diff options
29 files changed, 288 insertions, 171 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index 9405730420f..902c74186fb 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -1.64.0 +1.65.0 diff --git a/app/assets/javascripts/badges/components/badge_settings.vue b/app/assets/javascripts/badges/components/badge_settings.vue index 75a522efe7e..531f84ad272 100644 --- a/app/assets/javascripts/badges/components/badge_settings.vue +++ b/app/assets/javascripts/badges/components/badge_settings.vue @@ -2,7 +2,7 @@ import { mapState, mapActions } from 'vuex'; import createFlash from '~/flash'; import { s__ } from '~/locale'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import Badge from './badge.vue'; import BadgeForm from './badge_form.vue'; import BadgeList from './badge_list.vue'; @@ -13,7 +13,7 @@ export default { Badge, BadgeForm, BadgeList, - GlModal, + GlModal: DeprecatedModal2, }, computed: { ...mapState(['badgeInModal', 'isEditing']), diff --git a/app/assets/javascripts/blob/template_selector.js b/app/assets/javascripts/blob/template_selector.js index 9e69c7d7164..02216e4e93d 100644 --- a/app/assets/javascripts/blob/template_selector.js +++ b/app/assets/javascripts/blob/template_selector.js @@ -1,6 +1,7 @@ /* eslint-disable class-methods-use-this */ import $ from 'jquery'; +import '~/gl_dropdown'; export default class TemplateSelector { constructor({ dropdown, data, pattern, wrapper, editor, $input } = {}) { diff --git a/app/assets/javascripts/create_item_dropdown.js b/app/assets/javascripts/create_item_dropdown.js index fa0f04c7d82..95b890b04c1 100644 --- a/app/assets/javascripts/create_item_dropdown.js +++ b/app/assets/javascripts/create_item_dropdown.js @@ -1,4 +1,5 @@ import _ from 'underscore'; +import '~/gl_dropdown'; export default class CreateItemDropdown { /** diff --git a/app/assets/javascripts/environments/components/stop_environment_modal.vue b/app/assets/javascripts/environments/components/stop_environment_modal.vue index 2cc3412e075..1ea4e30a7c1 100644 --- a/app/assets/javascripts/environments/components/stop_environment_modal.vue +++ b/app/assets/javascripts/environments/components/stop_environment_modal.vue @@ -1,7 +1,7 @@ <script> /* eslint-disable @gitlab/vue-i18n/no-bare-strings */ import { GlTooltipDirective } from '@gitlab/ui'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { s__, sprintf } from '~/locale'; import LoadingButton from '~/vue_shared/components/loading_button.vue'; import eventHub from '../event_hub'; @@ -11,7 +11,7 @@ export default { name: 'StopEnvironmentModal', components: { - GlModal, + GlModal: DeprecatedModal2, LoadingButton, }, diff --git a/app/assets/javascripts/ide/components/commit_sidebar/list.vue b/app/assets/javascripts/ide/components/commit_sidebar/list.vue index 4f1260de0bc..e16918ae025 100644 --- a/app/assets/javascripts/ide/components/commit_sidebar/list.vue +++ b/app/assets/javascripts/ide/components/commit_sidebar/list.vue @@ -3,7 +3,7 @@ import $ from 'jquery'; import { mapActions } from 'vuex'; import { __, sprintf } from '~/locale'; import Icon from '~/vue_shared/components/icon.vue'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import tooltip from '~/vue_shared/directives/tooltip'; import ListItem from './list_item.vue'; @@ -11,7 +11,7 @@ export default { components: { Icon, ListItem, - GlModal, + GlModal: DeprecatedModal2, }, directives: { tooltip, diff --git a/app/assets/javascripts/ide/components/commit_sidebar/stage_button.vue b/app/assets/javascripts/ide/components/commit_sidebar/stage_button.vue index 09c9d135614..c14b8a47841 100644 --- a/app/assets/javascripts/ide/components/commit_sidebar/stage_button.vue +++ b/app/assets/javascripts/ide/components/commit_sidebar/stage_button.vue @@ -4,12 +4,12 @@ import { mapActions } from 'vuex'; import { sprintf, __ } from '~/locale'; import Icon from '~/vue_shared/components/icon.vue'; import