
     describe '#valid?' do
       it 'returns false' do
-        expect(loader.valid?).to be false
+        expect(loader).not_to be_valid
+      end
+    end
+  end
+
+  # Prevent Billion Laughs attack: https://gitlab.com/gitlab-org/gitlab-ce/issues/56018
+  context 'when yaml size is too large' do
+    let(:yml) do
+      <<~YAML
+        a: &a ["lol","lol","lol","lol","lol","lol","lol","lol","lol"]
+        b: &b [*a,*a,*a,*a,*a,*a,*a,*a,*a]
+        c: &c [*b,*b,*b,*b,*b,*b,*b,*b,*b]
+        d: &d [*c,*c,*c,*c,*c,*c,*c,*c,*c]
+        e: &e [*d,*d,*d,*d,*d,*d,*d,*d,*d]
+        f: &f [*e,*e,*e,*e,*e,*e,*e,*e,*e]
+        g: &g [*f,*f,*f,*f,*f,*f,*f,*f,*f]
+        h: &h [*g,*g,*g,*g,*g,*g,*g,*g,*g]
+        i: &i [*h,*h,*h,*h,*h,*h,*h,*h,*h]
+      YAML
+    end
+
+    describe '#valid?' do
+      it 'returns false' do
+        expect(loader).not_to be_valid
+      end
+
+      it 'returns true if "ci_yaml_limit_size" feature flag is disabled' do
+        stub_feature_flags(ci_yaml_limit_size: false)
+
+        expect(loader).to be_valid
+      end
+    end
+
+    describe '#load!' do
+      it 'raises FormatError' do
+        expect { loader.load! }.to raise_error(
+          Gitlab::Config::Loader::FormatError,
+          'The parsed YAML is too big'
+        )
+      end
+    end
+  end
+
+  # Prevent Billion Laughs attack: https://gitlab.com/gitlab-org/gitlab-ce/issues/56018
+  context 'when yaml has cyclic data structure' do
+    let(:yml) do
+      <<~YAML
+        --- &1
+        - hi
+        - *1
+      YAML
+    end
+
+    describe '#valid?' do
+      it 'returns false' do
+        expect(loader.valid?).to be(false)
+      end
+    end
+
+    describe '#load!' do
+      it 'raises FormatError' do
+        expect { loader.load! }.to raise_error(Gitlab::Config::Loader::FormatError, 'The parsed YAML is too big')
       end
     end
   end
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
index aec9c4baf0a..d60d1b7559a 100644
--- a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
+++ b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
@@ -7,35 +7,39 @@ require 'spec_helper'
 describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
   def type(type_authorizations = [])
     Class.new(Types::BaseObject) do
-      graphql_name "TestType"
+      graphql_name 'TestType'
 
       authorize type_authorizations
     end
   end
 
-  def type_with_field(field_type, field_authorizations = [], resolved_value = "Resolved value")
+  def type_with_field(field_type, field_authorizations = [], resolved_value = 'Resolved value', **options)
     Class.new(Types::BaseObject) do
-      graphql_name "TestTypeWithField"
-      field :test_field, field_type, null: true, authorize: field_authorizations, resolve: -> (_, _, _) { resolved_value}
+      graphql_name 'TestTypeWithField'
+      options.reverse_merge!(null: true)
+      field :test_field, field_type,
+            authorize: field_authorizations,
+            resolve: -> (_, _, _) { resolved_value },
+            **options
     end
   end
 
   let(:current_user) { double(:current_user) }
   subject(:service) { described_class.new(field) }
 
-  describe "#authorized_resolve" do
-    let(:presented_object) { double("presented object") }
-    let(:presented_type) { double("parent type", object: presented_object) }
+  describe '#authorized_resolve' do
+    let(:presented_object) { double('presented object') }
+    let(:presented_type) { double('parent type', object: presented_object) }
     subject(:resolved) { service.authorized_resolve.call(presented_type, {}, { current_user: current_user }) }
 
-    context "scalar types" do
-      shared_examples "checking permissions on the presented object" do
-        it "checks the abilities on the object being presented and returns the value" do
+    context 'scalar types' do
+      shared_examples 'checking permissions on the presented object' do
+        it 'checks the abilities on the object being presented and returns the value' do
           expected_permissions.each do |permission|
             spy_ability_check_for(permission, presented_object, passed: true)
           end
 
