diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/banzai/filter/label_reference_filter.rb | 2 | ||||
-rw-r--r-- | lib/banzai/filter/reference_filter.rb | 1 | ||||
-rw-r--r-- | lib/gitlab/base_doorkeeper_controller.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/checks/branch_check.rb | 12 | ||||
-rw-r--r-- | lib/gitlab/ci/config/entry/product/parallel.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/ci/config/normalizer/factory.rb | 6 | ||||
-rw-r--r-- | lib/gitlab/ci/features.rb | 4 | ||||
-rw-r--r-- | lib/gitlab/import_export/decompressed_archive_size_validator.rb | 90 | ||||
-rw-r--r-- | lib/gitlab/import_export/file_importer.rb | 9 | ||||
-rw-r--r-- | lib/gitlab/kubernetes/kube_client.rb | 8 | ||||
-rw-r--r-- | lib/gitlab/kubernetes/node.rb | 21 | ||||
-rw-r--r-- | lib/gitlab/markdown_cache.rb | 2 |
12 files changed, 135 insertions, 24 deletions
diff --git a/lib/banzai/filter/label_reference_filter.rb b/lib/banzai/filter/label_reference_filter.rb index b7801de6ed9..a4d3e352051 100644 --- a/lib/banzai/filter/label_reference_filter.rb +++ b/lib/banzai/filter/label_reference_filter.rb @@ -125,3 +125,5 @@ module Banzai end end end + +Banzai::Filter::LabelReferenceFilter.prepend_if_ee('EE::Banzai::Filter::LabelReferenceFilter') diff --git a/lib/banzai/filter/reference_filter.rb b/lib/banzai/filter/reference_filter.rb index 9afcfee2fe8..1959336ea1b 100644 --- a/lib/banzai/filter/reference_filter.rb +++ b/lib/banzai/filter/reference_filter.rb @@ -53,7 +53,6 @@ module Banzai attributes[:reference_type] ||= self.class.reference_type attributes[:container] ||= 'body' attributes[:placement] ||= 'top' - attributes[:html] ||= 'true' attributes.delete(:original) if context[:no_original_data] attributes.map do |key, value| %Q(data-#{key.to_s.dasherize}="#{escape_once(value)}") diff --git a/lib/gitlab/base_doorkeeper_controller.rb b/lib/gitlab/base_doorkeeper_controller.rb index b78993aba30..0f370850b5b 100644 --- a/lib/gitlab/base_doorkeeper_controller.rb +++ b/lib/gitlab/base_doorkeeper_controller.rb @@ -5,6 +5,8 @@ module Gitlab class BaseDoorkeeperController < ActionController::Base include Gitlab::Allowable + include EnforcesTwoFactorAuthentication + helper_method :can? end end diff --git a/lib/gitlab/checks/branch_check.rb b/lib/gitlab/checks/branch_check.rb index 7be0ef05a49..ad2a718ef67 100644 --- a/lib/gitlab/checks/branch_check.rb +++ b/lib/gitlab/checks/branch_check.rb @@ -12,7 +12,8 @@ module Gitlab push_protected_branch: 'You are not allowed to push code to protected branches on this project.', create_protected_branch: 'You are not allowed to create protected branches on this project.', invalid_commit_create_protected_branch: 'You can only use an existing protected branch ref as the basis of a new protected branch.', - non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.' + non_web_create_protected_branch: 'You can only create protected branches using the web interface and API.', + prohibited_hex_branch_name: 'You cannot create a branch with a 40-character hexadecimal branch name.' }.freeze LOG_MESSAGES = { @@ -32,11 +33,20 @@ module Gitlab end end + prohibited_branch_checks protected_branch_checks end private + def prohibited_branch_checks + return unless Feature.enabled?(:prohibit_hexadecimal_branch_names, project, default_enabled: true) + + if branch_name =~ /\A\h{40}\z/ + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:prohibited_hex_branch_name] + end + end + def protected_branch_checks logger.log_timed(LOG_MESSAGES[:protected_branch_checks]) do return unless ProtectedBranch.protected?