tooltip from '~/vue_shared/directives/tooltip'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; export default { components: { Icon, - GlModal, + GlModal: DeprecatedModal2, }, directives: { tooltip, diff --git a/app/assets/javascripts/ide/components/new_dropdown/modal.vue b/app/assets/javascripts/ide/components/new_dropdown/modal.vue index f67666f1fbf..a2dd31aebd4 100644 --- a/app/assets/javascripts/ide/components/new_dropdown/modal.vue +++ b/app/assets/javascripts/ide/components/new_dropdown/modal.vue @@ -3,12 +3,12 @@ import $ from 'jquery'; import flash from '~/flash'; import { __, sprintf, s__ } from '~/locale'; import { mapActions, mapState, mapGetters } from 'vuex'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { modalTypes } from '../../constants'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, }, data() { return { diff --git a/app/assets/javascripts/namespace_select.js b/app/assets/javascripts/namespace_select.js index 4ddbec71ba6..4660e4397a2 100644 --- a/app/assets/javascripts/namespace_select.js +++ b/app/assets/javascripts/namespace_select.js @@ -1,6 +1,7 @@ /* eslint-disable func-names, no-else-return, prefer-template, prefer-arrow-callback */ import $ from 'jquery'; +import '~/gl_dropdown'; import Api from './api'; import { mergeUrlParams } from './lib/utils/url_utility'; import { parseBoolean } from '~/lib/utils/common_utils'; diff --git a/app/assets/javascripts/pages/admin/jobs/index/components/stop_jobs_modal.vue b/app/assets/javascripts/pages/admin/jobs/index/components/stop_jobs_modal.vue index e2fec3c7172..eb03baf4894 100644 --- a/app/assets/javascripts/pages/admin/jobs/index/components/stop_jobs_modal.vue +++ b/app/assets/javascripts/pages/admin/jobs/index/components/stop_jobs_modal.vue @@ -1,13 +1,13 @@ <script> import axios from '~/lib/utils/axios_utils'; import createFlash from '~/flash'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { redirectTo } from '~/lib/utils/url_utility'; import { s__ } from '~/locale'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, }, props: { url: { diff --git a/app/assets/javascripts/pages/dashboard/todos/index/todos.js b/app/assets/javascripts/pages/dashboard/todos/index/todos.js index 567ff41eb4e..5230bdf9cdd 100644 --- a/app/assets/javascripts/pages/dashboard/todos/index/todos.js +++ b/app/assets/javascripts/pages/dashboard/todos/index/todos.js @@ -1,6 +1,7 @@ /* eslint-disable class-methods-use-this, no-unneeded-ternary */ import $ from 'jquery'; +import '~/gl_dropdown'; import { visitUrl } from '~/lib/utils/url_utility'; import UsersSelect from '~/users_select'; import { isMetaClick } from '~/lib/utils/common_utils'; diff --git a/app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue b/app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue index c563514d36b..26adf4cbbe0 100644 --- a/app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue +++ b/app/assets/javascripts/pages/milestones/shared/components/promote_milestone_modal.vue @@ -1,14 +1,14 @@ <script> import axios from '~/lib/utils/axios_utils'; import createFlash from '~/flash'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { s__, sprintf } from '~/locale'; import { visitUrl } from '~/lib/utils/url_utility'; import eventHub from '../event_hub'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, }, props: { milestoneTitle: { diff --git a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue index e723cd3fea9..bb95f33c838 100644 --- a/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue +++ b/app/assets/javascripts/pages/projects/labels/components/promote_label_modal.vue @@ -2,14 +2,14 @@ import _ from 'underscore'; import axios from '~/lib/utils/axios_utils'; import createFlash from '~/flash'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { s__, sprintf } from '~/locale'; import { visitUrl } from '~/lib/utils/url_utility'; import eventHub from '../event_hub'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, }, props: { url: { diff --git a/app/assets/javascripts/pages/search/show/search.js b/app/assets/javascripts/pages/search/show/search.js index 8f6c48ab065..dff9d855b67 100644 --- a/app/assets/javascripts/pages/search/show/search.js +++ b/app/assets/javascripts/pages/search/show/search.