Allow to use untrusted Regexp via feature flag

This brings support for untrusted regexp for 'only:refs:' when enabled via feature flag: alllow_unsafe_ruby_regexp. This is by default disabled, and should not be used in production
author: Kamil Trzciński <ayufan@ayufan.eu> 2019-04-04 15:00:56 +0000
committer: Sean McGivern <sean@gitlab.com> 2019-04-04 15:00:56 +0000
commit: 8a833c720e91c7b4d764e85c30e3be18ee5221fd (patch)
tree: 54b714d8a8f18f6e6f0f8f5da56fae5203f002e8 /lib/gitlab/ci/build
parent: 7926384ff32b9ad8833dcfffc9bb87d036c4bd21 (diff)
download: gitlab-ce-8a833c720e91c7b4d764e85c30e3be18ee5221fd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/ci/build/policy/refs.rb b/lib/gitlab/ci/build/policy/refs.rb
index 360424bec11..c3005303fd8 100644
--- a/lib/gitlab/ci/build/policy/refs.rb
+++ b/lib/gitlab/ci/build/policy/refs.rb
@@ -35,7 +35,7 @@ module Gitlab
             # patterns can be matched only when branch or tag is used
             # the pattern matching does not work for merge requests pipelines
             if pipeline.branch? || pipeline.tag?
-              if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern)
+              if regexp = Gitlab::UntrustedRegexp::RubySyntax.fabricate(pattern, fallback: true)
                 regexp.match?(pipeline.ref)
               else
                 pattern == pipeline.ref
author	Kamil Trzciński <ayufan@ayufan.eu>	2019-04-04 15:00:56 +0000
committer	Sean McGivern <sean@gitlab.com>	2019-04-04 15:00:56 +0000
commit	8a833c720e91c7b4d764e85c30e3be18ee5221fd (patch)
tree	54b714d8a8f18f6e6f0f8f5da56fae5203f002e8 /lib/gitlab/ci/build
parent	7926384ff32b9ad8833dcfffc9bb87d036c4bd21 (diff)
download	gitlab-ce-8a833c720e91c7b4d764e85c30e3be18ee5221fd.tar.gz