Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
9695fcf519
commit
43feb20dca
|
@ -1 +1 @@
|
||||||
ba02c22370d12ccf8ec464497603394effbaf8b0
|
038b442dc21c71a69ad170a61ce79a12a74fb725
|
||||||
|
|
|
@ -11,8 +11,8 @@
|
||||||
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
|
"description": "Analyzer image's registry prefix (or name of the registry providing the analyzers' image)"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"field" : "SAST_EXCLUDED_PATHS",
|
"field": "SAST_EXCLUDED_PATHS",
|
||||||
"label" : "Excluded Paths",
|
"label": "Excluded Paths",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default_value": "",
|
"default_value": "",
|
||||||
"value": "",
|
"value": "",
|
||||||
|
@ -22,8 +22,8 @@
|
||||||
],
|
],
|
||||||
"pipeline": [
|
"pipeline": [
|
||||||
{
|
{
|
||||||
"field" : "stage",
|
"field": "stage",
|
||||||
"label" : "Stage",
|
"label": "Stage",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default_value": "",
|
"default_value": "",
|
||||||
"value": "",
|
"value": "",
|
||||||
|
@ -31,8 +31,8 @@
|
||||||
"description": "Pipeline stage in which the scan jobs run"
|
"description": "Pipeline stage in which the scan jobs run"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"field" : "SEARCH_MAX_DEPTH",
|
"field": "SEARCH_MAX_DEPTH",
|
||||||
"label" : "Search maximum depth",
|
"label": "Search maximum depth",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default_value": "",
|
"default_value": "",
|
||||||
"value": "",
|
"value": "",
|
||||||
|
@ -41,32 +41,15 @@
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"analyzers": [
|
"analyzers": [
|
||||||
{
|
|
||||||
"name": "bandit",
|
|
||||||
"label": "Bandit",
|
|
||||||
"enabled" : true,
|
|
||||||
"description": "Python",
|
|
||||||
"variables": [
|
|
||||||
{
|
|
||||||
"field" : "SAST_BANDIT_EXCLUDED_PATHS",
|
|
||||||
"label" : "Paths to exclude from scan",
|
|
||||||
"type": "string",
|
|
||||||
"default_value": "",
|
|
||||||
"value": "",
|
|
||||||
"size": "SMALL",
|
|
||||||
"description": "Comma-separated list of paths to exclude from scan. Uses Python’s 'fnmatch' syntax; For example: '*/tests/*, */venv/*'"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "brakeman",
|
"name": "brakeman",
|
||||||
"label": "Brakeman",
|
"label": "Brakeman",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Ruby on Rails",
|
"description": "Ruby on Rails",
|
||||||
"variables": [
|
"variables": [
|
||||||
{
|
{
|
||||||
"field" : "SAST_BRAKEMAN_LEVEL",
|
"field": "SAST_BRAKEMAN_LEVEL",
|
||||||
"label" : "Brakeman confidence level",
|
"label": "Brakeman confidence level",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default_value": "1",
|
"default_value": "1",
|
||||||
"value": "",
|
"value": "",
|
||||||
|
@ -75,22 +58,15 @@
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "eslint",
|
|
||||||
"label": "ESLint",
|
|
||||||
"enabled" : true,
|
|
||||||
"description": "JavaScript, TypeScript, React",
|
|
||||||
"variables": []
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "flawfinder",
|
"name": "flawfinder",
|
||||||
"label": "Flawfinder",
|
"label": "Flawfinder",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "C, C++",
|
"description": "C, C++",
|
||||||
"variables": [
|
"variables": [
|
||||||
{
|
{
|
||||||
"field" : "SAST_FLAWFINDER_LEVEL",
|
"field": "SAST_FLAWFINDER_LEVEL",
|
||||||
"label" : "Flawfinder risk level",
|
"label": "Flawfinder risk level",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default_value": "1",
|
"default_value": "1",
|
||||||
"value": "",
|
"value": "",
|
||||||
|
@ -99,55 +75,38 @@
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "gosec",
|
|
||||||
"label": "Gosec",
|
|
||||||
"enabled" : true,
|
|
||||||
"description": "Go",
|
|
||||||
"variables": [
|
|
||||||
{
|
|
||||||
"field" : "SAST_GOSEC_LEVEL",
|
|
||||||
"label" : "Gosec confidence level",
|
|
||||||
"type": "string",
|
|
||||||
"default_value": "0",
|
|
||||||
"value": "",
|
|
||||||
"size": "SMALL",
|
|
||||||
"description": "Ignore Gosec vulnerabilities under given confidence level. Integer, 0=Undefined, 1=Low, 2=Medium, 3=High."