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import '~/gl_dropdown'; import Flash from '~/flash'; import Api from '~/api'; import { __ } from '~/locale'; diff --git a/app/assets/javascripts/performance_bar/components/detailed_metric.vue b/app/assets/javascripts/performance_bar/components/detailed_metric.vue index a271284dd89..f2d98cf07e1 100644 --- a/app/assets/javascripts/performance_bar/components/detailed_metric.vue +++ b/app/assets/javascripts/performance_bar/components/detailed_metric.vue @@ -1,10 +1,10 @@ <script> -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import Icon from '~/vue_shared/components/icon.vue'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, Icon, }, props: { diff --git a/app/assets/javascripts/pipelines/components/pipeline_stop_modal.vue b/app/assets/javascripts/pipelines/components/pipeline_stop_modal.vue index 4cafd147511..2e71b3c637b 100644 --- a/app/assets/javascripts/pipelines/components/pipeline_stop_modal.vue +++ b/app/assets/javascripts/pipelines/components/pipeline_stop_modal.vue @@ -1,6 +1,6 @@ <script> import _ from 'underscore'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { GlLink } from '@gitlab/ui'; import ClipboardButton from '~/vue_shared/components/clipboard_button.vue'; import CiIcon from '~/vue_shared/components/ci_icon.vue'; @@ -13,7 +13,7 @@ import { s__, sprintf } from '~/locale'; */ export default { components: { - GlModal, + GlModal: DeprecatedModal2, GlLink, ClipboardButton, CiIcon, diff --git a/app/assets/javascripts/profile/account/components/update_username.vue b/app/assets/javascripts/profile/account/components/update_username.vue index e1085c0a44d..72867ecd709 100644 --- a/app/assets/javascripts/profile/account/components/update_username.vue +++ b/app/assets/javascripts/profile/account/components/update_username.vue @@ -1,13 +1,13 @@ <script> import _ from 'underscore'; import axios from '~/lib/utils/axios_utils'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import { s__, sprintf } from '~/locale'; import Flash from '~/flash'; export default { components: { - GlModal, + GlModal: DeprecatedModal2, }, props: { actionUrl: { diff --git a/app/assets/javascripts/ref_select_dropdown.js b/app/assets/javascripts/ref_select_dropdown.js index 75bac035aca..2e0113271df 100644 --- a/app/assets/javascripts/ref_select_dropdown.js +++ b/app/assets/javascripts/ref_select_dropdown.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import '~/gl_dropdown'; class RefSelectDropdown { constructor($dropdownButton, availableRefs) { diff --git a/app/assets/javascripts/reports/components/modal.vue b/app/assets/javascripts/reports/components/modal.vue index cb9c1642608..6019af2dfe0 100644 --- a/app/assets/javascripts/reports/components/modal.vue +++ b/app/assets/javascripts/reports/components/modal.vue @@ -1,13 +1,13 @@ <script> // import { sprintf, __ } from '~/locale'; -import Modal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import LoadingButton from '~/vue_shared/components/loading_button.vue'; import CodeBlock from '~/vue_shared/components/code_block.vue'; import { fieldTypes } from '../constants'; export default { components: { - Modal, + Modal: DeprecatedModal2, LoadingButton, CodeBlock, }, diff --git a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js index 110175a6779..66d1fed7d31 100644 --- a/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js +++ b/app/assets/javascripts/sidebar/lib/sidebar_move_issue.js @@ -1,4 +1,5 @@ import $ from 'jquery'; +import '~/gl_dropdown'; import _ from 'underscore'; import { __ } from '~/locale'; diff --git a/app/assets/javascripts/vue_shared/components/deprecated_modal_2.vue b/app/assets/javascripts/vue_shared/components/deprecated_modal_2.vue new file mode 100644 index 00000000000..543547b37fe --- /dev/null +++ b/app/assets/javascripts/vue_shared/components/deprecated_modal_2.vue @@ -0,0 +1,118 @@ +<script> +import $ from 'jquery'; + +const buttonVariants = ['danger', 'primary', 'success', 'warning']; +const sizeVariants = ['sm', 'md', 'lg', 'xl']; + +export default { + name: 'DeprecatedModal2', // use GlModal instead + + props: { + id: { + type: String, + required: false, + default: null, + }, + modalSize: { + type: String, + required: false, + default: 'md', + validator: value => sizeVariants.includes(value), + }, + headerTitleText: { + type: String, + required: false, + default: '', + }, + footerPrimaryButtonVariant: { + type: String, + required: false, + default: 'primary', + validator: value => buttonVariants.includes(value), + }, + footerPrimaryButtonText: { + type: String, + required: false, + default: '', + }, + }, + computed: { + modalSizeClass() { + return this.modalSize === 'md' ? '' : `modal-${this.modalSize}`; + }, + }, + mounted() { + $(this.$el) + .on('shown.bs.modal', this.opened) + .on('hidden.bs.modal', this.closed); + }, + beforeDestroy() { + $(this.$el) + .off('shown.bs.modal', this.opened) + .off('hidden.bs.modal', this.closed); + }, + methods: { + emitCancel(event) { + this.$emit('cancel', event); + }, + emitSubmit(event) { + this.$emit('submit', event); + }, + opened() { + this.$emit('open'); + }, + closed() { + this.$emit('closed'); + }, + }, +}; +</script> + +<template> + <div :id="id" class="modal fade" tabindex="-1" role="dialog"> + <div :class="modalSizeClass" class="modal-dialog" role="document"> + <div class="modal-content"> + <div class="modal-header"> + <slot name="header"> + <h4 class="modal-title"> + <slot name="title"> {{ headerTitleText }} </slot> + </h4> + <button + :aria-label="s__('Modal|Close')" + type="button" + class="close js-modal-close-action" + data-dismiss="modal" + @click="emitCancel($event)" + > + <span aria-hidden="true">×</span> + </button> + </slot> + </div> + + <div class="modal-body"><slot></slot></div> + + <div class="modal-footer"> + <slot name="footer"> + <button + type="button" + class="btn js-modal-cancel-action qa-modal-cancel-button" + data-dismiss="modal" + @click="emitCancel($event)" + > + {{ s__('Modal|Cancel') }} + </button> + <button + :class="`btn-${footerPrimaryButtonVariant}`" + type="button" + class="btn js-modal-primary-action qa-modal-primary-button" + data-dismiss="modal" + @click="emitSubmit($event)" + > + {{ footerPrimaryButtonText }} + </button> + </slot> + </div> + </div> + </div> + </div> +</template> diff --git a/app/assets/javascripts/vue_shared/components/gl_modal.vue b/app/assets/javascripts/vue_shared/components/gl_modal.vue index 438851e5ac7..4b91d4c00e3 100644 --- a/app/assets/javascripts/vue_shared/components/gl_modal.vue +++ b/app/assets/javascripts/vue_shared/components/gl_modal.vue @@ -1,117 +1,6 @@ <script> -import $ from 'jquery'; +// This file was only introduced to not break master and shall be delete soon. +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; -const buttonVariants = ['danger', 'primary', 'success', 'warning']; -const sizeVariants = ['sm', 'md', 'lg', 'xl']; - -export default { - name: 'GlModal', - props: { - id: { - type: String, - required: false, - default: null, - }, - modalSize: { - type: String, - required: false, - default: 'md', - validator: value => sizeVariants.includes(value), - }, - headerTitleText: { - type: String, - required: false, - default: '', - }, - footerPrimaryButtonVariant: { - type: String, - required: false, - default: 'primary', - validator: value => buttonVariants.includes(value), - }, - footerPrimaryButtonText: { - type: String, - required: false, - default: '', - }, - }, - computed: { - modalSizeClass() { - return this.modalSize === 'md' ? '' : `modal-${this.modalSize}`; - }, - }, - mounted() { - $(this.