Age | Commit message (Collapse) | Author |
|
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator
Refactor specs to move out shared examples to be used in both
system hooks and public url validators.
|
|
Updating security/webhooks.md to match new behaviour
as well as drying up few specs to extract shared
examples
|
|
This MR adds new application setting to network section
`allow_local_requests_from_system_hooks`. Prior to this change
system hooks were allowed to do local network requests by default
and we are adding an ability for admins to control it.
|
|
- The most common use case for qualified_domain_validator currently is
to allow blank ([]) but not allow nil. Modify the
qualified_domain_validator to support this use case.
|
|
- Validate that the entries contain no unicode, html tags and are not
larger than 255 characters.
|
|
Since we use `Namespace#path` to build routes and URLs we can lessen
the restrictions on `Namespace#name` so it can accomodate a user's name.
|
|
Also prevents ReDoS vulnerability
|
|
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: allow_nil, allow_blank, message.
Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
This reverts merge request !26823
|
|
spec/features/groups/group_page_with_external_authorization_service_spec to EE
|
|
This will allow to user the term managed? on
https://gitlab.com/gitlab-org/gitlab-ce/issues/56557. Managed? will be
used to distinct clusters that are automatically managed by GitLab
|
|
In https://gitlab.com/gitlab-org/gitlab-ce/commit/ebf16ada856efb85424a98848c141f21e609886a
we introduced a SHA validator, to ensure that the data provided in
merge request diffs, was legit. Nevertheless, the validator
assumed that the SHA should be 40 chars long.
When we import a project from BitBucket, the retrieved SHA is
shorter (12 chars long). Therefore, this validator prevented to
create a valid MergeRequestDiff for ever MergeRequest (triggering
an exception).
|
|
Align EmailValidator to validate_email gem implementation.
Closes #57352
See merge request gitlab-org/gitlab-ce!24971
|
|
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: regex.
|
|
|
|
See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833
|
|
This reverts merge request !25370
|
|
Gitlab::CurrentSettings will create ApplicationSetting.current if not
present which means we don't have to use `&.`. We can also more easily
use stub_application_setting in specs
|
|
|
|
[CE] Backport SAML unlink changes: UrlBlocker#ascii_only
See merge request gitlab-org/gitlab-ce!23627
|
|
Restricts unicode characters and IDNA deviations
which could be used in a phishing attack
|
|
|
|
|
|
Add RuboCop cops to enforce code reusing rules
See merge request gitlab-org/gitlab-ce!21391
|
|
This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.
|
|
Partially addresses #47424.
|
|
Filter web hooks by branch
See merge request gitlab-org/gitlab-ce!19513
|
|
|
|
|
|
Allow specificying a branch filter for a project hook and only trigger
a project hook if either the branch filter is blank or the branch matches.
Only supported for push_events for now.
|
|
Partially addresses #47424.
|
|
|
|
because of SSRF
|
|
|
|
|
|
These changes are backported from EE, related to SAML settings in
https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
|
|
Closes #28857
|
|
Server Side Request Forgery in Services and Web Hooks
See merge request gitlab/gitlabhq!2337
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.
|