diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-17 17:02:16 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-17 17:02:16 +0000 |
commit | ba21be7f1d4c8fc99412274a70c89a1c83d0331f (patch) | |
tree | a48ff0443d7c7ce026cb9cd252ab5c1a2253a22d | |
parent | f64a639bcfa1fc2bc89ca7db268f594306edfd7c (diff) | |
download | gitlab-ce-ba21be7f1d4c8fc99412274a70c89a1c83d0331f.tar.gz |
Add latest changes from gitlab-org/gitlab@13-10-stable-ee
-rw-r--r-- | changelogs/unreleased/security-patch-kramdown.yml | 5 | ||||
-rw-r--r-- | config/initializers/kramdown_patch.rb | 25 | ||||
-rw-r--r-- | spec/initializers/kramdown_patch_spec.rb | 38 | ||||
-rwxr-xr-x[-rw-r--r--] | vendor/gitignore/C++.gitignore | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | vendor/gitignore/Java.gitignore | 0 |
5 files changed, 68 insertions, 0 deletions
diff --git a/changelogs/unreleased/security-patch-kramdown.yml b/changelogs/unreleased/security-patch-kramdown.yml new file mode 100644 index 00000000000..792619327fe --- /dev/null +++ b/changelogs/unreleased/security-patch-kramdown.yml @@ -0,0 +1,5 @@ +--- +title: Patch Kramdown syntax highlighter gem +merge_request: +author: +type: security diff --git a/config/initializers/kramdown_patch.rb b/config/initializers/kramdown_patch.rb new file mode 100644 index 00000000000..5cb769cec24 --- /dev/null +++ b/config/initializers/kramdown_patch.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true +# +# This pulls in https://github.com/gettalong/kramdown/pull/708 for kramdown v2.3.0. +# Remove this file when that pull request is merged and released. +require 'kramdown/converter' +require 'kramdown/converter/syntax_highlighter/rouge' + +module Kramdown::Converter::SyntaxHighlighter + module Rouge + def self.formatter_class(opts = {}) + case formatter = opts[:formatter] + when Class + formatter + when /\A[[:upper:]][[:alnum:]_]*\z/ + ::Rouge::Formatters.const_get(formatter, false) + else + # Available in Rouge 2.0 or later + ::Rouge::Formatters::HTMLLegacy + end + rescue NameError + # Fallback to Rouge 1.x + ::Rouge::Formatters::HTML + end + end +end diff --git a/spec/initializers/kramdown_patch_spec.rb b/spec/initializers/kramdown_patch_spec.rb new file mode 100644 index 00000000000..49dda9252bb --- /dev/null +++ b/spec/initializers/kramdown_patch_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Kramdown patch for syntax highlighting formatters' do + subject { Kramdown::Document.new(options + "\n" + code).to_html } + + let(:code) do + <<-RUBY +~~~ ruby + def what? + 42 + end +~~~ + RUBY + end + + context 'with invalid formatter' do + let(:options) { %({::options auto_ids="false" footnote_nr="5" syntax_highlighter="rouge" syntax_highlighter_opts="{formatter: CSV, line_numbers: true\\}" /}) } + + it 'falls back to standard HTML and disallows CSV' do + expect(CSV).not_to receive(:new) + expect(::Rouge::Formatters::HTML).to receive(:new).and_call_original + + expect(subject).to be_present + end + end + + context 'with valid formatter' do + let(:options) { %({::options auto_ids="false" footnote_nr="5" syntax_highlighter="rouge" syntax_highlighter_opts="{formatter: HTMLLegacy\\}" /}) } + + it 'allows formatter' do + expect(::Rouge::Formatters::HTMLLegacy).to receive(:new).and_call_original + + expect(subject).to be_present + end + end +end diff --git a/vendor/gitignore/C++.gitignore b/vendor/gitignore/C++.gitignore index 259148fa18f..259148fa18f 100644..100755 --- a/vendor/gitignore/C++.gitignore +++ b/vendor/gitignore/C++.gitignore diff --git a/vendor/gitignore/Java.gitignore b/vendor/gitignore/Java.gitignore index a1c2a238a96..a1c2a238a96 100644..100755 --- a/vendor/gitignore/Java.gitignore +++ b/vendor/gitignore/Java.gitignore |