From 6b3f0a47a2410b5a2a9fc1e78ff2d006b05a3e05 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 30 Jun 2021 11:40:06 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

---
 .../vue_shared/components/diff_viewer/viewers/not_diffable.vue     | 2 +-
 app/models/concerns/integrations/slack_mattermost_notifier.rb      | 2 +-
 app/models/integrations/bamboo.rb                                  | 1 +
 app/models/integrations/base_issue_tracker.rb                      | 2 +-
 app/models/integrations/drone_ci.rb                                | 7 +++++--
 app/models/integrations/external_wiki.rb                           | 2 +-
 app/models/integrations/mock_ci.rb                                 | 2 +-
 app/models/integrations/teamcity.rb                                | 5 +++--
 app/models/integrations/unify_circuit.rb                           | 3 ++-
 app/models/integrations/webex_teams.rb                             | 2 +-
 app/models/protected_branch/push_access_level.rb                   | 2 +-
 app/services/web_hook_service.rb                                   | 3 ++-
 app/views/projects/diffs/viewers/_not_diffable.html.haml           | 2 +-
 13 files changed, 21 insertions(+), 14 deletions(-)

(limited to 'app')

diff --git a/app/assets/javascripts/vue_shared/components/diff_viewer/viewers/not_diffable.vue b/app/assets/javascripts/vue_shared/components/diff_viewer/viewers/not_diffable.vue
index d4d3038f066..5a6b1c19027 100644
--- a/app/assets/javascripts/vue_shared/components/diff_viewer/viewers/not_diffable.vue
+++ b/app/assets/javascripts/vue_shared/components/diff_viewer/viewers/not_diffable.vue
@@ -1,5 +1,5 @@
 <template>
   <div class="nothing-here-block">
-    {{ __('This diff was suppressed by a .gitattributes entry.') }}
+    {{ __("File suppressed by a .gitattributes entry or the file's encoding is unsupported.") }}
   </div>
 </template>
diff --git a/app/models/concerns/integrations/slack_mattermost_notifier.rb b/app/models/concerns/integrations/slack_mattermost_notifier.rb
index a919fc840fd..cb6fafa8de0 100644
--- a/app/models/concerns/integrations/slack_mattermost_notifier.rb
+++ b/app/models/concerns/integrations/slack_mattermost_notifier.rb
@@ -17,7 +17,7 @@ module Integrations
     class HTTPClient
       def self.post(uri, params = {})
         params.delete(:http_options) # these are internal to the client and we do not want them
-        Gitlab::HTTP.post(uri, body: params)
+        Gitlab::HTTP.post(uri, body: params, use_read_total_timeout: true)
       end
     end
   end
diff --git a/app/models/integrations/bamboo.rb b/app/models/integrations/bamboo.rb
index dbd7aedf4fe..fef2774c593 100644
--- a/app/models/integrations/bamboo.rb
+++ b/app/models/integrations/bamboo.rb
@@ -173,6 +173,7 @@ module Integrations
 
       query_params[:os_authType] = 'basic'
       params[:basic_auth] = basic_auth
+      params[:use_read_total_timeout] = true
       params
     end
 
diff --git a/app/models/integrations/base_issue_tracker.rb b/app/models/integrations/base_issue_tracker.rb
index 6c24f762cd5..3fd67205e92 100644
--- a/app/models/integrations/base_issue_tracker.rb
+++ b/app/models/integrations/base_issue_tracker.rb
@@ -107,7 +107,7 @@ module Integrations
       result = false
 
       begin
-        response = Gitlab::HTTP.head(self.project_url, verify: true)
+        response = Gitlab::HTTP.head(self.project_url, verify: true, use_read_total_timeout: true)
 
         if response
           message = "#{self.type} received response #{response.code} when attempting to connect to #{self.project_url}"
diff --git a/app/models/integrations/drone_ci.rb b/app/models/integrations/drone_ci.rb
index 096f7093b8c..0f021356815 100644
--- a/app/models/integrations/drone_ci.rb
+++ b/app/models/integrations/drone_ci.rb
@@ -51,9 +51,12 @@ module Integrations
     end
 
     def calculate_reactive_cache(sha, ref)
-      response = Gitlab::HTTP.try_get(commit_status_path(sha, ref),
+      response = Gitlab::HTTP.try_get(
+        commit_status_path(sha, ref),
         verify: enable_ssl_verification,
-        extra_log_info: { project_id: project_id })
+        extra_log_info: { project_id: project_id },
+        use_read_total_timeout: true
+      )
 
       status =
         if response && response.code == 200 && response['status']
diff --git a/app/models/integrations/external_wiki.rb b/app/models/integrations/external_wiki.rb
index fec435443fa..2a8d598117b 100644
--- a/app/models/integrations/external_wiki.rb
+++ b/app/models/integrations/external_wiki.rb
@@ -39,7 +39,7 @@ module Integrations
     end
 
