Add latest changes from gitlab-org/gitlab@master

2021-03-08 00:09:10 +00:00 · 2021-03-08 00:09:10 +00:00 · 0b48416b38
commit 0b48416b38
parent 4660a51d93
7 changed files with 70 additions and 25 deletions
--- a/app/assets/javascripts/vue_merge_request_widget/components/states/ready_to_merge.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/ready_to_merge.vue
@ -5,6 +5,7 @@ import {
  GlButtonGroup,
  GlDropdown,
  GlDropdownItem,
+  GlFormCheckbox,
  GlSprintf,
  GlLink,
  GlTooltipDirective,
@ -81,6 +82,7 @@ export default {
    GlButtonGroup,
    GlDropdown,
    GlDropdownItem,
+    GlFormCheckbox,
    GlSkeletonLoader,
    MergeTrainHelperText: () =>
      import('ee_component/vue_merge_request_widget/components/merge_train_helper_text.vue'),
@ -495,16 +497,15 @@ export default {
            </gl-button-group>
            <div class="media-body-wrap space-children">
              <template v-if="shouldShowMergeControls">
-                <label v-if="canRemoveSourceBranch">
-                  <input
-                    id="remove-source-branch-input"
-                    v-model="removeSourceBranch"
-                    :disabled="isRemoveSourceBranchButtonDisabled"
-                    class="js-remove-source-branch-checkbox"
-                    type="checkbox"
-                  />
+                <gl-form-checkbox
+                  v-if="canRemoveSourceBranch"
+                  id="remove-source-branch-input"
+                  v-model="removeSourceBranch"
+                  :disabled="isRemoveSourceBranchButtonDisabled"
+                  class="js-remove-source-branch-checkbox gl-min-h-7 gl-display-flex gl-align-items-center gl-mr-2"
+                >
                  {{ __('Delete source branch') }}
-                </label>
+                </gl-form-checkbox>

                <!-- Placeholder for EE extension of this component -->
                <squash-before-merge
--- a/app/assets/javascripts/vue_merge_request_widget/components/states/squash_before_merge.vue
+++ b/app/assets/javascripts/vue_merge_request_widget/components/states/squash_before_merge.vue
@ -44,7 +44,7 @@ export default {
      :checked="value"
      :disabled="isDisabled"
      name="squash"
-      class="qa-squash-checkbox js-squash-checkbox gl-mb-0 gl-mr-2"
+      class="qa-squash-checkbox js-squash-checkbox gl-min-h-7 gl-display-flex gl-align-items-center gl-mr-2"
      :title="tooltipTitle"
      @change="(checked) => $emit('input', checked)"
    >
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@ -62,16 +62,16 @@ The following languages and dependency managers are supported:

 | Package Managers | Languages  | Supported files | Scan tools |
 | ------------------- | --------- | --------------- | ------------ |
-| [Bundler](https://bundler.io/) | Ruby | `Gemfile.lock`, `gems.locked` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium), [bundler-audit](https://github.com/rubysec/bundler-audit) |
-| [Composer](https://getcomposer.org/) | PHP | `composer.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [Conan](https://conan.io/) | C, C++ | [`conan.lock`](https://docs.conan.io/en/latest/versioning/lockfiles.html) | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [Golang](https://golang.org/) | Go | `go.sum` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) | Java | `build.gradle`, `build.gradle.kts`, `pom.xml` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [npm](https://www.npmjs.com/), [yarn](https://classic.yarnpkg.com/en/) 1.x | JavaScript | `package-lock.json`, `npm-shrinkwrap.json`, `yarn.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
+| [Bundler](https://bundler.io/) | Ruby | `Gemfile.lock`, `gems.locked` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium), [bundler-audit](https://github.com/rubysec/bundler-audit) |
+| [Composer](https://getcomposer.org/) | PHP | `composer.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [Conan](https://conan.io/) | C, C++ | [`conan.lock`](https://docs.conan.io/en/latest/versioning/lockfiles.html) | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [Golang](https://golang.org/) | Go | `go.sum` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [Gradle](https://gradle.org/), [Maven](https://maven.apache.org/) | Java | `build.gradle`, `build.gradle.kts`, `pom.xml` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [npm](https://www.npmjs.com/), [yarn](https://classic.yarnpkg.com/en/) 1.x | JavaScript | `package-lock.json`, `npm-shrinkwrap.json`, `yarn.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
 | [npm](https://www.npmjs.com/) (7 and earlier), [yarn](https://classic.yarnpkg.com/en/) 1.x | JavaScript | `package.json` | [Retire.js](https://retirejs.github.io/retire.js/) |
-| [NuGet](https://www.nuget.org/) 4.9+ | .NET, C# | [`packages.lock.json`](https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#enabling-lock-file) | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [`setuptools`](https://setuptools.readthedocs.io/en/latest/), [pip](https://pip.pypa.io/en/stable/), [Pipenv](https://pipenv.pypa.io/en/latest/) (*1*) | Python | `setup.py`, `requirements.txt`, `requirements.pip`, `requires.txt`, `Pipfile`, `Pipfile.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
-| [sbt](https://www.scala-sbt.org/) (*2*) | Scala | `build.sbt` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) |
+| [NuGet](https://www.nuget.org/) 4.9+ | .NET, C# | [`packages.lock.json`](https://docs.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#enabling-lock-file) | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [`setuptools`](https://setuptools.readthedocs.io/en/latest/), [pip](https://pip.pypa.io/en/stable/), [Pipenv](https://pipenv.pypa.io/en/latest/) (*1*) | Python | `setup.py`, `requirements.txt`, `requirements.pip`, `requires.txt`, `Pipfile`, `Pipfile.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |
+| [sbt](https://www.scala-sbt.org/) (*2*) | Scala | `build.sbt` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) |

 1. [Pipenv](https://pipenv.pypa.io/en/latest/) projects are scanned when a `Pipfile` is present.
 1. Support for [sbt](https://www.scala-sbt.org/) 1.3 and above was added in GitLab 13.9.
@ -80,7 +80,7 @@ Plans are underway for supporting the following languages, dependency managers,

 | Package Managers    | Languages | Supported files | Scan tools | Issue |
 | ------------------- | --------- | --------------- | ---------- | ----- |
-| [Poetry](https://python-poetry.org/) | Python | `poetry.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/gemnasium) | [GitLab#7006](https://gitlab.com/gitlab-org/gitlab/-/issues/7006) |
+| [Poetry](https://python-poetry.org/) | Python | `poetry.lock` | [Gemnasium](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) | [GitLab#7006](https://gitlab.com/gitlab-org/gitlab/-/issues/7006) |

 ## Contribute your scanner

--- a/lib/gitlab/query_limiting/active_support_subscriber.rb
+++ b/lib/gitlab/query_limiting/active_support_subscriber.rb
@ -6,9 +6,10 @@ module Gitlab
      attach_to :active_record

      def sql(event)
-        unless event.payload.fetch(:cached, event.payload[:name] == 'CACHE')
-          Transaction.current&.increment
-        end
+        return if !Transaction.current || event.payload.fetch(:cached, event.payload[:name] == 'CACHE')
+
+        Transaction.current.increment
+        Transaction.current.executed_sql(event.payload[:sql])
      end
    end
  end
--- a/lib/gitlab/query_limiting/transaction.rb
+++ b/lib/gitlab/query_limiting/transaction.rb
@ -15,6 +15,7 @@ module Gitlab
      # the sake of keeping things simple we hardcode this value here, it's not
      # supposed to be changed very often anyway.
      THRESHOLD = 100
+      LOG_THRESHOLD = THRESHOLD * 1.5

      # Error that is raised whenever exceeding the maximum number of queries.
      ThresholdExceededError = Class.new(StandardError)
@ -45,6 +46,7 @@ module Gitlab
        @action = nil
        @count = 0
        @whitelisted = false
+        @sql_executed = []
      end

      # Sends a notification based on the number of executed SQL queries.
@ -60,6 +62,10 @@ module Gitlab
        @count += 1 unless whitelisted
      end

+      def executed_sql(sql)
+        @sql_executed << sql if @count <= LOG_THRESHOLD
+      end
+
      def raise_error?
        Rails.env.test?
      end
@ -71,8 +77,11 @@ module Gitlab
      def error_message
        header = 'Too many SQL queries were executed'
        header = "#{header} in #{action}" if action
+        msg = "a maximum of #{THRESHOLD} is allowed but #{count} SQL queries were executed"
+        log = @sql_executed.each_with_index.map { |sql, i| "#{i}: #{sql}" }.join("\n").presence
+        ellipsis = '...' if @count > LOG_THRESHOLD

-        "#{header}: a maximum of #{THRESHOLD} is allowed but #{count} SQL queries were executed"
+        ["#{header}: #{msg}", log, ellipsis].compact.join("\n")
      end
    end
  end
--- a/spec/lib/gitlab/query_limiting/active_support_subscriber_spec.rb
+++ b/spec/lib/gitlab/query_limiting/active_support_subscriber_spec.rb
@ -3,7 +3,7 @@
 require 'spec_helper'

 RSpec.describe Gitlab::QueryLimiting::ActiveSupportSubscriber do
-  let(:transaction) { instance_double(Gitlab::QueryLimiting::Transaction, increment: true) }
+  let(:transaction) { instance_double(Gitlab::QueryLimiting::Transaction, executed_sql: true, increment: true) }

  before do
    allow(Gitlab::QueryLimiting::Transaction)
@ -18,6 +18,11 @@ RSpec.describe Gitlab::QueryLimiting::ActiveSupportSubscriber do
      expect(transaction)
        .to have_received(:increment)
        .once
+
+      expect(transaction)
+        .to have_received(:executed_sql)
+        .once
+        .with(String)
    end

    context 'when the query is actually a rails cache hit' do
@ -30,6 +35,11 @@ RSpec.describe Gitlab::QueryLimiting::ActiveSupportSubscriber do
        expect(transaction)
          .to have_received(:increment)
          .once
+
+        expect(transaction)
+          .to have_received(:executed_sql)
+          .once
+          .with(String)
      end
    end
  end
--- a/spec/lib/gitlab/query_limiting/transaction_spec.rb
+++ b/spec/lib/gitlab/query_limiting/transaction_spec.rb
@ -118,6 +118,30 @@ RSpec.describe Gitlab::QueryLimiting::Transaction do
      )
    end

+    it 'includes a list of executed queries' do
+      transaction = described_class.new
+      transaction.count = max = described_class::THRESHOLD
+      %w[foo bar baz].each { |sql| transaction.executed_sql(sql) }
+
+      message = transaction.error_message
+
+      expect(message).to start_with(
+        "Too many SQL queries were executed: a maximum of #{max} " \
+        "is allowed but #{max} SQL queries were executed"
+      )
+
+      expect(message).to include("0: foo", "1: bar", "2: baz")
+    end
+
+    it 'indicates if the log is truncated' do
+      transaction = described_class.new
+      transaction.count = described_class::THRESHOLD * 2
+
+      message = transaction.error_message
+
+      expect(message).to end_with('...')
+    end
+
    it 'includes the action name in the error message when present' do
      transaction = described_class.new
      transaction.count = max = described_class::THRESHOLD