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "kubesec",
|
"name": "kubesec",
|
||||||
"label": "Kubesec",
|
"label": "Kubesec",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Kubernetes manifests, Helm Charts",
|
"description": "Kubernetes manifests, Helm Charts",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "nodejs-scan",
|
"name": "nodejs-scan",
|
||||||
"label": "Node.js Scan",
|
"label": "Node.js Scan",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Node.js",
|
"description": "Node.js",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "phpcs-security-audit",
|
"name": "phpcs-security-audit",
|
||||||
"label": "PHP Security Audit",
|
"label": "PHP Security Audit",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "PHP",
|
"description": "PHP",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "pmd-apex",
|
"name": "pmd-apex",
|
||||||
"label": "PMD APEX",
|
"label": "PMD APEX",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Apex (Salesforce)",
|
"description": "Apex (Salesforce)",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "security-code-scan",
|
"name": "security-code-scan",
|
||||||
"label": "Security Code Scan",
|
"label": "Security Code Scan",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": ".NET Core, .NET Framework",
|
"description": ".NET Core, .NET Framework",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
|
@ -161,14 +120,14 @@
|
||||||
{
|
{
|
||||||
"name": "sobelow",
|
"name": "sobelow",
|
||||||
"label": "Sobelow",
|
"label": "Sobelow",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Elixir (Phoenix)",
|
"description": "Elixir (Phoenix)",
|
||||||
"variables": []
|
"variables": []
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "spotbugs",
|
"name": "spotbugs",
|
||||||
"label": "Spotbugs",
|
"label": "Spotbugs",
|
||||||
"enabled" : true,
|
"enabled": true,
|
||||||
"description": "Groovy, Java, Scala",
|
"description": "Groovy, Java, Scala",
|
||||||
"variables": []
|
"variables": []
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/356464
|
||||||
milestone: '14.9'
|
milestone: '14.9'
|
||||||
type: ops
|
type: ops
|
||||||
group: group::threat insights
|
group: group::threat insights
|
||||||
default_enabled: false
|
default_enabled: true
|
||||||
|
|
|
@ -30,9 +30,11 @@ Parameters:
|
||||||
|
|
||||||
```graphql
|
```graphql
|
||||||
mutation CreateCustomEmoji($groupPath: ID!) {
|
mutation CreateCustomEmoji($groupPath: ID!) {
|
||||||
createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", file: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif", external: true}) {
|
createCustomEmoji(input: {groupPath: $groupPath, name: "party-parrot", url: "https://cultofthepartyparrot.com/parrots/hd/parrot.gif"}) {
|
||||||
clientMutationId
|
clientMutationId
|
||||||
|
customEmoji {
|
||||||
name
|
name
|
||||||
|
}
|
||||||
errors
|
errors
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -198,11 +198,11 @@ The response is `404 Not Found` if the vulnerability export is not finished yet
|
||||||
Example response:
|
Example response:
|
||||||
|
|
||||||
```csv
|
```csv
|
||||||
Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity,
|
Group Name,Project Name,Tool,Scanner Name,Status,Vulnerability,Details,Additional Info,Severity,CVE,CWE,Other Identifiers,Detected At,Location,Activity,Comments,
|
||||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
Gitlab.org,Defend,container_scanning,Trivy,resolved,CVE-2019-14697 in musl-utils-1.1.20-r4,"musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.",CVE-2019-14697 in musl-utils-1.1.20-r4,critical,CVE-2019-14697,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl-utils""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"2022-10-07 13:41:08 UTC|root|resolved|changed vulnerability status to resolved",
|
||||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2019-19242 in sqlite-libs-3.26.0-r3,"SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.",CVE-2019-19242 in sqlite-libs-3.26.0-r3,medium,CVE-2019-19242,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""sqlite-libs""}, ""version""=>""3.26.0-r3""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