$el) - .on('shown.bs.modal', this.opened) - .on('hidden.bs.modal', this.closed); - }, - beforeDestroy() { - $(this.$el) - .off('shown.bs.modal', this.opened) - .off('hidden.bs.modal', this.closed); - }, - methods: { - emitCancel(event) { - this.$emit('cancel', event); - }, - emitSubmit(event) { - this.$emit('submit', event); - }, - opened() { - this.$emit('open'); - }, - closed() { - this.$emit('closed'); - }, - }, -}; +export default DeprecatedModal2; </script> - -<template> - <div :id="id" class="modal fade" tabindex="-1" role="dialog"> - <div :class="modalSizeClass" class="modal-dialog" role="document"> - <div class="modal-content"> - <div class="modal-header"> - <slot name="header"> - <h4 class="modal-title"> - <slot name="title"> {{ headerTitleText }} </slot> - </h4> - <button - :aria-label="s__('Modal|Close')" - type="button" - class="close js-modal-close-action" - data-dismiss="modal" - @click="emitCancel($event)" - > - <span aria-hidden="true">×</span> - </button> - </slot> - </div> - - <div class="modal-body"><slot></slot></div> - - <div class="modal-footer"> - <slot name="footer"> - <button - type="button" - class="btn js-modal-cancel-action qa-modal-cancel-button" - data-dismiss="modal" - @click="emitCancel($event)" - > - {{ s__('Modal|Cancel') }} - </button> - <button - :class="`btn-${footerPrimaryButtonVariant}`" - type="button" - class="btn js-modal-primary-action qa-modal-primary-button" - data-dismiss="modal" - @click="emitSubmit($event)" - > - {{ footerPrimaryButtonText }} - </button> - </slot> - </div> - </div> - </div> - </div> -</template> diff --git a/app/assets/javascripts/vue_shared/components/project_selector/project_selector.vue b/app/assets/javascripts/vue_shared/components/project_selector/project_selector.vue index 7f0345c7ec0..478e44d104c 100644 --- a/app/assets/javascripts/vue_shared/components/project_selector/project_selector.vue +++ b/app/assets/javascripts/vue_shared/components/project_selector/project_selector.vue @@ -52,7 +52,7 @@ export default { this.$emit('projectClicked', project); }, isSelected(project) { - return Boolean(_.findWhere(this.selectedProjects, { id: project.id })); + return Boolean(_.find(this.selectedProjects, { id: project.id })); }, onInput: _.debounce(function debouncedOnInput() { this.$emit('searched', this.searchQuery); diff --git a/changelogs/unreleased/add-dast-full-scan-domain-validation.yml b/changelogs/unreleased/add-dast-full-scan-domain-validation.yml new file mode 100644 index 00000000000..a643a5e33a6 --- /dev/null +++ b/changelogs/unreleased/add-dast-full-scan-domain-validation.yml @@ -0,0 +1,5 @@ +--- +title: Add DAST full scan domain validation +merge_request: 16680 +author: +type: added diff --git a/changelogs/unreleased/gitaly-version-v1.65.0.yml b/changelogs/unreleased/gitaly-version-v1.65.0.yml new file mode 100644 index 00000000000..ca1106f8874 --- /dev/null +++ b/changelogs/unreleased/gitaly-version-v1.65.0.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade to Gitaly v1.65.0 +merge_request: 17135 +author: +type: changed diff --git a/doc/development/fe_guide/components.md b/doc/development/fe_guide/components.md index b96d92e2d88..f8765f9e202 100644 --- a/doc/development/fe_guide/components.md +++ b/doc/development/fe_guide/components.md @@ -3,7 +3,6 @@ ## Contents - [Dropdowns](#dropdowns) -- [Modals](#modals) ## Dropdowns @@ -39,25 +38,3 @@ See also the [corresponding UX guide](https://design.gitlab.com/#/components/dro ``` [bootstrap-dropdowns]: https://getbootstrap.com/docs/3.3/javascript/#dropdowns - -## Modals - -See also the [corresponding UX guide](https://design.gitlab.com/#/components/modals). - -We