| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
| |
[ci skip]
|
| |\
| |
| |
| |
| | |
Update Gitaly to v1.42.7 for security fix
See merge request gitlab/gitlabhq!3299
|
| |/ |
|
| |\
| |
| |
| |
| | |
Fix gitlab api token recovery
See merge request gitlab/gitlabhq!3294
|
| |/ |
|
| |\
| |
| |
| |
| | |
Fix migration-paths job for 11-11
See merge request gitlab-org/gitlab-ce!31475
|
| |/
|
|
|
| |
v9.3.0 were using gemnasium-gitlab-service which was yanked on
rubygems
|
| |
|
|
| |
Resolves static-analysis warnings about caniuse-lite being outdated.
|
| | |
|
| |
|
| |
[ci skip]
|
| |
|
|
| |
[ci skip]
|
| |
|
|
| |
This reverts commit 9afc6928d2c898dea6fbb4845e037e9ecd57ad24.
|
| | |
|
| |
|
| |
[ci skip]
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
'11-11-stable'
Don't display badges when builds are restricted
See merge request gitlab/gitlabhq!3186
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Badges were leaked to unauthorized users even when Public Builds
project setting is disabled.
Added guard clause to the controller to check if user can read
build.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'11-11-stable'
Extract SanitizeNodeLink and apply to WikiLinkFilter
See merge request gitlab/gitlabhq!3202
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The SanitizationFilter was running before the WikiFilter. Since
WikiFilter can modify links, we could see links that _should_ be stopped
by SanatizationFilter being rendered on the page. I (kerrizor) had
previously addressed the bug in: https://gitlab.com/gitlab-org/gitlab-ee/commit/7bc971915bbeadb950bb0e1f13510bf3038229a4
However, an additional exploit was discovered after that was merged.
Working through the issue, we couldn't simply shuffle the order of
filters, due to some implicit assumptions about the order of filters, so
instead we've extracted the logic that sanitizes a Nokogiri-generated
Node object, and applied it to the WikiLinkFilter as well.
On moving filters around:
Once we start moving around filters, we get cascading failures; fix one,
another one crops up. Many of the existing filters in the WikiPipeline
chain seem to assume that other filters have already done their work,
and thus operate on a "transform anything that's left" basis;
WikiFilter, for instance, assumes any link it finds in the markdown
should be prepended with the wiki_base_path.. but if it does that, it
also turns `href="@user"` into `href="/path/to/wiki/@user"`, which the
UserReferenceFilter doesn't see as a user reference it needs to
transform into a user profile link. This is true for all the reference
filters in the WikiPipeline.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Do not allow localhost url redirection in GitHub Integration
See merge request gitlab/gitlabhq!3207
|
| | |/ / |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Server Side Request Forgery mitigation bypass
See merge request gitlab/gitlabhq!3214
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When we can't resolve the hostname or it is invalid, we shouldn't
even perform the request. This fix also fixes the problem the
SSRF rebinding attack.
We can't stub feature flags outside example blocks. Nevertheless,
there are some actions that calls the UrlBlocker, that are performed
outside example blocks, ie: `set` instruction.
That's why we have to use some signalign mechanism outside the scope
of the specs.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
MR pipeline permissions
See merge request gitlab/gitlabhq!3217
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
MergeRequest#all_pipelines
MergeRequest#all_pipelines fetches Ci::Pipeline records from the source
project, so we should specifically check that project for permissions.
This was already happening for intra-project merge requests, but in the
event that the target and source projects both have private builds, we
should ensure that the project permissions are respected.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'11-11-stable'
Drop feature to take ownership of a trigger token
See merge request gitlab/gitlabhq!3228
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | | |
Removing API and frontend interactions that allowed
users to take ownership of a trigger token.
Removed mentions from the documentation.
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
'security-2873-restrict-slash-commands-to-users-who-can-log-in-11-11' into '11-11-stable'
Restrict slash commands to users who can log in
See merge request gitlab/gitlabhq!3239
|
| | |/ / |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Filter params in MR build service
See merge request gitlab/gitlabhq!3255
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Reusing the existing `IssuableBaseService#filter_params` which uses
the policies to determine what params a user can set, and which values
it can be set to.
This also removed the need for the seperate call to
`IssuableBaseService#ensure_milestone_available`.
The `Issues::BuildService` does not suffer from this because it limits
the params that are assignable to the `title`, `description` and
`milestone_id`.
|
| |\ \ \ \
| |/ / /
|/| | |
| | | |
| | | | |
Do not show moved issue ids for user not authorized
See merge request gitlab/gitlabhq!3264
|
| | |/ /
| | |
| | |
| | | |
Do not show moved issue id for users that cannot read issue
|
| |/ /
| |
| |
| |
| |
| |
| | |
Fix order-dependent spec failure in appearance_spec.rb
Closes #64083
See merge request gitlab-org/gitlab-ce!30323
|
| | |
| |
| | |
[ci skip]
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'11-11-stable'
Support object storage at FileMover class
See merge request gitlab/gitlabhq!3196
|
| |/ / |
|
| | | |
|
| |/
|
| |
[ci skip]
|
| |\
| |
| |
| |
| | |
Ability to write a note in a private snippet
See merge request gitlab/gitlabhq!3141
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the Snippets::NotesController the noteable was resolved and
authorized through the :snippet_id, so by passing a :target_id for a
different snippet it was possible to create a note on a snippet
where the user would be unauthorized to do so otherwise.
This fixes the problem by ignoring the :target_id and :target_type from
the request, and using the same noteable for creation and authorization.
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'11-11-stable'
Prevent Billion Laughs attack
See merge request gitlab/gitlabhq!3144
|
| | |/
| |
| |
| |
| |
| | |
It keeps track of the memory being used when loading the YAML file
as well as the depth of nesting.
Track exception when YAML is too big
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
'security-prevent-detection-of-merge-request-template-name-11-11' into '11-11-stable'
Guests can know whether merge request template name exists or not
See merge request gitlab/gitlabhq!3149
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously, if a user was a guest member of a private project, they
could access the merge request template as we were not checking
permission-levels of the user.
When a issue template is asked for, the user must have :read_issue for
the project; or :read_merge_request when a merge request template is
asked for.
We also now rescue_from FileNotFoundError and handle as 404. This is
because RepoTemplateFinder can raise a FileNotFoundError exception,
which Rails previously handled as a 500.
Handling these in a way that is consistent with
ActiveRecord::RecordNotFound exceptions, within controllers that
inherit from Projects::ApplicationController at least, and returning a
404.
https://gitlab.com/gitlab-org/gitlab-ce/issues/54943
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix MR head pipeline leak
See merge request gitlab/gitlabhq!3155
|
| | | | | |
|
| | |/ / |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | | |
Fix DOS when rendering issue/MR comments
See merge request gitlab/gitlabhq!3158
|