|
||||||
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,
|
Gitlab.org,Defend,container_scanning,Trivy,detected,CVE-2020-28928 in musl-1.1.20-r4,"In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).",CVE-2020-28928 in musl-1.1.20-r4,medium,CVE-2020-28928,,"",2022-10-07 13:34:41 UTC,"{""image""=>""python:3.4-alpine"", ""dependency""=>{""package""=>{""name""=>""musl""}, ""version""=>""1.1.20-r4""}, ""operating_system""=>""alpine 3.9.2""}",true,"",
|
||||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,
|
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,Carefully crafted requests can cause shell escape sequences to be written to the terminal via Rack's Lint middleware and CommonLogger middleware. These escape sequences can be leveraged to possibly execute commands in the victim's terminal.,Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rack,unknown,Gemfile.lock:rack:gemnasium:60b5a27f-4e4d-4ab4-8ae7-74b4b212e177,,Gemnasium-60b5a27f-4e4d-4ab4-8ae7-74b4b212e177; GHSA-wq4h-7r42-5hrr,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
|
||||||
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,
|
Gitlab.org,Defend,dependency_scanning,Gemnasium,detected,Denial of Service Vulnerability in Rack Multipart Parsing in rack,"Carefully crafted multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a possible denial of service vulnerability. Impacted code will use Rack's multipart parser to parse multipart posts.",Denial of Service Vulnerability in Rack Multipart Parsing in rack,unknown,Gemfile.lock:rack:gemnasium:20daa17a-47b5-4f79-80c2-cd8f2db9805c,,Gemnasium-20daa17a-47b5-4f79-80c2-cd8f2db9805c; GHSA-hxqx-xwvh-44m2,2022-10-14 13:16:00 UTC,"{""file""=>""Gemfile.lock"", ""dependency""=>{""package""=>{""name""=>""rack""}, ""version""=>""2.2.3""}}",false,"",
|
||||||
Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false
|
Gitlab.org,Defend,sast,Brakeman,detected,Possible SQL injection,,Possible SQL injection,medium,e52f23a259cd489168b4313317ac94a3f13bffde57b9635171c1a44a9f329e9a,,"""Brakeman Warning Code 0""",2022-10-13 15:16:36 UTC,"{""file""=>""main.rb"", ""class""=>""User"", ""method""=>""index"", ""start_line""=>3}",false,""
|
||||||
```
|
```
|
||||||
|
|
|
@ -304,12 +304,24 @@ spotbugs-sast:
|
||||||
|
|
||||||
#### Pinning to minor image version
|
#### Pinning to minor image version
|
||||||
|
|
||||||
While our templates use `MAJOR` version pinning to always ensure the latest analyzer
|
The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
|
||||||
versions are pulled, there are certain cases where it can be beneficial to pin
|
|
||||||
an analyzer to a specific release. To do so, override the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
|
||||||
in the job template directly.
|
|
||||||
|
|
||||||
In the example below, we pin to a minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
|
In some cases, you may need to use a specific version.
|
||||||
|
For example, you might need to avoid a regression in a later release.
|
||||||
|
|
||||||
|
To override the automatic update behavior, set the `SAST_ANALYZER_IMAGE_TAG` CI/CD variable
|
||||||
|
in your CI/CD configuration file after you include the [`SAST.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml).
|
||||||
|
|
||||||
|
Only set this variable within a specific job.
|
||||||
|
If you set it [at the top level](../../../ci/variables/index.md#create-a-custom-cicd-variable-in-the-gitlab-ciyml-file), the version you set will be used for other SAST analyzers.
|
||||||
|
|
||||||
|
You can set the tag to:
|
||||||
|
|
||||||
|
- A major version, like `3`. Your pipelines will use any minor or patch updates that are released within this major version.
|
||||||
|
- A minor version, like `3.7`. Your pipelines will use any patch updates that are released within this minor version.
|
||||||
|
- A patch version, like `3.7.0`. Your pipelines won't receive any updates.
|
||||||
|
|
||||||
|
This example uses a specific minor version of the `semgrep` analyzer and a specific patch version of the `brakeman` analyzer:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
include:
|
include:
|
||||||
|
@ -317,11 +329,11 @@ include:
|
||||||
|
|
||||||
semgrep-sast:
|
semgrep-sast:
|
||||||
variables:
|
variables:
|
||||||
SAST_ANALYZER_IMAGE_TAG: "2.16"
|
SAST_ANALYZER_IMAGE_TAG: "3.7"
|
||||||
|
|
||||||
brakeman-sast:
|
brakeman-sast:
|
||||||
variables:
|
variables:
|
||||||
SAST_ANALYZER_IMAGE_TAG: "2.21.1"
|
SAST_ANALYZER_IMAGE_TAG: "3.1.1"
|
||||||
```
|
```
|
||||||
|
|
||||||
### False Positive Detection **(ULTIMATE)**
|
### False Positive Detection **(ULTIMATE)**
|
||||||
|
|
|
@ -124,6 +124,33 @@ widget.
|
||||||
|
|
||||||
If the scanner detects a secret you should rotate it immediately. [Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history) may not be effective in removing all references to the file. Also, the secret remains in any forks of the repository.
|
If the scanner detects a secret you should rotate it immediately. [Purging a file from the repository's history](../../project/repository/reducing_the_repo_size_using_git.md#purge-files-from-repository-history) may not be effective in removing all references to the file. Also, the secret remains in any forks of the repository.
|
||||||
|
|
||||||
|
## Pinning to specific analyzer version
|
||||||
|
|
||||||
|
The GitLab-managed CI/CD template specifies a major version and automatically pulls the latest analyzer release within that major version.
|
||||||
|
|
||||||
|
In some cases, you may need to use a specific version.
|
||||||
|
For example, you might need to avoid a regression in a later release.
|
||||||
|
|
||||||
|
To override the automatic update behavior, set the `SECRETS_ANALYZER_VERSION` CI/CD variable
|
||||||
|
in your CI/CD configuration file after you include the [`Secret-Detection.gitlab-ci.yml` template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml).
|
||||||
|
|
||||||
|
You can set the tag to:
|
||||||
|
|
||||||
|
- A major version, like `4`. Your pipelines will use any minor or patch updates that are released within this major version.
|
||||||
|
- A minor version, like `4.5`. Your pipelines will use any patch updates that are released within this minor version.
|
||||||
|
- A patch version, like `4.5.0`. Your pipelines won't receive any updates.
|
||||||
|
|
||||||
|
This example uses a specific minor version of the analyzer:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
include:
|
||||||
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
||||||
|
|
||||||
|
secret_detection:
|
||||||
|
variables:
|
||||||
|
SECRETS_ANALYZER_VERSION: "4.5"
|
||||||
|
```
|
||||||
|
|
||||||
## Configure scan settings
|
## Configure scan settings
|
||||||
|
|
||||||
The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
|
The Secret Detection scan settings can be changed through [CI/CD variables](#available-cicd-variables)
|
||||||
|
|
|
@ -219,6 +219,7 @@ Fields included are:
|
||||||
- Detected At
|
- Detected At
|
||||||
- Location
|
- Location
|
||||||
- Activity
|
- Activity
|
||||||
|
- Comments
|
||||||
|
|
||||||
NOTE:
|
NOTE:
|
||||||
Full details are available through our
|
Full details are available through our
|
||||||
|
|
|
@ -60,7 +60,8 @@ Self-managed installations can configure the following additional password requi
|
||||||
|
|
||||||
## Block weak passwords
|
## Block weak passwords
|
||||||
|
|
||||||
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default.
|
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/23610) in GitLab 15.4 [with a flag](../../administration/feature_flags.md) named `block_weak_passwords`, weak passwords aren't accepted. Disabled by default on self-managed.
|
||||||
|
> - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/363445) on GitLab.com.