have a reusable Vue component for modals: [vue_shared/components/gl_modal.vue](https://gitlab.com/gitlab-org/gitlab/blob/master/app/assets/javascripts/vue_shared/components/gl_modal.vue) - -Here is an example of how to use it: - -```html - <gl-modal - id="dogs-out-modal" - :header-title-text="s__('ModalExample|Let the dogs out?')" - footer-primary-button-variant="danger" - :footer-primary-button-text="s__('ModalExample|Let them out')" - @submit="letOut(theDogs)" - > - {{ s__('ModalExample|You’re about to let the dogs out.') }} - </gl-modal> -``` - -![example modal](img/gl-modal.png) diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index afeef2a04ba..e90f219337b 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -84,7 +84,7 @@ There are two ways to define the URL to be scanned by DAST: - Set the `DAST_WEBSITE` [variable](../../../ci/yaml/README.md#variables). - Add it in an `environment_url.txt` file at the root of your project. -If both values are set, the `DAST_WEBSITE` value will take precedence. +If both values are set, the `DAST_WEBSITE` value will take precedence. The included template will create a `dast` job in your CI/CD pipeline and scan your project's source code for possible vulnerabilities. @@ -132,6 +132,115 @@ variables: DAST_FULL_SCAN_ENABLED: "true" ``` +#### Domain validation + +The DAST job can be run anywhere, which means you can accidentally hit live web servers +and potentially damage them. You could even take down your production environment. +For that reason, you should use domain validation. + +Domain validation is not required by default. It can be required by setting the [environment variable](#available-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to true. + +```yaml +include: + template: DAST.gitlab-ci.yml + +variables: + DAST_FULL_SCAN_ENABLED: "true" + DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED: "true" +``` + +Since ZAP full scan actively attacks the target application, DAST sends a ping to the target (normally defined in `DAST_WEBSITE` or `environment_url.txt`) beforehand. + +If `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` is false or unset, the scan will _proceed_ unless the response to the ping +includes a `Gitlab-DAST-Permission` header with a value of `deny`. + +If `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` is true, the scan will _exit_ unless the response to the ping +includes a `Gitlab-DAST-Permission` header with a value of `allow`. + +Here are some examples of adding the `Gitlab-DAST-Permission` header to a response in Rails, Django, and Node (with Express). + +##### Ruby on Rails + +Here's how you would add a [custom header in Ruby on Rails](https://guides.rubyonrails.org/action_controller_overview.html#setting-custom-headers): + +```ruby +class DastWebsiteTargetController < ActionController::Base + def dast_website_target + response.headers['Gitlab-DAST-Permission'] = 'allow' + + head :ok + end +end +``` + +##### Django + +Here's how you would add a [custom header in Django](https://docs.djangoproject.com/en/2.2/ref/request-response/#setting-header-fields): + +```python +class DastWebsiteTargetView(View): + def head(self, *args, **kwargs): + response = HttpResponse() + response['Gitlab-Dast-Permission'] = 'allow' + + return response +``` + +##### Node (with Express) + +Here's how you would add a [custom header in Node (with Express)](http://expressjs.com/en/5x/api.html#res.append): + +```javascript +app.get('/dast-website-target', function(req, res) { + res.append('Gitlab-DAST-Permission', 'allow') + res.send('Respond to DAST ping') +}) +``` + +##### Domain validation header via a proxy + +It's also possible to add the `Gitlab-DAST-Permission` header via a proxy. + +###### NGINX + +The following config allows NGINX to act as a reverse proxy and add the `Gitlab-DAST-Permission` [header](http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header): + +``` +# default.conf +server { + listen 80; + server_name localhost; + + location / { + proxy_pass http://test-application; + add_header Gitlab-DAST-Permission allow; + } +} +``` + +###### Apache + +Apache can also be used as a [reverse proxy](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) +to add the Gitlab-DAST-Permission [header](https://httpd.apache.org/docs/current/mod/mod_headers.html). + +To do so, add the following lines to `httpd.conf`: + +``` +# httpd.conf +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_http_module modules/mod_proxy_http.so + +<VirtualHost *:80> + ProxyPass "/" "http://test-application.com/" + ProxyPassReverse "/" "http://test-application.com/" + Header set Gitlab-DAST-Permission "allow" +</VirtualHost> +``` + +[This snippet](https://gitlab.com/gitlab-org/security-products/dast/snippets/1894732) contains a complete `httpd.conf` file +configured to act as a remote proxy and add the `Gitlab-DAST-Permission` header. + ### Customizing the DAST settings The DAST settings can be changed through environment variables by using the @@ -194,6 +303,7 @@ variable value. | `DAST_AUTH_EXCLUDE_URLS` | no | The URLs to skip during the authenticated scan; comma-separated, no spaces in between. | | `DAST_TARGET_AVAILABILITY_TIMEOUT` | no | Time limit in seconds to wait for target availability. Scan is attempted nevertheless if it runs out. Integer. Defaults to `60`. | | `DAST_FULL_SCAN_ENABLED` | no | Switches the tool to execute [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan) instead of [ZAP Baseline Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan). Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. | +| `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` | no | Requires [domain validation](#domain-validation) when running DAST full scans. Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. | ## Security Dashboard diff --git a/locale/gitlab.pot b/locale/gitlab.pot index 8aec921f9af..9be6cbca00c 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -10627,6 +10627,9 @@ msgstr "" msgid "One or more of your dependency files are not supported, and the dependency list may be incomplete. Below is a list of supported file types." msgstr "" +msgid "Only 'Reporter' roles and above on tiers Premium / Silver and above can see Cycle Analytics." +msgstr "" + msgid "Only Project Members" msgstr "" @@ -17984,6 +17987,9 @@ msgstr "" msgid "You don't have any recent searches" msgstr "" +msgid "You don’t have access to Cycle Analytics for this group" +msgstr "" + msgid "You don’t have access to Productivity Analytics in this group" msgstr "" diff --git a/spec/javascripts/vue_shared/components/gl_modal_spec.js b/spec/javascripts/vue_shared/components/deprecated_modal_2_spec.js index 19af8b5d2f7..64fb984d9fc 100644 --- a/spec/javascripts/vue_shared/components/gl_modal_spec.js +++ b/spec/javascripts/vue_shared/components/deprecated_modal_2_spec.js @@ -1,11 +1,11 @@ import $ from 'jquery'; import Vue from 'vue'; -import GlModal from '~/vue_shared/components/gl_modal.vue'; +import DeprecatedModal2 from '~/vue_shared/components/deprecated_modal_2.vue'; import mountComponent from 'spec/helpers/vue_mount_component_helper'; -const modalComponent = Vue.extend(GlModal); +const modalComponent = Vue.extend(DeprecatedModal2); -describe('GlModal', () => { +describe('DeprecatedModal2', () => { let vm; afterEach(() => { @@ -153,17 +153,17 @@ describe('GlModal', () => { let template; if (slotName) { template = ` - <gl-modal> + <deprecated-modal-2> <template slot="${slotName}">${slotContent}</template> - </gl-modal> + </deprecated-modal-2> `; } else { - template = `<gl-modal>${slotContent}</gl-modal>`; + template = `<deprecated-modal-2>${slotContent}</deprecated-modal-2>`; } return Vue.extend({ components: { - GlModal, + DeprecatedModal2, }, template, }); |