Merge branch 'security-exclude_ids_attribute_cleaning-ce' into 'master'
Ensure attributes that end in `_ids` are cleaned See merge request gitlab/gitlabhq!3561
This commit is contained in:
commit
088c3f9ab4
3 changed files with 10 additions and 2 deletions
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Ensure are cleaned by ImportExport::AttributeCleaner
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -4,7 +4,7 @@ module Gitlab
|
|||
module ImportExport
|
||||
class AttributeCleaner
|
||||
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + %w[group_id commit_id]
|
||||
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_html\Z/).freeze
|
||||
PROHIBITED_REFERENCES = Regexp.union(/\Acached_markdown_version\Z/, /_id\Z/, /_ids\Z/, /_html\Z/).freeze
|
||||
|
||||
def self.clean(*args)
|
||||
new(*args).clean
|
||||
|
|
|
@ -26,7 +26,10 @@ describe Gitlab::ImportExport::AttributeCleaner do
|
|||
'_html' => '<p>perfectly ordinary html</p>',
|
||||
'cached_markdown_version' => 12345,
|
||||
'group_id' => 99,
|
||||
'commit_id' => 99
|
||||
'commit_id' => 99,
|
||||
'issue_ids' => [1, 2, 3],
|
||||
'merge_request_ids' => [1, 2, 3],
|
||||
'note_ids' => [1, 2, 3]
|
||||
}
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue