diff options
| author | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-18 11:06:31 +0000 |
|---|---|---|
| committer | Steve Azzopardi <steveazz@outlook.com> | 2018-11-18 12:12:33 +0100 |
| commit | 721e484d922dac443cb8c7fdbcb944bed573a9fe (patch) | |
| tree | 574f5466a4c0826904dfb546efce3e78bb4558ec | |
| parent | ec90eb99b7d7da3f17177b1b731503d3d4a177b3 (diff) | |
| download | gitlab-ce-721e484d922dac443cb8c7fdbcb944bed573a9fe.tar.gz | |
Merge branch 'sh-fix-issue-54189-11-4' into 'security-11-4'
[11.4] Prevent templated services from being imported
See merge request gitlab/gitlabhq!2636
4 files changed, 37 insertions, 1 deletions
diff --git a/ee/changelogs/unreleased/sh-fix-issue-54189.yml b/ee/changelogs/unreleased/sh-fix-issue-54189.yml new file mode 100644 index 00000000000..eee743aa5d9 --- /dev/null +++ b/ee/changelogs/unreleased/sh-fix-issue-54189.yml @@ -0,0 +1,5 @@ +--- +title: Prevent templated services from being imported +merge_request: +author: +type: security diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index 2bed470514b..236780730e2 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -153,6 +153,8 @@ excluded_attributes: - :encrypted_token_iv - :encrypted_url - :encrypted_url_iv + services: + - :template methods: labels: diff --git a/spec/lib/gitlab/import_export/project.light.json b/spec/lib/gitlab/import_export/project.light.json index ba2248073f5..2971ca0f0f8 100644 --- a/spec/lib/gitlab/import_export/project.light.json +++ b/spec/lib/gitlab/import_export/project.light.json @@ -101,6 +101,28 @@ ] } ], + "services": [ + { + "id": 100, + "title": "JetBrains TeamCity CI", + "project_id": 5, + "created_at": "2016-06-14T15:01:51.315Z", + "updated_at": "2016-06-14T15:01:51.315Z", + "active": false, + "properties": {}, + "template": true, + "push_events": true, + "issues_events": true, + "merge_requests_events": true, + "tag_push_events": true, + "note_events": true, + "job_events": true, + "type": "TeamcityService", + "category": "ci", + "default": false, + "wiki_page_events": true + } + ], "snippets": [], "hooks": [] } diff --git a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb index 7ebfc61f5e7..0f0bad91e3e 100644 --- a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb +++ b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb @@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do issues: 1, labels: 1, milestones: 1, - first_issue_labels: 1 + first_issue_labels: 1, + services: 1 context 'project.json file access check' do it 'does not read a symlink' do @@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json") end + it 'does not import any templated services' do + restored_project_json + + expect(project.services.where(template: true).count).to eq(0) + end + it 'imports labels' do create(:group_label, name: 'Another label', group: project.group) |