Age | Commit message (Collapse) | Author | |
---|---|---|---|
2019-08-02 | Refactor SystemHookUrlValidator and specs | George Koltsov | |
Simplify SystemHookUrlValidator to inherit from PublicUrlValidator Refactor specs to move out shared examples to be used in both system hooks and public url validators. | |||
2019-08-02 | Update security/webhooks.md doc page & specs | George Koltsov | |
Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples | |||
2019-08-02 | Update translations in gitlab.pot | George Koltsov | |
2019-08-02 | Add SystemHookUrlValidator spec | George Koltsov | |
2019-07-31 | Allow blank but not nil in validations | Reuben Pereira | |
- The most common use case for qualified_domain_validator currently is to allow blank ([]) but not allow nil. Modify the qualified_domain_validator to support this use case. | |||
2019-07-23 | Add validator for qualidied domain array | Reuben Pereira | |
- Validate that the entries contain no unicode, html tags and are not larger than 255 characters. | |||
2019-06-25 | Fix color validation regex | Heinrich Lee Yu | |
Also prevents ReDoS vulnerability | |||
2019-04-11 | Align UrlValidator to validate_url gem implementation. | Thong Kuah | |
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: allow_nil, allow_blank, message. Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator. | |||
2019-04-09 | Move Contribution Analytics related spec in ↵ | Imre Farkas | |
spec/features/groups/group_page_with_external_authorization_service_spec to EE | |||
2019-04-05 | Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'" | Andreas Brandl | |
This reverts merge request !26823 | |||
2019-04-05 | Move Contribution Analytics related spec in ↵ | Imre Farkas | |
spec/features/groups/group_page_with_external_authorization_service_spec to EE | |||
2019-03-14 | Fix Bitbucket import | Francisco Javier López | |
In https://gitlab.com/gitlab-org/gitlab-ce/commit/ebf16ada856efb85424a98848c141f21e609886a we introduced a SHA validator, to ensure that the data provided in merge request diffs, was legit. Nevertheless, the validator assumed that the SHA should be 40 chars long. When we import a project from BitBucket, the retrieved SHA is shorter (12 chars long). Therefore, this validator prevented to create a valid MergeRequestDiff for ever MergeRequest (triggering an exception). | |||
2019-03-09 | Merge branch 'fix/email_validator' into 'master' | Stan Hu | |
Align EmailValidator to validate_email gem implementation. Closes #57352 See merge request gitlab-org/gitlab-ce!24971 | |||
2019-03-05 | Align EmailValidator to validate_email gem implementation. | Horatiu Eugen Vlad | |
Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: regex. | |||
2019-03-05 | Add frozen_string_literal to new files | Stan Hu | |
2019-03-04 | Arbitrary file read via MergeRequestDiff | Francisco Javier López | |
2019-01-14 | remove newly supported regex feature from validation error test | Roger Rüttimann | |
2019-01-07 | Add table and model for error tracking settings | Reuben Pereira | |
2018-12-06 | Allow URLs to be validated as ascii_only | James Edwards-Jones | |
Restricts unicode characters and IDNA deviations which could be used in a phishing attack | |||
2018-11-29 | Merge branch 'security-fj-crlf-injection' into 'master' | Cindy Pallares | |
[master] Fix CRLF issue in UrlValidator See merge request gitlab/gitlabhq!2627 | |||
2018-09-17 | Allow UrlValidator to work with attr_encrypted | Nick Thomas | |
2018-09-05 | Merge branch 'filter-web-hooks-by-branch' into 'master' | Dmitriy Zaporozhets | |
Filter web hooks by branch See merge request gitlab-org/gitlab-ce!19513 | |||
2018-08-30 | Allow whitelisting for "external collaborator by default" setting | Roger Rüttimann | |
2018-08-13 | Filter project hooks by branch | Duana Saskia | |
Allow specificying a branch filter for a project hook and only trigger a project hook if either the branch filter is blank or the branch matches. Only supported for push_events for now. | |||
2018-06-11 | Avoid checking the user format in every url validation | Francisco Javier López | |
2018-06-01 | Add validation to webhook and service URLs to ensure they are not blocked ↵ | Francisco Javier López | |
because of SSRF | |||
2018-03-05 | Projects and groups badges API | Francisco Javier López | |
2018-02-14 | Add more information in variable_duplicates validator error message | Matija Čupić | |
2018-02-13 | Add specs for VariableDuplicates validator | Matija Čupić | |
2018-02-06 | Validate User username only on Namespace, and bubble up appropriately | Douwe Maan | |
2017-11-06 | Reallow project paths ending in periods | Douwe Maan | |
2017-08-03 | Change all `:empty_project` to `:project` | Robert Speicher | |
2017-08-01 | Ensure all project factories use `:repository` trait or `:empty_project` | Robert Speicher | |
2017-06-21 | Rebuild the dynamic path before validating it | Bob Van Landuyt | |
Otherwise we won't validate updates to the path. Allowing users to change the path to something that's not allowed. | |||
2017-05-30 | Avoid crash when trying to parse string with invalid UTF-8 sequence | Bob Van Landuyt | |
2017-05-24 | Revert "Remove changes that are not absolutely necessary" | Douwe Maan | |
This reverts commit b0498c176fa134761d899c9b369be12f1ca789c5 | |||
2017-05-24 | Remove changes that are not absolutely necessary | Douwe Maan | |
2017-05-24 | Fix ambiguous routing issues by teaching router about reserved words | Douwe Maan | |
2017-05-02 | Add a better error message when a certain path is missing | Bob Van Landuyt | |
2017-05-02 | Update path validation & specs | Bob Van Landuyt | |
2017-05-02 | Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidator | Bob Van Landuyt | |
2017-05-01 | Reject group-routes as names of child namespaces | Bob Van Landuyt | |
2017-05-01 | Reject paths following namespace for paths including 2 `*` | Bob Van Landuyt | |
Reject the part following `/*namespace_id/:project_id` for paths containing 2 wildcard parameters | |||
2017-05-01 | Use `%r{}` regexes to avoid having to escape `/` | Bob Van Landuyt | |
2017-05-01 | The dynamic path validator can block out partial paths | Bob Van Landuyt | |
So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs` | |||
2017-05-01 | Make path validation case-insensitive | Bob Van Landuyt | |
2017-05-01 | Rename `NamespaceValidator` to `DynamicPathValidator` | Bob Van Landuyt | |
This reflects better that it validates paths instead of a namespace model | |||
2017-05-01 | Split off validating full paths | Bob Van Landuyt | |
The first part of a full path needs to be validated as a `top_level` while the rest need to be validated as `wildcard` | |||
2017-05-01 | Improve detection of reserved words from routes | Bob Van Landuyt | |
2017-05-01 | Streamline the path validation in groups & projects | Bob Van Landuyt | |
`Project` uses `ProjectPathValidator` which is now a `NamespaceValidator` that skips the format validation. That way we're sure we are using the same collection of reserved paths. I updated the path constraints to reflect the changes: We now allow some values that are only used on a top level namespace as a name for a nested group/project. |