(project, branch_name) # rubocop:disable Cop/AvoidReturnFromBlocks diff --git a/lib/gitlab/ci/config/entry/product/parallel.rb b/lib/gitlab/ci/config/entry/product/parallel.rb index da7079a8328..cd9eabbbc66 100644 --- a/lib/gitlab/ci/config/entry/product/parallel.rb +++ b/lib/gitlab/ci/config/entry/product/parallel.rb @@ -10,7 +10,7 @@ module Gitlab module Product class Parallel < ::Gitlab::Config::Entry::Simplifiable strategy :ParallelBuilds, if: -> (config) { config.is_a?(Numeric) } - strategy :MatrixBuilds, if: -> (config) { ::Gitlab::Ci::Features.parallel_matrix_enabled? && config.is_a?(Hash) } + strategy :MatrixBuilds, if: -> (config) { config.is_a?(Hash) } PARALLEL_LIMIT = 50 diff --git a/lib/gitlab/ci/config/normalizer/factory.rb b/lib/gitlab/ci/config/normalizer/factory.rb index 972da4bbf9a..bf813f8e878 100644 --- a/lib/gitlab/ci/config/normalizer/factory.rb +++ b/lib/gitlab/ci/config/normalizer/factory.rb @@ -29,11 +29,7 @@ module Gitlab end def strategies - if ::Gitlab::Ci::Features.parallel_matrix_enabled? - [NumberStrategy, MatrixStrategy] - else - [NumberStrategy] - end + [NumberStrategy, MatrixStrategy] end end end diff --git a/lib/gitlab/ci/features.rb b/lib/gitlab/ci/features.rb index 67ff0beea82..0ce40d873db 100644 --- a/lib/gitlab/ci/features.rb +++ b/lib/gitlab/ci/features.rb @@ -62,10 +62,6 @@ module Gitlab ::Feature.enabled?(:destroy_only_unlocked_expired_artifacts, default_enabled: false) end - def self.parallel_matrix_enabled? - ::Feature.enabled?(:ci_parallel_matrix_enabled) - end - def self.bulk_insert_on_create?(project) ::Feature.enabled?(:ci_bulk_insert_on_create, project, default_enabled: true) end diff --git a/lib/gitlab/import_export/decompressed_archive_size_validator.rb b/lib/gitlab/import_export/decompressed_archive_size_validator.rb new file mode 100644 index 00000000000..219821a7150 --- /dev/null +++ b/lib/gitlab/import_export/decompressed_archive_size_validator.rb @@ -0,0 +1,90 @@ +# frozen_string_literal: true + +require 'zlib' + +module Gitlab + module ImportExport + class DecompressedArchiveSizeValidator + include Gitlab::Utils::StrongMemoize + + DEFAULT_MAX_BYTES = 10.gigabytes.freeze + CHUNK_SIZE = 4096.freeze + + attr_reader :error + + def initialize(archive_path:, max_bytes: self.class.max_bytes) + @archive_path = archive_path + @max_bytes = max_bytes + @bytes_read = 0 + @total_reads = 0 + @denominator = 5 + @error = nil + end + + def valid? + strong_memoize(:valid) do + validate + end + end + + def self.max_bytes + DEFAULT_MAX_BYTES + end + + def archive_file + @archive_file ||= File.open(@archive_path) + end + + private + + def validate + until archive_file.eof? + compressed_chunk = archive_file.read(CHUNK_SIZE) + + inflate_stream.inflate(compressed_chunk) do |chunk| + @bytes_read += chunk.size + @total_reads += 1 + end + + # Start garbage collection every 5 reads in order + # to prevent memory bloat during archive decompression + GC.start if gc_start? + + if @bytes_read > @max_bytes + @error = error_message + + return false + end + end + + true + rescue => e + @error = error_message + + Gitlab::ErrorTracking.track_exception(e) + + Gitlab::Import::Logger.info( + message: @error, + error: e.message + ) + + false + ensure + inflate_stream.close + archive_file.close + end + + def inflate_stream + @inflate_stream ||= Zlib::Inflate.new(Zlib::MAX_WBITS + 32) + end + + def gc_start? + @total_reads % @denominator == 0 + end + + def error_message + _('Decompressed archive size validation failed.') + end + end + end +end diff --git a/lib/gitlab/import_export/file_importer.rb b/lib/gitlab/import_export/file_importer.rb index 9d04d55770d..3cb1eb72ceb 100644 --- a/lib/gitlab/import_export/file_importer.rb +++ b/lib/gitlab/import_export/file_importer.rb @@ -28,6 +28,7 @@ module Gitlab copy_archive wait_for_archived_file do + validate_decompressed_archive_size if Feature.enabled?