diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-10-03 16:27:14 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-10-03 16:27:14 +0000 |
| commit | 69fd4f948686f2d0381d5690ac5dbd6e4e411270 (patch) | |
| tree | f646002c9eaacf6f4f8947232c81bc41bc67d9cc | |
| parent | 23e6b17b3e7fab3fc1668234133dcf339dedc649 (diff) | |
| parent | 0a6925c1f5996115529582816415c99f4fb92ab1 (diff) | |
| download | gitlab-ce-69fd4f948686f2d0381d5690ac5dbd6e4e411270.tar.gz | |
Merge branch 'gem/sm/bump-google-api-client-gem-from-0-8-6-to-0-13-6' into 'master'
Bump google-api-client Gem from 0.8.6 to 0.13.6
Closes #38286
See merge request gitlab-org/gitlab-ce!14495
| -rw-r--r-- | Gemfile | 6 | ||||
| -rw-r--r-- | Gemfile.lock | 62 | ||||
| -rw-r--r-- | changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml | 5 | ||||
| -rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 3 | ||||
| -rw-r--r-- | lib/gitlab/url_sanitizer.rb | 8 | ||||
| -rw-r--r-- | spec/lib/gitlab/url_sanitizer_spec.rb | 25 |
6 files changed, 49 insertions, 60 deletions
@@ -105,7 +105,7 @@ gem 'fog-rackspace', '~> 0.1.1' gem 'fog-aliyun', '~> 0.1.0' # for Google storage -gem 'google-api-client', '~> 0.8.6' +gem 'google-api-client', '~> 0.13.6' # for aws storage gem 'unf', '~> 0.1.4' @@ -239,7 +239,7 @@ gem 'rack-proxy', '~> 0.6.0' gem 'sass-rails', '~> 5.0.6' gem 'uglifier', '~> 2.7.2' -gem 'addressable', '~> 2.3.8' +gem 'addressable', '~> 2.5.2' gem 'bootstrap-sass', '~> 3.3.0' gem 'font-awesome-rails', '~> 4.7' gem 'gemojione', '~> 3.3' @@ -356,7 +356,7 @@ end group :test do gem 'shoulda-matchers', '~> 3.1.2', require: false gem 'email_spec', '~> 1.6.0' - gem 'json-schema', '~> 2.6.2' + gem 'json-schema', '~> 2.8.0' gem 'webmock', '~> 2.3.2' gem 'test_after_commit', '~> 1.1' gem 'sham_rack', '~> 1.3.6' diff --git a/Gemfile.lock b/Gemfile.lock index e1bb5d0854d..a0ad2716c01 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -45,7 +45,8 @@ GEM adamantium (0.2.0) ice_nine (~> 0.11.0) memoizable (~> 0.4.0) - addressable (2.3.8) + addressable (2.5.2) + public_suffix (>= 2.0.2, < 4.0) akismet (2.0.0) allocations (1.0.5) arel (6.0.4) @@ -62,10 +63,6 @@ GEM attr_encrypted (3.0.3) encryptor (~> 3.0.0) attr_required (1.0.0) - autoparse (0.3.3) - addressable (>= 2.3.1) - extlib (>= 0.9.15) - multi_json (>= 1.0.0) autoprefixer-rails (6.2.3) execjs json @@ -146,6 +143,8 @@ GEM debugger-ruby_core_source (1.3.8) deckar01-task_list (2.0.0) html-pipeline + declarative (0.0.10) + declarative-option (0.1.0) default_value_for (3.0.2) activerecord (>= 3.2.0, < 5.1) descendants_tracker (0.0.4) @@ -188,7 +187,6 @@ GEM excon (0.57.1) execjs (2.6.0) expression_parser (0.9.0) - extlib (0.9.16) factory_girl (4.7.0) activesupport (>= 3.0.0) factory_girl_rails (4.7.0) @@ -288,10 +286,10 @@ GEM flowdock (~> 0.7) gitlab-grit (>= 2.4.1) multi_json - gitlab-grit (2.8.1) + gitlab-grit (2.8.2) charlock_holmes (~> 0.6) diff-lcs (~> 1.1) - mime-types (>= 1.16, < 3) + mime-types (>= 1.16) posix-spawn (~> 0.3) gitlab-markup (1.6.2) gitlab_omniauth-ldap (2.0.4) @@ -319,20 +317,16 @@ GEM json multi_json request_store (>= 1.0) - google-api-client (0.8.7) - activesupport (>= 3.2, < 5.0) - addressable (~> 2.3) - autoparse (~> 0.3) - extlib (~> 0.9) - faraday (~> 0.9) - googleauth (~> 0.3) - launchy (~> 2.4) - multi_json (~> 1.10) - retriable (~> 1.4) - signet (~> 0.6) + google-api-client (0.13.6) + addressable (~> 2.5, >= 2.5.1) + googleauth (~> 0.5) + httpclient (>= 2.8.1, < 3.0) + mime-types (~> 3.