Add receive_max_input_size setting to Application settingsrd-26044-new-option-to-prevent-too-big-git-pushes

If user has configure the setting then it will be passed to gitlab-shell and gitlab-workhorse
author: Rubén Dávila <ruben@gitlab.com> 2018-08-07 18:06:59 -0500
committer: Rubén Dávila <ruben@gitlab.com> 2018-08-07 18:06:59 -0500
commit: 1eb99d8a7bb20d1a62c08c6fdad5f96c204f22d6 (patch)
tree: 0f46342e473123e190fd24cdd5de697a0b04d602
parent: 47df270dc32455dc1bdcc16661fbfcc9969d1520 (diff)
download: gitlab-ce-rd-26044-new-option-to-prevent-too-big-git-pushes.tar.gz
13 files changed, 88 insertions, 6 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index a38b3bd31b1..12f9c914f02 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-0.117.0
+0.118.0
diff --git a/GITLAB_SHELL_VERSION b/GITLAB_SHELL_VERSION
index 8104cabd36f..fbb9ea12de3 100644
--- a/GITLAB_SHELL_VERSION
+++ b/GITLAB_SHELL_VERSION
@@ -1 +1 @@
-8.1.0
+8.2.0
diff --git a/GITLAB_WORKHORSE_VERSION b/GITLAB_WORKHORSE_VERSION
index 831446cbd27..91ff57278e3 100644
--- a/GITLAB_WORKHORSE_VERSION
+++ b/GITLAB_WORKHORSE_VERSION
@@ -1 +1 @@
-5.1.0
+5.2.0
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index a9499140f8a..f4c2c9ee23b 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -220,6 +220,7 @@ module ApplicationSettingsHelper
       :recaptcha_enabled,
       :recaptcha_private_key,
       :recaptcha_site_key,
+      :receive_max_input_size,
       :repository_checks_enabled,
       :repository_storages,
       :require_two_factor_authentication,
diff --git a/app/views/admin/application_settings/_account_and_limit.html.haml b/app/views/admin/application_settings/_account_and_limit.html.haml
index 7c8243a7a90..60a0f43d6e8 100644
--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -14,7 +14,10 @@
       = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'label-bold'
       = f.number_field :max_attachment_size, class: 'form-control'
     .form-group
-      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-bold'
+      = f.label :receive_max_input_size, 'Maximum push size (MB)', class: 'label-light'
+      = f.number_field :receive_max_input_size, class: 'form-control'
+    .form-group
+      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-light'
       = f.number_field :session_expire_delay, class: 'form-control'
       %span.form-text.text-muted#session_expire_delay_help_block GitLab restart is required to apply changes
     .form-group
diff --git a/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
new file mode 100644
index 00000000000..f464b6dda5b
--- /dev/null
+++ b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
@@ -0,0 +1,5 @@
+---
+title: Allow admins to configure the maximum Git push size
+merge_request: 20758
+author:
+type: added
diff --git a/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
new file mode 100644
index 00000000000..4ed851a0780
--- /dev/null
+++ b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddReceiveMaxInputSizeToApplicationSettings < ActiveRecord::Migration
+  DOWNTIME = false
+
+  def change
+    add_column :application_settings, :receive_max_input_size, :integer
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 30b8147a474..afc54d6bd1f 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -169,6 +169,7 @@ ActiveRecord::Schema.define(version: 20180726172057) do
     t.boolean "mirror_available", default: true, null: false
     t.boolean "hide_third_party_offers", default: false, null: false
     t.boolean "instance_statistics_visibility_private", default: false, null: false
+    t.integer "receive_max_input_size"
   end
 
   create_table "audit_events", force: :cascade do |t|
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 516f25db15b..2c8fd6ef565 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -58,11 +58,12 @@ module API
 
         log_user_activity(actor)
 
-        {
+        attrs = {
           status: true,
           gl_repository: gl_repository,
           gl_id: Gitlab::GlId.gl_id(user),
           gl_username: user&.username,
+          git_config_options: [],
 
