diff options
author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-04-04 15:00:56 +0000 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2019-04-04 15:00:56 +0000 |
commit | 8a833c720e91c7b4d764e85c30e3be18ee5221fd (patch) | |
tree | 54b714d8a8f18f6e6f0f8f5da56fae5203f002e8 /lib/gitlab/ci/build | |
parent | 7926384ff32b9ad8833dcfffc9bb87d036c4bd21 (diff) | |
download | gitlab-ce-8a833c720e91c7b4d764e85c30e3be18ee5221fd.tar.gz |
Allow to use untrusted Regexp via feature flag
This brings support for untrusted regexp for 'only:refs:' when
enabled via feature flag: alllow_unsafe_ruby_regexp.
This is by default disabled, and should not be used in production
Diffstat (limited to 'lib/gitlab/ci/build')
-rw-r--r-- | lib/gitlab/ci/build/policy/refs.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/ci/build/policy/refs.rb b/lib/gitlab/ci/build/policy/refs.rb index 360424bec11..c3005303fd8 100644 --- a/lib/gitlab/ci/build/policy/refs.rb +++ b/lib/gitlab/ci/build/policy/refs.rb @@ -35,7 +35,7 @@ module Gitlab # patterns can be matched only when branch or tag is used # the pattern matching does not work for merge requests pipelines if pipeline.branch? || pipeline.tag? - if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern) + if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern, fallback: true) regexp.match?(pipeline.ref) else pattern == pipeline.ref |