diff options
| author | Steve Azzopardi <sazzopardi@gitlab.com> | 2018-11-18 11:40:09 +0000 |
|---|---|---|
| committer | Steve Azzopardi <steveazz@outlook.com> | 2018-11-18 12:42:15 +0100 |
| commit | 8332599545d88fb40aedc6d3b5b3902b06d9d270 (patch) | |
| tree | e62e592542666ce58ceb2006ec5496475bf6742c | |
| parent | c76d47bb5c326d85c252e4c0276273138a982317 (diff) | |
| download | gitlab-ce-8332599545d88fb40aedc6d3b5b3902b06d9d270.tar.gz | |
Merge branch 'sh-fix-issue-54189-11-5' into 'security-11-5'
[11.5] Prevent templated services from being imported
See merge request gitlab/gitlabhq!2635
4 files changed, 37 insertions, 1 deletions
diff --git a/ee/changelogs/unreleased/sh-fix-issue-54189.yml b/ee/changelogs/unreleased/sh-fix-issue-54189.yml new file mode 100644 index 00000000000..eee743aa5d9 --- /dev/null +++ b/ee/changelogs/unreleased/sh-fix-issue-54189.yml @@ -0,0 +1,5 @@ +--- +title: Prevent templated services from being imported +merge_request: +author: +type: security diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index 9790818ecaf..b40eac3de9a 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -154,6 +154,8 @@ excluded_attributes: - :encrypted_token_iv - :encrypted_url - :encrypted_url_iv + services: + - :template methods: labels: diff --git a/spec/lib/gitlab/import_export/project.light.json b/spec/lib/gitlab/import_export/project.light.json index ba2248073f5..2971ca0f0f8 100644 --- a/spec/lib/gitlab/import_export/project.light.json +++ b/spec/lib/gitlab/import_export/project.light.json @@ -101,6 +101,28 @@ ] } ], + "services": [ + { + "id": 100, + "title": "JetBrains TeamCity CI", + "project_id": 5, + "created_at": "2016-06-14T15:01:51.315Z", + "updated_at": "2016-06-14T15:01:51.315Z", + "active": false, + "properties": {}, + "template": true, + "push_events": true, + "issues_events": true, + "merge_requests_events": true, + "tag_push_events": true, + "note_events": true, + "job_events": true, + "type": "TeamcityService", + "category": "ci", + "default": false, + "wiki_page_events": true + } + ], "snippets": [], "hooks": [] } diff --git a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb index 365bfae0d88..7171e12a849 100644 --- a/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb +++ b/spec/lib/gitlab/import_export/project_tree_restorer_spec.rb @@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do issues: 1, labels: 1, milestones: 1, - first_issue_labels: 1 + first_issue_labels: 1, + services: 1 context 'project.json file access check' do it 'does not read a symlink' do @@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json") end + it 'does not import any templated services' do + restored_project_json + + expect(project.services.where(template: true).count).to eq(0) + end + it 'imports labels' do create(:group_label, name: 'Another label', group: project.group) |