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) google-protobuf (3.4.0.2) - googleauth (0.5.1) - faraday (~> 0.9) + googleauth (0.5.3) + faraday (~> 0.12) jwt (~> 1.4) logging (~> 2.0) memoist (~> 0.12) @@ -422,8 +416,8 @@ GEM multi_json (>= 1.3) securecompare url_safe_base64 - json-schema (2.6.2) - addressable (~> 2.3.8) + json-schema (2.8.0) + addressable (>= 2.4) jwt (1.5.6) kaminari (1.0.1) activesupport (>= 4.1.0) @@ -475,18 +469,20 @@ GEM mail (2.6.6) mime-types (>= 1.16, < 4) mail_room (0.9.1) - memoist (0.15.0) + memoist (0.16.0) memoizable (0.4.2) thread_safe (~> 0.3, >= 0.3.1) method_source (0.8.2) - mime-types (2.99.3) + mime-types (3.1) + mime-types-data (~> 3.2015) + mime-types-data (3.2016.0521) mimemagic (0.3.0) mini_mime (0.1.4) mini_portile2 (2.3.0) minitest (5.7.0) mmap2 (2.2.7) mousetrap-rails (1.4.6) - multi_json (1.12.1) + multi_json (1.12.2) multi_xml (0.6.0) multipart-post (2.0.0) mustermann (1.0.0) @@ -635,6 +631,7 @@ GEM pry (~> 0.10) pry-rails (0.3.5) pry (>= 0.9.10) + public_suffix (3.0.0) pyu-ruby-sasl (0.0.3.3) rack (1.6.8) rack-accept (0.4.5) @@ -717,6 +714,10 @@ GEM redis-store (~> 1.2.0) redis-store (1.2.0) redis (>= 2.2) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) request_store (1.3.1) responders (2.3.0) railties (>= 4.2.0, < 5.1) @@ -724,7 +725,7 @@ GEM http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - retriable (1.4.1) + retriable (3.1.1) rinku (2.0.0) rotp (2.1.2) rouge (2.2.1) @@ -903,6 +904,7 @@ GEM tzinfo (1.2.3) thread_safe (~> 0.1) u2f (0.2.1) + uber (0.1.0) uglifier (2.7.2) execjs (>= 0.3.0) json (>= 1.8.0) @@ -963,7 +965,7 @@ DEPENDENCIES ace-rails-ap (~> 4.1.0) activerecord_sane_schema_dumper (= 0.2) acts-as-taggable-on (~> 4.0) - addressable (~> 2.3.8) + addressable (~> 2.5.2) akismet (~> 2.0) allocations (~> 1.0) asana (~> 0.6.0) @@ -1033,7 +1035,7 @@ DEPENDENCIES gollum-lib (~> 4.2) gollum-rugged_adapter (~> 0.4.4) gon (~> 6.1.0) - google-api-client (~> 0.8.6) + google-api-client (~> 0.13.6) gpgme grape (~> 1.0) grape-entity (~> 0.6.0) @@ -1051,7 +1053,7 @@ DEPENDENCIES jira-ruby (~> 1.4) jquery-atwho-rails (~> 1.3.2) jquery-rails (~> 4.1.0) - json-schema (~> 2.6.2) + json-schema (~> 2.8.0) jwt (~> 1.5.6) kaminari (~> 1.0) knapsack (~> 1.11.0) diff --git a/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml b/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml new file mode 100644 index 00000000000..13ec113167f --- /dev/null +++ b/changelogs/unreleased/gem-sm-bump-google-api-client-gem-from-0-8-6-to-0-13-6.yml @@ -0,0 +1,5 @@ +--- +title: Bump google-api-client Gem from 0.8.6 to 0.13.6 +merge_request: +author: +type: other diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 88b17e12576..d8c8deea628 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -73,8 +73,9 @@ module Banzai return unless node.has_attribute?