     def execute(_data)
-      response = Gitlab::HTTP.get(properties['external_wiki_url'], verify: true)
+      response = Gitlab::HTTP.get(properties['external_wiki_url'], verify: true, use_read_total_timeout: true)
       response.body if response.code == 200
     rescue StandardError
       nil
diff --git a/app/models/integrations/mock_ci.rb b/app/models/integrations/mock_ci.rb
index d31f6381767..a0eae9e4abf 100644
--- a/app/models/integrations/mock_ci.rb
+++ b/app/models/integrations/mock_ci.rb
@@ -55,7 +55,7 @@ module Integrations
     #   # => 'running'
     #
     def commit_status(sha, ref)
-      response = Gitlab::HTTP.get(commit_status_path(sha), verify: false)
+      response = Gitlab::HTTP.get(commit_status_path(sha), verify: false, use_read_total_timeout: true)
       read_commit_status(response)
     rescue Errno::ECONNREFUSED
       :error
diff --git a/app/models/integrations/teamcity.rb b/app/models/integrations/teamcity.rb
index 8284d5963ae..3f14c5d82b3 100644
--- a/app/models/integrations/teamcity.rb
+++ b/app/models/integrations/teamcity.rb
@@ -170,7 +170,7 @@ module Integrations
     end
 
     def get_path(path)
-      Gitlab::HTTP.try_get(build_url(path), verify: false, basic_auth: basic_auth, extra_log_info: { project_id: project_id })
+      Gitlab::HTTP.try_get(build_url(path), verify: false, basic_auth: basic_auth, extra_log_info: { project_id: project_id }, use_read_total_timeout: true)
     end
 
     def post_to_build_queue(data, branch)
@@ -180,7 +180,8 @@ module Integrations
               "<buildType id=#{build_type.encode(xml: :attr)}/>"\
               '</build>',
         headers: { 'Content-type' => 'application/xml' },
-        basic_auth: basic_auth
+        basic_auth: basic_auth,
+        use_read_total_timeout: true
       )
     end
 
diff --git a/app/models/integrations/unify_circuit.rb b/app/models/integrations/unify_circuit.rb
index 03363c7c8b0..834222834e9 100644
--- a/app/models/integrations/unify_circuit.rb
+++ b/app/models/integrations/unify_circuit.rb
@@ -49,7 +49,8 @@ module Integrations
       response = Gitlab::HTTP.post(webhook, body: {
         subject: message.project_name,
         text: message.summary,
-        markdown: true
+        markdown: true,
+        use_read_total_timeout: true
       }.to_json)
 
       response if response.success?
diff --git a/app/models/integrations/webex_teams.rb b/app/models/integrations/webex_teams.rb
index 3f420331035..6fd82a32035 100644
--- a/app/models/integrations/webex_teams.rb
+++ b/app/models/integrations/webex_teams.rb
@@ -44,7 +44,7 @@ module Integrations
 
     def notify(message, opts)
       header = { 'Content-Type' => 'application/json' }
-      response = Gitlab::HTTP.post(webhook, headers: header, body: { markdown: message.summary }.to_json)
+      response = Gitlab::HTTP.post(webhook, headers: header, body: { markdown: message.summary }.to_json, use_read_total_timeout: true)
 
       response if response.success?
     end
diff --git a/app/models/protected_branch/push_access_level.rb b/app/models/protected_branch/push_access_level.rb
index ea51dca8a42..5248834a2f2 100644
--- a/app/models/protected_branch/push_access_level.rb
+++ b/app/models/protected_branch/push_access_level.rb
@@ -20,7 +20,7 @@ class ProtectedBranch::PushAccessLevel < ApplicationRecord
 
   def check_access(user)
     if user && deploy_key.present?
-      return true if user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user)
+      return user.can?(:read_project, project) && enabled_deploy_key_for_user?(deploy_key, user)
     end
 
     super
diff --git a/app/services/web_hook_service.rb b/app/services/web_hook_service.rb
index 77d2139b3d1..1d5b38575bb 100644
--- a/app/services/web_hook_service.rb
+++ b/app/services/web_hook_service.rb
@@ -42,6 +42,7 @@ class WebHookService
     @uniqueness_token = uniqueness_token
     @request_options = {
       timeout: Gitlab.config.gitlab.webhook_timeout,
+      use_read_total_timeout: true,
       allow_local_requests: hook.allow_local_requests?
     }
   end
@@ -68,7 +69,7 @@ class WebHookService
     {
       status: :success,
       http_status: response.code,
-      message: response.to_s
+      message: response.body
     }
   rescue *Gitlab::HTTP::HTTP_ERRORS,
          Gitlab::Json::LimitedEncoder::LimitExceeded, URI::InvalidURIError => e
diff --git a/app/views/projects/diffs/viewers/_not_diffable.html.haml b/app/views/projects/diffs/viewers/_not_diffable.html.haml
index 7c55e272f56..63034331f6a 100644
--- a/app/views/projects/diffs/viewers/_not_diffable.html.haml
+++ b/app/views/projects/diffs/viewers/_not_diffable.html.haml
@@ -1,2 +1,2 @@
 .nothing-here-block
-  = _("This diff was suppressed by a .gitattributes entry.")
+  = _("File suppressed by a .gitattributes entry or the file's encoding is unsupported.")
-- 
cgit v1.2.3