diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 14:17:04 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-06-29 14:17:04 +0000 |
| commit | 4b5fae86e7a62cc2bc526c5a08eb521ed516e275 (patch) | |
| tree | bcfd1993ac4740331dc4090304e6860d040948fd | |
| parent | d547692176052bc047f36cfd1a638f1b746bfa6d (diff) | |
| download | gitlab-ce-4b5fae86e7a62cc2bc526c5a08eb521ed516e275.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@14-10-stable-ee
8 files changed, 48 insertions, 109 deletions
diff --git a/app/models/clusters/applications/runner.rb b/app/models/clusters/applications/runner.rb index 74b09f935eb..e62b6fa5fc5 100644 --- a/app/models/clusters/applications/runner.rb +++ b/app/models/clusters/applications/runner.rb @@ -3,7 +3,7 @@ module Clusters module Applications class Runner < ApplicationRecord - VERSION = '0.39.2' + VERSION = '0.39.0' self.table_name = 'clusters_applications_runners' diff --git a/lib/bulk_imports/projects/graphql/get_project_query.rb b/lib/bulk_imports/projects/graphql/get_project_query.rb index 76475893ac1..b3d7f3f4683 100644 --- a/lib/bulk_imports/projects/graphql/get_project_query.rb +++ b/lib/bulk_imports/projects/graphql/get_project_query.rb @@ -10,8 +10,20 @@ module BulkImports <<-'GRAPHQL' query($full_path: ID!) { project(fullPath: $full_path) { + description visibility + archived created_at: createdAt + shared_runners_enabled: sharedRunnersEnabled + container_registry_enabled: containerRegistryEnabled + only_allow_merge_if_pipeline_succeeds: onlyAllowMergeIfPipelineSucceeds + only_allow_merge_if_all_discussions_are_resolved: onlyAllowMergeIfAllDiscussionsAreResolved + request_access_enabled: requestAccessEnabled + printing_merge_request_link_enabled: printingMergeRequestLinkEnabled + remove_source_branch_after_merge: removeSourceBranchAfterMerge + autoclose_referenced_issues: autocloseReferencedIssues + suggestion_commit_message: suggestionCommitMessage + wiki_enabled: wikiEnabled } } GRAPHQL diff --git a/lib/bulk_imports/projects/transformers/project_attributes_transformer.rb b/lib/bulk_imports/projects/transformers/project_attributes_transformer.rb index 38730a7723b..24c55d8dbb1 100644 --- a/lib/bulk_imports/projects/transformers/project_attributes_transformer.rb +++ b/lib/bulk_imports/projects/transformers/project_attributes_transformer.rb @@ -7,18 +7,16 @@ module BulkImports PROJECT_IMPORT_TYPE = 'gitlab_project_migration' def transform(context, data) - project = {} entity = context.entity visibility = data.delete('visibility') - project[:name] = entity.destination_name - project[:path] = entity.destination_name.parameterize - project[:created_at] = data['created_at'] - project[:import_type] = PROJECT_IMPORT_TYPE - project[:visibility_level] = Gitlab::VisibilityLevel.string_options[visibility] if visibility.present? - project[:namespace_id] = Namespace.find_by_full_path(entity.destination_namespace)&.id if entity.destination_namespace.present? + data['name'] = entity.destination_name + data['path'] = entity.destination_name.parameterize + data['import_type'] = PROJECT_IMPORT_TYPE + data['visibility_level'] = Gitlab::VisibilityLevel.string_options[visibility] if visibility.present? + data['namespace_id'] = Namespace.find_by_full_path(entity.destination_namespace)&.id if entity.destination_namespace.present? - project + data.transform_keys!