|
||||||
|
|
||||||
FLAG:
|
FLAG:
|
||||||
On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator
|
On self-managed GitLab, by default blocking weak passwords is not available. To make it available, ask an administrator
|
||||||
|
|
|
@ -199,12 +199,14 @@ module API
|
||||||
mount ::API::ProjectExport
|
mount ::API::ProjectExport
|
||||||
mount ::API::ProjectHooks
|
mount ::API::ProjectHooks
|
||||||
mount ::API::ProjectRepositoryStorageMoves
|
mount ::API::ProjectRepositoryStorageMoves
|
||||||
|
mount ::API::ProjectSnippets
|
||||||
mount ::API::ProjectSnapshots
|
mount ::API::ProjectSnapshots
|
||||||
mount ::API::ProtectedBranches
|
mount ::API::ProtectedBranches
|
||||||
mount ::API::ProtectedTags
|
mount ::API::ProtectedTags
|
||||||
mount ::API::Release::Links
|
|
||||||
mount ::API::Releases
|
mount ::API::Releases
|
||||||
|
mount ::API::Release::Links
|
||||||
mount ::API::ResourceAccessTokens
|
mount ::API::ResourceAccessTokens
|
||||||
|
mount ::API::Snippets
|
||||||
mount ::API::SnippetRepositoryStorageMoves
|
mount ::API::SnippetRepositoryStorageMoves
|
||||||
mount ::API::Statistics
|
mount ::API::Statistics
|
||||||
mount ::API::Submodules
|
mount ::API::Submodules
|
||||||
|
@ -299,7 +301,6 @@ module API
|
||||||
mount ::API::ProjectImport
|
mount ::API::ProjectImport
|
||||||
mount ::API::ProjectMilestones
|
mount ::API::ProjectMilestones
|
||||||
mount ::API::ProjectPackages
|
mount ::API::ProjectPackages
|
||||||
mount ::API::ProjectSnippets
|
|
||||||
mount ::API::ProjectStatistics
|
mount ::API::ProjectStatistics
|
||||||
mount ::API::ProjectTemplates
|
mount ::API::ProjectTemplates
|
||||||
mount ::API::Projects
|
mount ::API::Projects
|
||||||
|
@ -315,7 +316,6 @@ module API
|
||||||
mount ::API::Search
|
mount ::API::Search
|
||||||
mount ::API::Settings
|
mount ::API::Settings
|
||||||
mount ::API::SidekiqMetrics
|
mount ::API::SidekiqMetrics
|
||||||
mount ::API::Snippets
|
|
||||||
mount ::API::Subscriptions
|
mount ::API::Subscriptions
|
||||||
mount ::API::Tags
|
mount ::API::Tags
|
||||||
mount ::API::Templates
|
mount ::API::Templates
|
||||||
|
|
|
@ -3,16 +3,30 @@
|
||||||
module API
|
module API
|
||||||
module Entities
|
module Entities
|
||||||
class BasicSnippet < Grape::Entity
|
class BasicSnippet < Grape::Entity
|
||||||
expose :id, :title, :description, :visibility
|
expose :id, documentation: { type: 'integer', example: 1 }
|
||||||
expose :updated_at, :created_at
|
expose :title, documentation: { type: 'string', example: 'test' }
|
||||||
expose :project_id
|
expose :description, documentation: { type: 'string', example: 'Ruby test snippet' }
|
||||||
expose :web_url do |snippet|
|
expose :visibility, documentation: { type: 'string', example: 'public' }
|
||||||
|
expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
|
||||||
|
expose :created_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
|
||||||
|
expose :updated_at, documentation: { type: 'dateTime', example: '2012-06-28T10:52:04Z' }
|
||||||
|
expose :project_id, documentation: { type: 'integer', example: 1 }
|
||||||
|
expose :web_url, documentation: {
|
||||||
|
type: 'string', example: 'http://example.com/example/example/snippets/1'
|
||||||
|
} do |snippet|
|
||||||
Gitlab::UrlBuilder.build(snippet)
|
Gitlab::UrlBuilder.build(snippet)
|
||||||
end
|
end
|
||||||
expose :raw_url do |snippet|
|
expose :raw_url, documentation: {
|
||||||
|
type: 'string', example: 'http://example.com/example/example/snippets/1/raw'
|
||||||
|
} do |snippet|
|
||||||
Gitlab::UrlBuilder.build(snippet, raw: true)
|
Gitlab::UrlBuilder.build(snippet, raw: true)
|
||||||
end
|
end
|
||||||
expose :ssh_url_to_repo, :http_url_to_repo, if: ->(snippet) { snippet.repository_exists? }
|
expose :ssh_url_to_repo, documentation: {
|
||||||
|
type: 'string', example: 'ssh://user@gitlab.example.com/snippets/65.git'
|
||||||
|
}, if: ->(snippet) { snippet.repository_exists? }
|
||||||
|
expose :http_url_to_repo, documentation: {
|
||||||
|
type: 'string', example: 'https://gitlab.example.com/snippets/65.git'
|
||||||
|
}, if: ->(snippet) { snippet.repository_exists? }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,11 +3,13 @@
|
