diff options
Diffstat (limited to 'app/models')
| -rw-r--r-- | app/models/concerns/taskable.rb | 36 | ||||
| -rw-r--r-- | app/models/hooks/web_hook.rb | 18 | ||||
| -rw-r--r-- | app/models/project_feature.rb | 3 |
3 files changed, 41 insertions, 16 deletions
diff --git a/app/models/concerns/taskable.rb b/app/models/concerns/taskable.rb index f9eba4cc2fe..dee1c820f23 100644 --- a/app/models/concerns/taskable.rb +++ b/app/models/concerns/taskable.rb @@ -24,25 +24,37 @@ module Taskable (\s.+) # followed by whitespace and some text. }x.freeze + ITEM_PATTERN_UNTRUSTED = + '^' \ + '(?:(?:>\s{0,4})*)' \ + '(?P<prefix>(?:\s*(?:[-+*]|(?:\d+\.)))+)' \ + '\s+' \ + '(?P<checkbox>' \ + "#{COMPLETE_PATTERN.source}|#{INCOMPLETE_PATTERN.source}" \ + ')' \ + '(?P<label>\s.+)'.freeze + # ignore tasks in code or html comment blocks. HTML blocks # are ok as we allow tasks inside <detail> blocks - REGEX = %r{ - #{::Gitlab::Regex.markdown_code_or_html_comments} - | - (?<task_item> - #{ITEM_PATTERN} - ) - }mx.freeze + REGEX = + "#{::Gitlab::Regex.markdown_code_or_html_comments_untrusted}" \ + "|" \ + "(?P<task_item>" \ + "#{ITEM_PATTERN_UNTRUSTED}" \ + ")".freeze def self.get_tasks(content) items = [] - content.to_s.scan(REGEX) do - next unless $~[:task_item] + regex = Gitlab::UntrustedRegexp.new(REGEX, multiline: true) + regex.scan(content.to_s).each do |match| + next unless regex.extract_named_group(:task_item, match) + + prefix = regex.extract_named_group(:prefix, match) + checkbox = regex.extract_named_group(:checkbox, match) + label = regex.extract_named_group(:label, match) - $~[:task_item].scan(ITEM_PATTERN) do |prefix, checkbox, label| - items << TaskList::Item.new("#{prefix.strip} #{checkbox}", label.strip) - end + items << TaskList::Item.new("#{prefix.strip} #{checkbox}", label.strip) end items diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index 819152a38c8..7202a530feb 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -41,7 +41,7 @@ class WebHook < ApplicationRecord after_initialize :initialize_url_variables before_validation :reset_token - before_validation :reset_url_variables, unless: ->(hook) { hook.is_a?(ServiceHook) } + before_validation :reset_url_variables, unless: ->(hook) { hook.is_a?(ServiceHook) }, on: :update before_validation :set_branch_filter_nil, if: :branch_filter_strategy_all_branches? validates :push_events_branch_filter, untrusted_regexp: true, if: :branch_filter_strategy_regex? validates :push_events_branch_filter, "web_hooks/wildcard_branch_filter": true, if: :branch_filter_strategy_wildcard? @@ -150,7 +150,7 @@ class WebHook < ApplicationRecord # See app/validators/json_schemas/web_hooks_url_variables.json VARIABLE_REFERENCE_RE = /\{([A-Za-z]+[0-9]*(?:[._-][A-Za-z0-9]+)*)\}/.freeze - def interpolated_url + def interpolated_url(url = self.url, url_variables = self.url_variables) return url unless url.include?('{') vars = url_variables @@ -176,7 +176,19 @@ class WebHook < ApplicationRecord end def reset_url_variables - self.url_variables = {} if url_changed? && !encrypted_url_variables_changed? + interpolated_url_was = interpolated_url(decrypt_url_was, url_variables_were) + + return if url_variables_were.empty? || interpolated_url_was == interpolated_url + + self.url_variables = {} if url_changed? && url_variables_were.to_a.intersection(url_variables.to_a).any? + end + + def decrypt_url_was + self.class.decrypt_url(encrypted_url_was, iv: Base64.decode64(encrypted_url_iv_was)) + end + + def url_variables_were + self.class.decrypt_url_variables(encrypted_url_variables_was, iv: encrypted_url_variables_iv_was) end def next_failure_count diff --git a/app/models/project_feature.rb b/app/models/project_feature.rb index 168646bbe41..23b0665cb74 100644 --- a/app/models/project_feature.rb +++ b/app/models/project_feature.rb @@ -36,7 +36,8 @@ class ProjectFeature < ApplicationRecord merge_requests: Gitlab::Access::REPORTER, metrics_dashboard: Gitlab::Access::REPORTER, container_registry: Gitlab::Access::REPORTER, - package_registry: Gitlab::Access::REPORTER + package_registry: Gitlab::Access::REPORTER, + environments: Gitlab::Access::REPORTER }.freeze PRIVATE_FEATURES_MIN_ACCESS_LEVEL_FOR_PRIVATE_PROJECT = { repository: Gitlab::Access::REPORTER }.freeze |