summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/initializers/hashie_mash_permitted_patch.rb53
-rw-r--r--config/open_api.yml2
2 files changed, 55 insertions, 0 deletions
diff --git a/config/initializers/hashie_mash_permitted_patch.rb b/config/initializers/hashie_mash_permitted_patch.rb
new file mode 100644
index 00000000000..b793a408c91
--- /dev/null
+++ b/config/initializers/hashie_mash_permitted_patch.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+# Pulls logic from https://github.com/Maxim-Filimonov/hashie-forbidden_attributes so we could drop the dependency.
+# This gem is simply `Hashie::Mash` monkey patch to allow mass assignment bypassing `:permitted?` check.
+#
+# Reasons:
+# 1. The gem was last updated 5 years ago and does not have CI setup to test under the latest Ruby/Rails.
+# 2. There is a significant chance this logic is not used at all.
+# We didn't find any explicit places in the code where we mass-assign to `Hashie::Mash`.
+# Experimental MR where we dropped the gem showed that no tests from the full suite failed:
+# https://gitlab.com/gitlab-org/gitlab/-/merge_requests/101535
+# 3. The logic is very simple. Even if we need it, keeping it in our codebase is better than pulling a dependency.
+# This logic will be visible and it will be one less gem to install.
+#
+# Next steps:
+# 1. Keep the patch for at least one milestone in our codebase. Log its usage.
+# 2. After that, check if there were any related log events.
+# 3. If no usages were tracked, we could drop the patch (delete this file).
+# 4. Otherwise, audit where and why we need it, and add a comment to that place.
+#
+# See discussion https://gitlab.com/gitlab-org/gitlab/-/issues/378398#note_1143133426
+
+require 'hashie/mash'
+
+module Hashie
+ class Mash
+ module MonkeyPatch
+ def respond_to_missing?(method_name, *args)
+ if method_name == :permitted?
+ Gitlab::AppLogger.info(message: 'Hashie::Mash#respond_to?(:permitted?)',
+ caller: Gitlab::BacktraceCleaner.clean_backtrace(caller))
+
+ return false
+ end
+
+ super
+ end
+
+ def method_missing(method_name, *args)
+ if method_name == :permitted?
+ Gitlab::AppLogger.info(message: 'Hashie::Mash#permitted?',
+ caller: Gitlab::BacktraceCleaner.clean_backtrace(caller))
+
+ raise ArgumentError
+ end
+
+ super
+ end
+ end
+
+ prepend MonkeyPatch
+ end
+end
diff --git a/config/open_api.yml b/config/open_api.yml
index 82a972e39bd..d7a170f2a22 100644
--- a/config/open_api.yml
+++ b/config/open_api.yml
@@ -18,5 +18,7 @@ metadata:
description: Operations related to metadata of the GitLab instance
- name: access_requests
description: Operations related to access requests
+ - name: merge_requests
+ description: Operations related to merge requests
- name: deployments
description: Operations related to deployments
View Lorry Controller Status