(:validate_import_decompressed_archive_size, default_enabled: true) decompress_archive end rescue => e @@ -82,6 +83,14 @@ module Gitlab def extracted_files Dir.glob("#{@shared.export_path}/**/*", File::FNM_DOTMATCH).reject { |f| IGNORED_FILENAMES.include?(File.basename(f)) } end + + def validate_decompressed_archive_size + raise ImporterError.new(size_validator.error) unless size_validator.valid? + end + + def size_validator + @size_validator ||= DecompressedArchiveSizeValidator.new(archive_path: @archive_file) + end end end end diff --git a/lib/gitlab/kubernetes/kube_client.rb b/lib/gitlab/kubernetes/kube_client.rb index 467bb1be62b..9e3cf58bb1e 100644 --- a/lib/gitlab/kubernetes/kube_client.rb +++ b/lib/gitlab/kubernetes/kube_client.rb @@ -116,15 +116,15 @@ module Gitlab def self.graceful_request(cluster_id) { status: :connected, response: yield } rescue *Gitlab::Kubernetes::Errors::CONNECTION - { status: :unreachable } + { status: :unreachable, connection_error: :connection_error } rescue *Gitlab::Kubernetes::Errors::AUTHENTICATION - { status: :authentication_failure } + { status: :authentication_failure, connection_error: :authentication_error } rescue Kubeclient::HttpError => e - { status: kubeclient_error_status(e.message) } + { status: kubeclient_error_status(e.message), connection_error: :http_error } rescue => e Gitlab::ErrorTracking.track_exception(e, cluster_id: cluster_id) - { status: :unknown_failure } + { status: :unknown_failure, connection_error: :unknown_error } end # KubeClient uses the same error class diff --git a/lib/gitlab/kubernetes/node.rb b/lib/gitlab/kubernetes/node.rb index bd765ef3852..d516bdde6f6 100644 --- a/lib/gitlab/kubernetes/node.rb +++ b/lib/gitlab/kubernetes/node.rb @@ -8,22 +8,29 @@ module Gitlab end def all - nodes.map do |node| - attributes = node(node) - attributes.merge(node_metrics(node)) - end + { + nodes: metadata.presence, + node_connection_error: nodes_from_cluster[:connection_error], + metrics_connection_error: nodes_metrics_from_cluster[:connection_error] + }.compact end private attr_reader :cluster + def metadata + nodes.map do |node| + base_data(node).merge(node_metrics(node)) + end + end + def nodes_from_cluster - graceful_request { cluster.kubeclient.get_nodes } + @nodes_from_cluster ||= graceful_request { cluster.kubeclient.get_nodes } end def nodes_metrics_from_cluster - graceful_request { cluster.kubeclient.metrics_client.get_nodes } + @nodes_metrics_from_cluster ||= graceful_request { cluster.kubeclient.metrics_client.get_nodes } end def nodes @@ -44,7 +51,7 @@ module Gitlab ::Gitlab::Kubernetes::KubeClient.graceful_request(cluster.id, &block) end - def node(node) + def base_data(node) { 'metadata' => { 'name' => node.metadata.name diff --git a/lib/gitlab/markdown_cache.rb b/lib/gitlab/markdown_cache.rb index 21797bf988d..ac3492dbe33 100644 --- a/lib/gitlab/markdown_cache.rb +++ b/lib/gitlab/markdown_cache.rb @@ -3,7 +3,7 @@ module Gitlab module MarkdownCache # Increment this number every time the renderer changes its output - CACHE_COMMONMARK_VERSION = 23 + CACHE_COMMONMARK_VERSION = 24 CACHE_COMMONMARK_VERSION_START = 10 BaseError = Class.new(StandardError) |