diff options
author | Brian Neel <brian@gitlab.com> | 2017-07-10 17:27:53 -0400 |
---|---|---|
committer | Brian Neel <brian@gitlab.com> | 2017-07-10 17:27:53 -0400 |
commit | 2e062bae74563550b0324e5644ec8a5f5161e9e9 (patch) | |
tree | d988de771b1e12714b0a99491222cbed8e8aa1de | |
parent | 86dcba470ebc6093eedabe56d8b4acf4ed65c212 (diff) | |
download | gitlab-ce-add-rubocop-gitlab-security.tar.gz |
Whitelist security checks for gem 0.0.5add-rubocop-gitlab-security
-rw-r--r-- | app/helpers/issuables_helper.rb | 2 | ||||
-rw-r--r-- | app/models/merge_request.rb | 2 | ||||
-rw-r--r-- | app/models/project.rb | 2 | ||||
-rw-r--r-- | app/models/user.rb | 4 | ||||
-rw-r--r-- | app/services/labels/transfer_service.rb | 2 | ||||
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | lib/ci/charts.rb | 2 |
7 files changed, 8 insertions, 8 deletions
diff --git a/app/helpers/issuables_helper.rb b/app/helpers/issuables_helper.rb index b5366519ed9..9aa059c3d61 100644 --- a/app/helpers/issuables_helper.rb +++ b/app/helpers/issuables_helper.rb @@ -234,7 +234,7 @@ module IssuablesHelper end def issuables_count_for_state(issuable_type, state, finder: nil) - finder ||= public_send("#{issuable_type}_finder") + finder ||= public_send("#{issuable_type}_finder") # rubocop:disable GitlabSecurity/PublicSend cache_key = finder.state_counter_cache_key(state) @counts ||= {} diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb index 808212c780c..cbd6f6a8d5d 100644 --- a/app/models/merge_request.rb +++ b/app/models/merge_request.rb @@ -172,7 +172,7 @@ class MergeRequest < ActiveRecord::Base target = unscoped.where(target_project_id: relation).select(:id) union = Gitlab::SQL::Union.new([source, target]) - where("merge_requests.id IN (#{union.to_sql})") + where("merge_requests.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection end WIP_REGEX = /\A\s*(\[WIP\]\s*|WIP:\s*|WIP\s+)+\s*/i.freeze diff --git a/app/models/project.rb b/app/models/project.rb index d58846a25fe..38240963167 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -391,7 +391,7 @@ class Project < ActiveRecord::Base union = Gitlab::SQL::Union.new([projects, namespaces]) - where("projects.id IN (#{union.to_sql})") + where("projects.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection end def search_by_title(query) diff --git a/app/models/user.rb b/app/models/user.rb index f593fdc10dd..a19edef3aa5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -514,7 +514,7 @@ class User < ActiveRecord::Base union = Gitlab::SQL::Union .new([groups.select(:id), authorized_projects.select(:namespace_id)]) - Group.where("namespaces.id IN (#{union.to_sql})") + Group.where("namespaces.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection end # Returns a relation of groups the user has access to, including their parent @@ -899,7 +899,7 @@ class User < ActiveRecord::Base def ci_authorized_runners @ci_authorized_runners ||= begin runner_ids = Ci::RunnerProject - .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") + .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection .select(:runner_id) Ci::Runner.specific.where(id: runner_ids) end diff --git a/app/services/labels/transfer_service.rb b/app/services/labels/transfer_service.rb index d2ece354efc..775efed48eb 100644 --- a/app/services/labels/transfer_service.rb +++ b/app/services/labels/transfer_service.rb @@ -37,7 +37,7 @@ module Labels union = Gitlab::SQL::Union.new(label_ids) - Label.where("labels.id IN (#{union.to_sql})").reorder(nil).uniq + Label.where("labels.id IN (#{union.to_sql})").reorder(nil).uniq # rubocop:disable GitlabSecurity/SqlInjection end def group_labels_applied_to_issues diff --git a/config/application.rb b/config/application.rb index a9a961d7520..548031e72b0 100644 --- a/config/application.rb +++ b/config/application.rb @@ -171,7 +171,7 @@ module Gitlab next unless name.include?('namespace_project') define_method(name.sub('namespace_project', 'project')) do |project, *args| - send(name, project&.namespace, project, *args) + send(name, project&.namespace, project, *args) # rubocop:disable GitlabSecurity/PublicSend end end end diff --git a/lib/ci/charts.rb b/lib/ci/charts.rb index 872e418c788..76a69bf8a83 100644 --- a/lib/ci/charts.rb +++ b/lib/ci/charts.rb @@ -47,7 +47,7 @@ module Ci def collect query = project.pipelines - .where("? > #{Ci::Pipeline.table_name}.created_at AND #{Ci::Pipeline.table_name}.created_at > ?", @to, @from) + .where("? > #{Ci::Pipeline.table_name}.created_at AND #{Ci::Pipeline.table_name}.created_at > ?", @to, @from) # rubocop:disable GitlabSecurity/SqlInjection totals_count = grouped_count(query) success_count = grouped_count(query.success) |