-          expect(resolved).to eq("Resolved value")
+          expect(resolved).to eq('Resolved value')
         end
 
         it "returns nil if the value wasn't authorized" do
@@ -45,61 +49,71 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
         end
       end
 
-      context "when the field is a built-in scalar type" do
-        let(:field) { type_with_field(GraphQL::STRING_TYPE, :read_field).fields["testField"].to_graphql }
+      context 'when the field is a built-in scalar type' do
+        let(:field) { type_with_field(GraphQL::STRING_TYPE, :read_field).fields['testField'].to_graphql }
         let(:expected_permissions) { [:read_field] }
 
-        it_behaves_like "checking permissions on the presented object"
+        it_behaves_like 'checking permissions on the presented object'
       end
 
-      context "when the field is a list of scalar types" do
-        let(:field) { type_with_field([GraphQL::STRING_TYPE], :read_field).fields["testField"].to_graphql }
+      context 'when the field is a list of scalar types' do
+        let(:field) { type_with_field([GraphQL::STRING_TYPE], :read_field).fields['testField'].to_graphql }
         let(:expected_permissions) { [:read_field] }
 
-        it_behaves_like "checking permissions on the presented object"
+        it_behaves_like 'checking permissions on the presented object'
       end
 
-      context "when the field is sub-classed scalar type" do
-        let(:field) { type_with_field(Types::TimeType, :read_field).fields["testField"].to_graphql }
+      context 'when the field is sub-classed scalar type' do
+        let(:field) { type_with_field(Types::TimeType, :read_field).fields['testField'].to_graphql }
         let(:expected_permissions) { [:read_field] }
 
-        it_behaves_like "checking permissions on the presented object"
+        it_behaves_like 'checking permissions on the presented object'
       end
 
-      context "when the field is a list of sub-classed scalar types" do
-        let(:field) { type_with_field([Types::TimeType], :read_field).fields["testField"].to_graphql }
+      context 'when the field is a list of sub-classed scalar types' do
+        let(:field) { type_with_field([Types::TimeType], :read_field).fields['testField'].to_graphql }
         let(:expected_permissions) { [:read_field] }
 
-        it_behaves_like "checking permissions on the presented object"
+        it_behaves_like 'checking permissions on the presented object'
       end
     end
 
-    context "when the field is a specific type" do
+    context 'when the field is a specific type' do
       let(:custom_type) { type(:read_type) }
-      let(:object_in_field) { double("presented in field") }
-      let(:field) { type_with_field(custom_type, :read_field, object_in_field).fields["testField"].to_graphql }
+      let(:object_in_field) { double('presented in field') }
+      let(:field) { type_with_field(custom_type, :read_field, object_in_field).fields['testField'].to_graphql }
 
-      it "checks both field & type permissions" do
+      it 'checks both field & type permissions' do
         spy_ability_check_for(:read_field, object_in_field, passed: true)
         spy_ability_check_for(:read_type, object_in_field, passed: true)
 
         expect(resolved).to eq(object_in_field)
       end
 
-      it "returns nil if viewing was not allowed" do
+      it 'returns nil if viewing was not allowed' do
         spy_ability_check_for(:read_field, object_in_field, passed: false)
         spy_ability_check_for(:read_type, object_in_field, passed: true)
 
         expect(resolved).to be_nil
       end
 
-      context "when the field is a list" do
-        let(:object_1) { double("presented in field 1") }
-        let(:object_2) { double("presented in field 2") }
+      context 'when the field is not nullable' do
+        let(:field) { type_with_field(custom_type, [], object_in_field, null: false).fields['testField'].to_graphql }
+
+        it 'returns nil when viewing is not allowed' do
+          spy_ability_check_for(:read_type, object_in_field, passed: false)
+
+          expect(resolved).to be_nil
+        end
+      end
+
+      context 'when the field is a list' do
+        let(:object_1) { double('presented in field 1') }
+        let(:object_2) { double('presented in field 2') }
         let(:presented_types) { [double(object: object_1), double(object: object_2)] }
-        let(:field) { type_with_field([custom_type], :read_field, presented_types).fields["testField"].to_graphql }
+        let(:field) { type_with_field([custom_type], :read_field, presented_types).fields['testField'].to_graphql }
 
-        it "checks all permissions" do
+        it 'checks all permissions' do
           allow(Ability).to receive(:allowed?) { true }
 
           spy_ability_check_for(:read_field, object_1, passed: true)
@@ -110,7 +124,7 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
           expect(resolved).to eq(presented_types)
         end
 