('href') begin + node['href'] = node['href'].strip uri = Addressable::URI.parse(node['href']) - uri.scheme = uri.scheme.strip.downcase if uri.scheme + uri.scheme = uri.scheme.downcase if uri.scheme node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) rescue Addressable::URI::InvalidURIError diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb index 4e1ec1402ea..1caa791c1be 100644 --- a/lib/gitlab/url_sanitizer.rb +++ b/lib/gitlab/url_sanitizer.rb @@ -1,7 +1,9 @@ module Gitlab class UrlSanitizer + ALLOWED_SCHEMES = %w[http https ssh git].freeze + def self.sanitize(content) - regexp = URI::Parser.new.make_regexp(%w(http https ssh git)) + regexp = URI::Parser.new.make_regexp(ALLOWED_SCHEMES) content.gsub(regexp) { |url| new(url).masked_url } rescue Addressable::URI::InvalidURIError @@ -11,9 +13,9 @@ module Gitlab def self.valid?(url) return false unless url.present? - Addressable::URI.parse(url.strip) + uri = Addressable::URI.parse(url.strip) - true + ALLOWED_SCHEMES.include?(uri.scheme) rescue Addressable::URI::InvalidURIError false end diff --git a/spec/lib/gitlab/url_sanitizer_spec.rb b/spec/lib/gitlab/url_sanitizer_spec.rb index 59c28431e1e..fc8991fd31f 100644 --- a/spec/lib/gitlab/url_sanitizer_spec.rb +++ b/spec/lib/gitlab/url_sanitizer_spec.rb @@ -39,7 +39,8 @@ describe Gitlab::UrlSanitizer do false | nil false | '' false | '123://invalid:url' - true | 'valid@project:url.git' + false | 'valid@project:url.git' + false | 'valid:pass@project:url.git' true | 'ssh://example.com' true | 'ssh://:@example.com' true | 'ssh://foo@example.com' @@ -81,24 +82,6 @@ describe Gitlab::UrlSanitizer do describe '#credentials' do context 'credentials in hash' do - where(:input, :output) do - { user: 'foo', password: 'bar' } | { user: 'foo', password: 'bar' } - { user: 'foo', password: '' } | { user: 'foo', password: nil } - { user: 'foo', password: nil } | { user: 'foo', password: nil } - { user: '', password: 'bar' } | { user: nil, password: 'bar' } - { user: '', password: '' } | { user: nil, password: nil } - { user: '', password: nil } | { user: nil, password: nil } - { user: nil, password: 'bar' } | { user: nil, password: 'bar' } - { user: nil, password: '' } | { user: nil, password: nil } - { user: nil, password: nil } | { user: nil, password: nil } - end - - with_them do - subject { described_class.new('user@example.com:path.git', credentials: input).credentials } - - it { is_expected.to eq(output) } - end - it 'overrides URL-provided credentials' do sanitizer = described_class.new('http://a:b@example.com', credentials: { user: 'c', password: 'd' }) @@ -116,10 +99,6 @@ describe Gitlab::UrlSanitizer do 'http://@example.com' | { user: nil, password: nil } 'http://example.com' | { user: nil, password: nil } - # Credentials from SCP-style URLs are not supported at present - 'foo@example.com:path' | { user: nil, password: nil } - 'foo:bar@example.com:path' | { user: nil, password: nil } - # Other invalid URLs nil | { user: nil, password: nil } '' | { user: nil, password: nil } |