From 1ebdda69d61ae26379f8fac27671103374031944 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Mon, 31 Jul 2023 14:35:12 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@16-2-stable-ee --- app/models/project.rb | 11 +++++++++++ app/models/project_setting.rb | 11 +++++++++++ app/services/bulk_imports/archive_extraction_service.rb | 6 +----- app/services/bulk_imports/file_decompression_service.rb | 2 +- 4 files changed, 24 insertions(+), 6 deletions(-) (limited to 'app') diff --git a/app/models/project.rb b/app/models/project.rb index 931f4db3a54..8959eccbd1f 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -579,6 +579,8 @@ class Project < ApplicationRecord validates :max_artifacts_size, numericality: { only_integer: true, greater_than: 0, allow_nil: true } validates :suggestion_commit_message, length: { maximum: MAX_SUGGESTIONS_TEMPLATE_LENGTH } + validate :path_availability, if: :path_changed? + # Scopes scope :pending_delete, -> { where(pending_delete: true) } scope :without_deleted, -> { where(pending_delete: false) } @@ -3221,6 +3223,15 @@ class Project < ApplicationRecord group.crm_enabled? end + def path_availability + base, _, host = path.partition('.') + + return unless host == Gitlab.config.pages&.dig('host') + return unless ProjectSetting.where(pages_unique_domain: base).exists? + + errors.add(:path, s_('Project|already in use')) + end + private # overridden in EE diff --git a/app/models/project_setting.rb b/app/models/project_setting.rb index 7ca74d4e970..aeefa5c8dcd 100644 --- a/app/models/project_setting.rb +++ b/app/models/project_setting.rb @@ -59,6 +59,8 @@ class ProjectSetting < ApplicationRecord validate :validates_mr_default_target_self + validate :pages_unique_domain_availability, if: :pages_unique_domain_changed? + attribute :legacy_open_source_license_available, default: -> do Feature.enabled?(:legacy_open_source_license_available, type: :ops) end @@ -109,6 +111,15 @@ class ProjectSetting < ApplicationRecord pages_unique_domain_enabled || pages_unique_domain_in_database.present? end + + def pages_unique_domain_availability + host = Gitlab.config.pages&.dig('host') + + return if host.blank? + return unless Project.where(path: "#{pages_unique_domain}.#{host}").exists? + + errors.add(:pages_unique_domain, s_('ProjectSetting|already in use')) + end end ProjectSetting.prepend_mod diff --git a/app/services/bulk_imports/archive_extraction_service.rb b/app/services/bulk_imports/archive_extraction_service.rb index 4485b19035b..bce2a67218a 100644 --- a/app/services/bulk_imports/archive_extraction_service.rb +++ b/app/services/bulk_imports/archive_extraction_service.rb @@ -49,11 +49,7 @@ module BulkImports end def validate_symlink - raise(BulkImports::Error, 'Invalid file') if symlink?(filepath) - end - - def symlink?(filepath) - File.lstat(filepath).symlink? + raise(BulkImports::Error, 'Invalid file') if Gitlab::Utils::FileInfo.linked?(filepath) end def extract_archive diff --git a/app/services/bulk_imports/file_decompression_service.rb b/app/services/bulk_imports/file_decompression_service.rb index 94573f6bb13..77638f10f54 100644 --- a/app/services/bulk_imports/file_decompression_service.rb +++ b/app/services/bulk_imports/file_decompression_service.rb @@ -53,7 +53,7 @@ module BulkImports end def validate_symlink(filepath) - raise(ServiceError, 'Invalid file') if File.lstat(filepath).symlink? + raise(ServiceError, 'Invalid file') if Gitlab::Utils::FileInfo.linked?(filepath) end def decompress_file -- cgit v1.2.3