-        it "filters out objects that the user cannot see" do
+        it 'filters out objects that the user cannot see' do
           allow(Ability).to receive(:allowed?) { true }
 
           spy_ability_check_for(:read_type, object_1, passed: false)
diff --git a/spec/lib/gitlab/import_export/safe_model_attributes.yml b/spec/lib/gitlab/import_export/safe_model_attributes.yml
index a406c25b1d8..28b187c3676 100644
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@@ -123,6 +123,7 @@ Release:
 - project_id
 - created_at
 - updated_at
+- released_at
 Releases::Link:
 - id
 - release_id
@@ -429,6 +430,7 @@ Service:
 - confidential_issues_events
 - confidential_note_events
 - deployment_events
+- description
 ProjectHook:
 - id
 - url
diff --git a/spec/lib/gitlab/issuable_metadata_spec.rb b/spec/lib/gitlab/issuable_metadata_spec.rb
index 916f3876a8e..032467b8b4e 100644
--- a/spec/lib/gitlab/issuable_metadata_spec.rb
+++ b/spec/lib/gitlab/issuable_metadata_spec.rb
@@ -7,11 +7,11 @@ describe Gitlab::IssuableMetadata do
   subject { Class.new { include Gitlab::IssuableMetadata }.new }
 
   it 'returns an empty Hash if an empty collection is provided' do
-    expect(subject.issuable_meta_data(Issue.none, 'Issue')).to eq({})
+    expect(subject.issuable_meta_data(Issue.none, 'Issue', user)).to eq({})
   end
 
   it 'raises an error when given a collection with no limit' do
-    expect { subject.issuable_meta_data(Issue.all, 'Issue') }.to raise_error(/must have a limit/)
+    expect { subject.issuable_meta_data(Issue.all, 'Issue', user) }.to raise_error(/must have a limit/)
   end
 
   context 'issues' do
@@ -23,7 +23,7 @@ describe Gitlab::IssuableMetadata do
     let!(:closing_issues) { create(:merge_requests_closing_issues, issue: issue, merge_request: merge_request) }
 
     it 'aggregates stats on issues' do
-      data = subject.issuable_meta_data(Issue.all.limit(10), 'Issue')
+      data = subject.issuable_meta_data(Issue.all.limit(10), 'Issue', user)
 
       expect(data.count).to eq(2)
       expect(data[issue.id].upvotes).to eq(1)
@@ -46,7 +46,7 @@ describe Gitlab::IssuableMetadata do
     let!(:note) { create(:note_on_merge_request, author: user, project: project, noteable: merge_request, note: "a comment on a MR") }
 
     it 'aggregates stats on merge requests' do
-      data = subject.issuable_meta_data(MergeRequest.all.limit(10), 'MergeRequest')
+      data = subject.issuable_meta_data(MergeRequest.all.limit(10), 'MergeRequest', user)
 
       expect(data.count).to eq(2)
       expect(data[merge_request.id].upvotes).to eq(1)
diff --git a/spec/lib/gitlab/legacy_github_import/importer_spec.rb b/spec/lib/gitlab/legacy_github_import/importer_spec.rb
index a0c664da185..9163019514b 100644
--- a/spec/lib/gitlab/legacy_github_import/importer_spec.rb
+++ b/spec/lib/gitlab/legacy_github_import/importer_spec.rb
@@ -132,6 +132,7 @@ describe Gitlab::LegacyGithubImport::Importer do
         body: 'Release v1.0.0',
         draft: false,
         created_at: created_at,
+        published_at: created_at,
         updated_at: updated_at,
         url: "#{api_root}/repos/octocat/Hello-World/releases/1"
       )
@@ -144,6 +145,7 @@ describe Gitlab::LegacyGithubImport::Importer do
         body: nil,
         draft: false,
         created_at: created_at,
+        published_at: created_at,
         updated_at: updated_at,
         url: "#{api_root}/repos/octocat/Hello-World/releases/2"
       )
diff --git a/spec/lib/gitlab/legacy_github_import/release_formatter_spec.rb b/spec/lib/gitlab/legacy_github_import/release_formatter_spec.rb
index c57b96fb00d..534cf219520 100644
--- a/spec/lib/gitlab/legacy_github_import/release_formatter_spec.rb
+++ b/spec/lib/gitlab/legacy_github_import/release_formatter_spec.rb
@@ -4,6 +4,7 @@ describe Gitlab::LegacyGithubImport::ReleaseFormatter do
   let!(:project) { create(:project, namespace: create(:namespace, path: 'octocat')) }
   let(:octocat) { double(id: 123456, login: 'octocat') }
   let(:created_at) { DateTime.strptime('2011-01-26T19:01:12Z') }
+  let(:published_at) { DateTime.strptime('2011-01-26T20:00:00Z') }
 
