Add latest changes from gitlab-org/security/gitlab@14-8-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-25 16:31:46 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-25 16:32:06 +0000
commit: e92c90758eb4126acc84962d37bb273d6d87b27b (patch)
tree: 6d5f4ca9731a6aa76b80372276c68ab39e0f4149 /app/assets/javascripts
parent: b485c8c3723dc5aaba15ab9fa258010d1ec66d61 (diff)
download: gitlab-ce-e92c90758eb4126acc84962d37bb273d6d87b27b.tar.gz
2 files changed, 13 insertions, 1 deletions
diff --git a/app/assets/javascripts/snippets/components/show.vue b/app/assets/javascripts/snippets/components/show.vue
index 35d88d5ec8e..ee8b00c1f5d 100644
--- a/app/assets/javascripts/snippets/components/show.vue
+++ b/app/assets/javascripts/snippets/components/show.vue
@@ -1,5 +1,5 @@
 <script>
-import { GlLoadingIcon } from '@gitlab/ui';
+import { GlAlert, GlLoadingIcon } from '@gitlab/ui';
 import eventHub from '~/blob/components/eventhub';
 import {
   SNIPPET_MARK_VIEW_APP_START,
@@ -23,6 +23,7 @@ export default {
     EmbedDropdown,
     SnippetHeader,
     SnippetTitle,
+    GlAlert,
     GlLoadingIcon,
     SnippetBlob,
     CloneDropdownButton,
@@ -35,6 +36,9 @@ export default {
     canBeCloned() {
       return Boolean(this.snippet.sshUrlToRepo || this.snippet.httpUrlToRepo);
     },
+    hasUnretrievableBlobs() {
+      return this.snippet.hasUnretrievableBlobs;
+    },
   },
   beforeCreate() {
     performanceMarkAndMeasure({ mark: SNIPPET_MARK_VIEW_APP_START });
@@ -66,6 +70,13 @@ export default {
           data-qa-selector="clone_button"
         />
       </div>
+      <gl-alert v-if="hasUnretrievableBlobs" variant="danger" class="gl-mb-3" :dismissible="false">
+        {{
+          __(
+            'WARNING: This snippet contains hidden files which might be used to mask malicious behavior. Exercise caution if cloning and executing code from this snippet.',
+          )
+        }}
+      </gl-alert>
       <snippet-blob
         v-for="blob in blobs"
         :key="blob.path"
diff --git a/app/assets/javascripts/snippets/mixins/snippets.js b/app/assets/javascripts/snippets/mixins/snippets.js
index b72befef56b..0b3cca4e53a 100644
--- a/app/assets/javascripts/snippets/mixins/snippets.js
+++ b/app/assets/javascripts/snippets/mixins/snippets.js
@@ -17,6 +17,7 @@ export const getSnippetMixin = {
 
         // Set `snippet.blobs` since some child components are coupled to this.
         if (!isEmpty(res)) {
+          res.hasUnretrievableBlobs = res.blobs?.hasUnretrievableBlobs || false;
           // It's possible for us to not get any blobs in a response.
           // In this case, we should default to current blobs.
           res.blobs = res.blobs ? res.blobs.nodes : blobsDefault;
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-25 16:31:46 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-25 16:32:06 +0000
commit	e92c90758eb4126acc84962d37bb273d6d87b27b (patch)
tree	6d5f4ca9731a6aa76b80372276c68ab39e0f4149 /app/assets/javascripts
parent	b485c8c3723dc5aaba15ab9fa258010d1ec66d61 (diff)
download	gitlab-ce-e92c90758eb4126acc84962d37bb273d6d87b27b.tar.gz