           # This repository_path is a bogus value but gitlab-shell still requires
           # its presence. https://gitlab.com/gitlab-org/gitlab-shell/issues/135
@@ -70,6 +71,14 @@ module API
 
           gitaly: gitaly_payload(params[:action])
         }
+
+        # Custom option for git-receive-pack command
+        receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+        if receive_max_input_size > 0
+          attrs[:git_config_options] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+        end
+
+        attrs
       end
 
       post "/lfs_authenticate" do
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index a9629a92a50..30a8c3578d8 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -22,18 +22,27 @@ module Gitlab
 
         project = repository.project
 
-        {
+        attrs = {
           GL_ID: Gitlab::GlId.gl_id(user),
           GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
           GL_USERNAME: user&.username,
           ShowAllRefs: show_all_refs,
           Repository: repository.gitaly_repository.to_h,
           RepoPath: 'ignored but not allowed to be empty in gitlab-workhorse',
+          GitConfigOptions: [],
           GitalyServer: {
             address: Gitlab::GitalyClient.address(project.repository_storage),
             token: Gitlab::GitalyClient.token(project.repository_storage)
           }
         }
+
+        # Custom option for git-receive-pack command
+        receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+        if receive_max_input_size > 0
+          attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+        end
+
+        attrs
       end
 
       def send_git_blob(repository, blob)
diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb
index 9d10d725ff3..10e1bfc30f9 100644
--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -78,5 +78,12 @@ describe Admin::ApplicationSettingsController do
       expect(response).to redirect_to(admin_application_settings_path)
       expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty
     end
+
+    it 'updates the receive_max_input_size setting' do
+      put :update, application_setting: { receive_max_input_size: "1024" }
+
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.receive_max_input_size).to eq(1024)
+    end
   end
 end
diff --git a/spec/lib/gitlab/workhorse_spec.rb b/spec/lib/gitlab/workhorse_spec.rb
index 23869f3d2da..b3f55a2e1bd 100644
--- a/spec/lib/gitlab/workhorse_spec.rb
+++ b/spec/lib/gitlab/workhorse_spec.rb
@@ -336,6 +336,22 @@ describe Gitlab::Workhorse do
         it { expect { subject }.to raise_exception('Unsupported action: download') }
       end
     end
+
+    context 'when receive_max_input_size has been updated' do
+      it 'returns custom git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+
+        expect(subject[:GitConfigOptions]).to be_present
+      end
+    end
+
+    context 'when receive_max_input_size is empty' do
+      it 'returns an empty git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+
+        expect(subject[:GitConfigOptions]).to be_empty
+      end
+    end
   end
 
   describe '.set_key_and_notify' do
diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb
index 85c93f35c20..e72ef6a500a 100644
--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -369,6 +369,26 @@ describe API::Internal do
             expect(user.reload.last_activity_on).to be_nil
           end
         end
+
+        context 'when receive_max_input_size has been updated' do
+          it 'returns custom git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+
+            push(key, project)
+
+            expect(json_response["git_config_options"]).to be_present
+          end
+        end
+
+        context 'when receive_max_input_size is empty' do
+          it 'returns an empty git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+
+            push(key, project)
+
+            expect(json_response["git_config_options"]).to be_empty
+          end
+        end
       end
     end
author	Rubén Dávila <ruben@gitlab.com>	2018-08-07 18:06:59 -0500
committer	Rubén Dávila <ruben@gitlab.com>	2018-08-07 18:06:59 -0500
commit	1eb99d8a7bb20d1a62c08c6fdad5f96c204f22d6 (patch)
tree	0f46342e473123e190fd24cdd5de697a0b04d602
parent	47df270dc32455dc1bdcc16661fbfcc9969d1520 (diff)
download	gitlab-ce-rd-26044-new-option-to-prevent-too-big-git-pushes.tar.gz