   let(:base_data) do
     {
@@ -11,7 +12,7 @@ describe Gitlab::LegacyGithubImport::ReleaseFormatter do
       name: 'First release',
       draft: false,
       created_at: created_at,
-      published_at: created_at,
+      published_at: published_at,
       body: 'Release v1.0.0'
     }
   end
@@ -28,6 +29,7 @@ describe Gitlab::LegacyGithubImport::ReleaseFormatter do
         name: 'First release',
         description: 'Release v1.0.0',
         created_at: created_at,
+        released_at: published_at,
         updated_at: created_at
       }
 
diff --git a/spec/lib/gitlab/performance_bar_spec.rb b/spec/lib/gitlab/performance_bar_spec.rb
index f480376acb4..ee3c571c9c0 100644
--- a/spec/lib/gitlab/performance_bar_spec.rb
+++ b/spec/lib/gitlab/performance_bar_spec.rb
@@ -3,17 +3,42 @@ require 'spec_helper'
 describe Gitlab::PerformanceBar do
   shared_examples 'allowed user IDs are cached' do
     before do
-      # Warm the Redis cache
+      # Warm the caches
       described_class.enabled?(user)
     end
 
     it 'caches the allowed user IDs in cache', :use_clean_rails_memory_store_caching do
       expect do
+        expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+        expect(described_class.l2_cache_backend).not_to receive(:fetch)
         expect(described_class.enabled?(user)).to be_truthy
       end.not_to exceed_query_limit(0)
     end
+
+    it 'caches the allowed user IDs in L1 cache for 1 minute', :use_clean_rails_memory_store_caching do
+      Timecop.travel 2.minutes do
+        expect do
+          expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+          expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
+          expect(described_class.enabled?(user)).to be_truthy
+        end.not_to exceed_query_limit(0)
+      end
+    end
+
+    it 'caches the allowed user IDs in L2 cache for 5 minutes', :use_clean_rails_memory_store_caching do
+      Timecop.travel 6.minutes do
+        expect do
+          expect(described_class.l1_cache_backend).to receive(:fetch).and_call_original
+          expect(described_class.l2_cache_backend).to receive(:fetch).and_call_original
+          expect(described_class.enabled?(user)).to be_truthy
+        end.not_to exceed_query_limit(2)
+      end
+    end
   end
 
+  it { expect(described_class.l1_cache_backend).to eq(Gitlab::ThreadMemoryCache.cache_backend) }
+  it { expect(described_class.l2_cache_backend).to eq(Rails.cache) }
+
   describe '.enabled?' do
     let(:user) { create(:user) }
 
diff --git a/spec/lib/gitlab/utils/deep_size_spec.rb b/spec/lib/gitlab/utils/deep_size_spec.rb
new file mode 100644
index 00000000000..1e619a15980
--- /dev/null
+++ b/spec/lib/gitlab/utils/deep_size_spec.rb
@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe Gitlab::Utils::DeepSize do
+  let(:data) do
+    {
+      a: [1, 2, 3],
+      b: {
+        c: [4, 5],
+        d: [
+          { e: [[6], [7]] }
+        ]
+      }
+    }
+  end
+
+  let(:max_size) { 1.kilobyte }
+  let(:max_depth) { 10 }
+  let(:deep_size) { described_class.new(data, max_size: max_size, max_depth: max_depth) }
+
+  describe '#evaluate' do
+    context 'when data within size and depth limits' do
+      it 'returns true' do
+        expect(deep_size).to be_valid
+      end
+    end
+
+    context 'when data not within size limit' do
+      let(:max_size) { 200.bytes }
+
+      it 'returns false' do
+        expect(deep_size).not_to be_valid
+      end
+    end
+
+    context 'when data not within depth limit' do
+      let(:max_depth) { 2 }
+
+      it 'returns false' do
+        expect(deep_size).not_to be_valid
+      end
+    end
+  end
+end