(&:to_sym) end end end diff --git a/lib/gitlab/import_export/decompressed_archive_size_validator.rb b/lib/gitlab/import_export/decompressed_archive_size_validator.rb index a185eb4df1c..61b37256964 100644 --- a/lib/gitlab/import_export/decompressed_archive_size_validator.rb +++ b/lib/gitlab/import_export/decompressed_archive_size_validator.rb @@ -8,8 +8,6 @@ module Gitlab DEFAULT_MAX_BYTES = 10.gigabytes.freeze TIMEOUT_LIMIT = 210.seconds - ServiceError = Class.new(StandardError) - def initialize(archive_path:, max_bytes: self.class.max_bytes) @archive_path = archive_path @max_bytes = max_bytes @@ -31,8 +29,6 @@ module Gitlab pgrp = nil valid_archive = true - validate_archive_path - Timeout.timeout(TIMEOUT_LIMIT) do stdin, stdout, stderr, wait_thr = Open3.popen3(command, pgroup: true) stdin.close @@ -82,29 +78,15 @@ module Gitlab false end - def validate_archive_path - Gitlab::Utils.check_path_traversal!(@archive_path) - - raise(ServiceError, 'Archive path is not a string') unless @archive_path.is_a?(String) - raise(ServiceError, 'Archive path is a symlink') if File.lstat(@archive_path).symlink? - raise(ServiceError, 'Archive path is not a file') unless File.file?(@archive_path) - end - def command "gzip -dc #{@archive_path} | wc -c" end def log_error(error) - archive_size = begin - File.size(@archive_path) - rescue StandardError - nil - end - Gitlab::Import::Logger.info( message: error, import_upload_archive_path: @archive_path, - import_upload_archive_size: archive_size + import_upload_archive_size: File.size(@archive_path) ) end end diff --git a/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb b/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb index 567a0a4fcc3..c53c0849931 100644 --- a/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb +++ b/spec/lib/bulk_imports/projects/pipelines/project_pipeline_spec.rb @@ -25,7 +25,18 @@ RSpec.describe BulkImports::Projects::Pipelines::ProjectPipeline do let(:project_data) do { 'visibility' => 'private', - 'created_at' => '2016-08-12T09:41:03' + 'created_at' => 10.days.ago, + 'archived' => false, + 'shared_runners_enabled' => true, + 'container_registry_enabled' => true, + 'only_allow_merge_if_pipeline_succeeds' => true, + 'only_allow_merge_if_all_discussions_are_resolved' => true, + 'request_access_enabled' => true, + 'printing_merge_request_link_enabled' => true, + 'remove_source_branch_after_merge' => true, + 'autoclose_referenced_issues' => true, + 'suggestion_commit_message' => 'message', + 'wiki_enabled' => true } end @@ -47,8 +58,17 @@ RSpec.describe BulkImports::Projects::Pipelines::ProjectPipeline do expect(imported_project).not_to be_nil expect(imported_project.group).to eq(group) - expect(imported_project.visibility).to eq(project_data['visibility']) - expect(imported_project.created_at).to eq(project_data['created_at']) + expect(imported_project.suggestion_commit_message).to eq('message') + expect(imported_project.archived?).to eq(project_data['archived']) + expect(imported_project.shared_runners_enabled?).to eq(project_data['shared_runners_enabled']) + expect(imported_project.container_registry_enabled?).to eq(project_data['container_registry_enabled']) + expect(imported_project.only_allow_merge_if_pipeline_succeeds?).to eq(project_data['only_allow_merge_if_pipeline_succeeds']) + expect(imported_project.only_allow_merge_if_all_discussions_are_resolved?).to eq(project_data['only_allow_merge_if_all_discussions_are_resolved']) + expect(imported_project.request_access_enabled?).to eq(project_data['request_access_enabled']) + expect(imported_project.printing_merge_request_link_enabled?).to eq(project_data['printing_merge_request_link_enabled']) + expect(imported_project.remove_source_branch_after_merge?).to eq(project_data['remove_source_branch_after_merge']) + expect(imported_project.autoclose_referenced_issues?).to eq(project_data['autoclose_referenced_issues']) + expect(imported_project.wiki_enabled?).to eq(project_data['wiki_enabled']) end end diff --git a/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb b/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb index a1d77b9732d..822bb9a5605 100644 --- a/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb +++ b/spec/lib/bulk_imports/projects/transformers/project_attributes_transformer_spec.rb @@ -25,8 +25,8 @@ RSpec.describe BulkImports::Projects::Transformers::ProjectAttributesTransformer let(:data) do { - 'visibility' => 'private', - 'created_at' => '2016-11-18T09:29:42.634Z' + 'name' => 'source_name', + 'visibility' => 'private' } end @@ -76,21 +76,8 @@ RSpec.describe BulkImports::Projects::Transformers::ProjectAttributesTransformer end end - context 'when data has extra keys' do - it 'returns a fixed number of keys' do - data = { - 'visibility' => 'private', - 'created_at' => '2016-11-18T09:29:42.634Z', - 'my_key' => 'my_key', - 'another_key' => 'another_key', - 'last_key' => 'last_key' - } - - transformed_data = described_class.new.transform(context, data) - - expect(transformed_data.keys) - .to contain_exactly(:created_at, :import_type, :name, :namespace_id, :path, :visibility_level) - end + it 'converts all keys to symbols' do + expect(transformed_data.keys).to contain_exactly(:name, :path, :import_type, :visibility_level, :namespace_id) end end end diff --git a/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb index dea584e5019..fe3b638d20f 100644 --- a/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb +++ b/spec/lib/gitlab/import_export/decompressed_archive_size_validator_spec.rb @@ -86,65 +86,6 @@ RSpec.describe Gitlab::ImportExport::DecompressedArchiveSizeValidator do include_examples 'logs raised exception and terminates validator process group' end end - - context 'archive path validation' do - let(:filesize) { nil } - - before do - expect(Gitlab::Import::Logger) - .to receive(:info) - .with( - import_upload_archive_path: filepath, - import_upload_archive_size: filesize, - message: error_message - ) - end - - context 'when archive path is traversed' do - let(:filepath) { '/foo/../bar' } - let(:error_message) { 'Invalid path' } - - it 'returns false' do - expect(subject.valid?).to eq(false) - end - end - - context 'when archive path is not a string' do - let(:filepath) { 123 } - let(:error_message) { 'Archive path is not a string' } - - it 'returns false' do - expect(subject.valid?).to eq(false) - end - end - - context 'which archive path is a symlink' do - let(:filepath) { File.join(Dir.tmpdir, 'symlink') } - let(:error_message) { 'Archive path is a symlink' } - - before do - FileUtils.ln_s(filepath, filepath, force: true) - end - - it 'returns false' do - expect(subject.valid?).to eq(false) - end - end - - context 'when archive path is not a file' do - let(:filepath) { Dir.mktmpdir } - let(:filesize) { File.size(filepath) } - let(:error_message) { 'Archive path is not a file' } - - after do - FileUtils.rm_rf(filepath) - end - - it 'returns false' do - expect(subject.valid?).to eq(false) - end - end - end end def create_compressed_file diff --git a/spec/services/bulk_imports/file_decompression_service_spec.rb b/spec/services/bulk_imports/file_decompression_service_spec.rb index 77348428d60..1d6aa79a37f 100644 --- a/spec/services/bulk_imports/file_decompression_service_spec.rb +++ b/spec/services/bulk_imports/file_decompression_service_spec.rb @@ -80,8 +80,7 @@ RSpec.describe BulkImports::FileDecompressionService do subject { described_class.new(tmpdir: tmpdir, filename: 'symlink.gz') } it 'raises an error and removes the file' do - expect { subject.execute } - .to raise_error(BulkImports::FileDecompressionService::ServiceError, 'File decompression error') + expect { subject.execute }.to raise_error(described_class::ServiceError, 'Invalid file') expect(File.exist?(symlink)).to eq(false) end |