summaryrefslogtreecommitdiff
path: root/spec/validators
Commit message (Collapse)AuthorAgeFilesLines
* Allow to load ECDSA certificates for pages domainsVladimir Shushlin2019-09-071-0/+54
| | | | Just replace RSA.new with PKey.read
* Avoid checking dns rebind protection in validationFrancisco Javier López2019-09-051-0/+37
|
* Refactor SystemHookUrlValidator and specsGeorge Koltsov2019-08-022-74/+2
| | | | | | Simplify SystemHookUrlValidator to inherit from PublicUrlValidator Refactor specs to move out shared examples to be used in both system hooks and public url validators.
* Update security/webhooks.md doc page & specsGeorge Koltsov2019-08-021-10/+15
| | | | | | Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples
* Update translations in gitlab.potGeorge Koltsov2019-08-021-0/+2
|
* Add SystemHookUrlValidator specGeorge Koltsov2019-08-021-0/+51
|
* Allow blank but not nil in validationsReuben Pereira2019-07-311-19/+11
| | | | | | - The most common use case for qualified_domain_validator currently is to allow blank ([]) but not allow nil. Modify the qualified_domain_validator to support this use case.
* Add validator for qualidied domain arrayReuben Pereira2019-07-231-0/+111
| | | | | - Validate that the entries contain no unicode, html tags and are not larger than 255 characters.
* Fix color validation regexHeinrich Lee Yu2019-06-251-0/+43
| | | | Also prevents ReDoS vulnerability
* Align UrlValidator to validate_url gem implementation.Thong Kuah2019-04-112-25/+114
| | | | | | | Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: allow_nil, allow_blank, message. Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-091-0/+87
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"Andreas Brandl2019-04-051-87/+0
| | | This reverts merge request !26823
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-051-0/+87
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Fix Bitbucket importFrancisco Javier López2019-03-141-2/+7
| | | | | | | | | | | | In https://gitlab.com/gitlab-org/gitlab-ce/commit/ebf16ada856efb85424a98848c141f21e609886a we introduced a SHA validator, to ensure that the data provided in merge request diffs, was legit. Nevertheless, the validator assumed that the SHA should be 40 chars long. When we import a project from BitBucket, the retrieved SHA is shorter (12 chars long). Therefore, this validator prevented to create a valid MergeRequestDiff for ever MergeRequest (triggering an exception).
* Merge branch 'fix/email_validator' into 'master'Stan Hu2019-03-091-0/+94
|\ | | | | | | | | | | | | Align EmailValidator to validate_email gem implementation. Closes #57352 See merge request gitlab-org/gitlab-ce!24971
| * Align EmailValidator to validate_email gem implementation.Horatiu Eugen Vlad2019-03-051-0/+94
| | | | | | | | | | | | Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: regex.
* | Add frozen_string_literal to new filesStan Hu2019-03-041-0/+2
| |
* | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-03-041-0/+40
|/
* remove newly supported regex feature from validation error testRoger Rüttimann2019-01-141-2/+0
|
* Add table and model for error tracking settingsReuben Pereira2019-01-071-0/+51
|
* Allow URLs to be validated as ascii_onlyJames Edwards-Jones2018-12-061-0/+29
| | | | | Restricts unicode characters and IDNA deviations which could be used in a phishing attack
* Merge branch 'security-fj-crlf-injection' into 'master'Cindy Pallares2018-11-281-0/+26
| | | | | [master] Fix CRLF issue in UrlValidator See merge request gitlab/gitlabhq!2627
* Allow UrlValidator to work with attr_encryptedNick Thomas2018-09-171-0/+15
|
* Merge branch 'filter-web-hooks-by-branch' into 'master'Dmitriy Zaporozhets2018-09-051-0/+42
|\ | | | | | | | | Filter web hooks by branch See merge request gitlab-org/gitlab-ce!19513
| * Filter project hooks by branchDuana Saskia2018-08-131-0/+42
| | | | | | | | | | | | Allow specificying a branch filter for a project hook and only trigger a project hook if either the branch filter is blank or the branch matches. Only supported for push_events for now.
* | Allow whitelisting for "external collaborator by default" settingRoger Rüttimann2018-08-301-0/+27
|/
* Avoid checking the user format in every url validationFrancisco Javier López2018-06-111-5/+48
|
* Add validation to webhook and service URLs to ensure they are not blocked ↵Francisco Javier López2018-06-013-65/+70
| | | | because of SSRF
* Projects and groups badges APIFrancisco Javier López2018-03-052-0/+85
|
* Add more information in variable_duplicates validator error messageMatija Čupić2018-02-131-2/+2
|
* Add specs for VariableDuplicates validatorMatija Čupić2018-02-131-0/+67
|
* Validate User username only on Namespace, and bubble up appropriatelyDouwe Maan2018-02-061-38/+0
|
* Reallow project paths ending in periodsdm-reallow-project-path-ending-in-periodDouwe Maan2017-11-064-97/+114
|
* Change all `:empty_project` to `:project`rs-empty_project-defaultRobert Speicher2017-08-021-2/+2
|
* Ensure all project factories use `:repository` trait or `:empty_project`rs-empty_project-cleanupRobert Speicher2017-08-011-1/+1
|
* Rebuild the dynamic path before validating itbvl-validate-path-updateBob Van Landuyt2017-06-211-0/+9
| | | | | Otherwise we won't validate updates to the path. Allowing users to change the path to something that's not allowed.
* Avoid crash when trying to parse string with invalid UTF-8 sequenceBob Van Landuyt2017-05-301-0/+22
|
* Revert "Remove changes that are not absolutely necessary"Douwe Maan2017-05-241-7/+7
| | | This reverts commit b0498c176fa134761d899c9b369be12f1ca789c5
* Remove changes that are not absolutely necessarydm-fix-routesDouwe Maan2017-05-231-7/+7
|
* Fix ambiguous routing issues by teaching router about reserved wordsDouwe Maan2017-05-231-225/+25
|
* Add a better error message when a certain path is missingBob Van Landuyt2017-05-021-3/+34
|
* Update path validation & specsBob Van Landuyt2017-05-021-3/+40
|
* Reuse Gitlab::Regex.full_namespace_regex in the DynamicPathValidatorBob Van Landuyt2017-05-021-1/+10
|
* Reject group-routes as names of child namespacesBob Van Landuyt2017-05-011-25/+51
|
* Reject paths following namespace for paths including 2 `*`Bob Van Landuyt2017-05-011-12/+14
| | | | | Reject the part following `/*namespace_id/:project_id` for paths containing 2 wildcard parameters
* Use `%r{}` regexes to avoid having to escape `/`Bob Van Landuyt2017-05-011-5/+5
|
* The dynamic path validator can block out partial pathsBob Van Landuyt2017-05-011-60/+80
| | | | So we can block `objects` only when it is contained in `info/lfs` or `gitlab-lfs`
* Make path validation case-insensitiveBob Van Landuyt2017-05-011-1/+7
|
* Rename `NamespaceValidator` to `DynamicPathValidator`Bob Van Landuyt2017-05-011-1/+1
| | | | This reflects better that it validates paths instead of a namespace model
* Split off validating full pathsBob Van Landuyt2017-05-011-0/+20
| | | | | The first part of a full path needs to be validated as a `top_level` while the rest need to be validated as `wildcard`
View Lorry Controller Status