5 files changed, 16 insertions, 0 deletions

diff --git a/lib/api/v3/branches.rb b/lib/api/v3/branches.rb
index b201bf77667..25176c5b38e 100644
--- a/lib/api/v3/branches.rb
+++ b/lib/api/v3/branches.rb
@@ -14,6 +14,8 @@ module API
           success ::API::Entities::Branch
         end
         get ":id/repository/branches" do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42276')
+
           repository = user_project.repository
           branches = repository.branches.sort_by(&:name)
           merged_branch_names = repository.merged_branch_names(branches.map(&:name))
diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb
index cb371fdbab8..b59947d81d9 100644
--- a/lib/api/v3/issues.rb
+++ b/lib/api/v3/issues.rb
@@ -134,6 +134,8 @@ module API
           use :issue_params
         end
         post ':id/issues' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42131')
+
           # Setting created_at time only allowed for admins and project owners
           unless current_user.admin? || user_project.owner == current_user
             params.delete(:created_at)
@@ -169,6 +171,8 @@ module API
                           :labels, :created_at, :due_date, :confidential, :state_event
         end
         put ':id/issues/:issue_id' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42132')
+
           issue = user_project.issues.find(params.delete(:issue_id))
           authorize! :update_issue, issue
 
@@ -201,6 +205,8 @@ module API
           requires :to_project_id, type: Integer, desc: 'The ID of the new project'
         end
         post ':id/issues/:issue_id/move' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42133')
+
           issue = user_project.issues.find_by(id: params[:issue_id])
           not_found!('Issue') unless issue
 
diff --git a/lib/api/v3/merge_requests.rb b/lib/api/v3/merge_requests.rb
index 0a24fea52a3..ce216497996 100644
--- a/lib/api/v3/merge_requests.rb
+++ b/lib/api/v3/merge_requests.rb
@@ -91,6 +91,8 @@ module API
           use :optional_params
         end
         post ":id/merge_requests" do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42126')
+
           authorize! :create_merge_request, user_project
 
           mr_params = declared_params(include_missing: false)
@@ -167,6 +169,8 @@ module API
                             :remove_source_branch
           end
           put path do
+            Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42127')
+
             merge_request = find_merge_request_with_access(params.delete(:merge_request_id), :update_merge_request)
 
             mr_params = declared_params(include_missing: false)
diff --git a/lib/api/v3/pipelines.rb b/lib/api/v3/pipelines.rb
index c48cbd2b765..6d31c12f572 100644
--- a/lib/api/v3/pipelines.rb
+++ b/lib/api/v3/pipelines.rb
@@ -19,6 +19,8 @@ module API
                               desc: 'Either running, branches, or tags'
         end
         get ':id/pipelines' do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42123')
+
           authorize! :read_pipeline, user_project
 
           pipelines = PipelinesFinder.new(user_project, scope: params[:scope]).execute
diff --git a/lib/api/v3/triggers.rb b/lib/api/v3/triggers.rb
index 534911fde5c..34f07dfb486 100644
--- a/lib/api/v3/triggers.rb
+++ b/lib/api/v3/triggers.rb
@@ -16,6 +16,8 @@ module API
           optional :variables, type: Hash, desc: 'The list of variables to be injected into build'
         end
         post ":id/(ref/:ref/)trigger/builds", requirements: { ref: /.+/ } do
+          Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42121')
+
           # validate variables
           params[:variables] = params[:variables].to_h
           unless params[:variables].all? { |key, value| key.is_a?(String) && value.is_a?(String) }