Prevent templated services from being imported

Templated services should only be created by admins and does not
apply to project import/export.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54189
This commit is contained in:
Stan Hu 2018-11-17 21:45:05 -08:00
parent b14057874e
commit 2e3674f7a8
4 changed files with 37 additions and 1 deletions

View file

@ -0,0 +1,5 @@
---
title: Prevent templated services from being imported
merge_request:
author:
type: security

View file

@ -154,6 +154,8 @@ excluded_attributes:
- :encrypted_token_iv
- :encrypted_url
- :encrypted_url_iv
services:
- :template
methods:
labels:

View file

@ -101,6 +101,28 @@
]
}
],
"services": [
{
"id": 100,
"title": "JetBrains TeamCity CI",
"project_id": 5,
"created_at": "2016-06-14T15:01:51.315Z",
"updated_at": "2016-06-14T15:01:51.315Z",
"active": false,
"properties": {},
"template": true,
"push_events": true,
"issues_events": true,
"merge_requests_events": true,
"tag_push_events": true,
"note_events": true,
"job_events": true,
"type": "TeamcityService",
"category": "ci",
"default": false,
"wiki_page_events": true
}
],
"snippets": [],
"hooks": []
}

View file

@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
issues: 1,
labels: 1,
milestones: 1,
first_issue_labels: 1
first_issue_labels: 1,
services: 1
context 'project.json file access check' do
it 'does not read a symlink' do
@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json")
end
it 'does not import any templated services' do
restored_project_json
expect(project.services.where(template: true).count).to eq(0)
end
it 'imports labels' do
create(:group_label, name: 'Another label', group: project.group)