||||||
module API
|
module API
|
||||||
module Entities
|
module Entities
|
||||||
class Snippet < BasicSnippet
|
class Snippet < BasicSnippet
|
||||||
expose :author, using: Entities::UserBasic
|
expose :author, using: Entities::UserBasic, documentation: { type: 'Entities::UserBasic' }
|
||||||
expose :file_name do |snippet|
|
expose :file_name, documentation: { type: 'string', example: 'add.rb' } do |snippet|
|
||||||
snippet_files.first || snippet.file_name
|
snippet_files.first || snippet.file_name
|
||||||
end
|
end
|
||||||
expose :files do |snippet, options|
|
expose :files, documentation: {
|
||||||
|
is_array: true, example: 'e0d123e5f316bef78bfdf5a008837577'
|
||||||
|
} do |snippet, options|
|
||||||
snippet_files.map do |file|
|
snippet_files.map do |file|
|
||||||
{
|
{
|
||||||
path: file,
|
path: file,
|
||||||
|
|
|
@ -4,7 +4,7 @@ module API
|
||||||
module Entities
|
module Entities
|
||||||
module Snippets
|
module Snippets
|
||||||
class RepositoryStorageMove < BasicRepositoryStorageMove
|
class RepositoryStorageMove < BasicRepositoryStorageMove
|
||||||
expose :snippet, using: Entities::BasicSnippet
|
expose :snippet, using: Entities::BasicSnippet, documentation: { type: 'Entities::BasicSnippet' }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,9 +3,9 @@
|
||||||
module API
|
module API
|
||||||
module Entities
|
module Entities
|
||||||
class UserAgentDetail < Grape::Entity
|
class UserAgentDetail < Grape::Entity
|
||||||
expose :user_agent
|
expose :user_agent, documentation: { type: 'string', example: 'AppleWebKit/537.36' }
|
||||||
expose :ip_address
|
expose :ip_address, documentation: { type: 'string', example: '127.0.0.1' }
|
||||||
expose :submitted, as: :akismet_submitted
|
expose :submitted, as: :akismet_submitted, documentation: { type: 'boolean', example: false }
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -34,6 +34,11 @@ module API
|
||||||
|
|
||||||
desc 'Get all project snippets' do
|
desc 'Get all project snippets' do
|
||||||
success Entities::ProjectSnippet
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
|
is_array true
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
use :pagination
|
use :pagination
|
||||||
|
@ -46,6 +51,10 @@ module API
|
||||||
|
|
||||||
desc 'Get a single project snippet' do
|
desc 'Get a single project snippet' do
|
||||||
success Entities::ProjectSnippet
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||||
|
@ -60,6 +69,12 @@ module API
|
||||||
|
|
||||||
desc 'Create a new project snippet' do
|
desc 'Create a new project snippet' do
|
||||||
success Entities::ProjectSnippet
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' },
|
||||||
|
{ code: 422, message: 'Unprocessable entity' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :title, type: String, allow_blank: false, desc: 'The title of the snippet'
|
requires :title, type: String, allow_blank: false, desc: 'The title of the snippet'
|
||||||
|
@ -91,6 +106,12 @@ module API
|
||||||
|
|
||||||
desc 'Update an existing project snippet' do
|
desc 'Update an existing project snippet' do
|
||||||
success Entities::ProjectSnippet
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' },
|
||||||
|
{ code: 422, message: 'Unprocessable entity' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||||
|
@ -132,7 +153,14 @@ module API
|
||||||
end
|
end
|
||||||
# rubocop: enable CodeReuse/ActiveRecord
|
# rubocop: enable CodeReuse/ActiveRecord
|
||||||
|
|
||||||
desc 'Delete a project snippet'
|
desc 'Delete a project snippet' do
|
||||||
|
success code: 204
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
|
end
|
||||||
params do
|
params do
|
||||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||||
end
|
end
|
||||||
|
@ -156,7 +184,13 @@ module API
|
||||||
end
|
end
|
||||||
# rubocop: enable CodeReuse/ActiveRecord
|
# rubocop: enable CodeReuse/ActiveRecord
|
||||||
|
|
||||||
desc 'Get a raw project snippet'
|
desc 'Get a raw project snippet' do
|
||||||
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
|
end
|
||||||
params do
|
params do
|
||||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||||
end
|
end
|
||||||
|
@ -168,7 +202,13 @@ module API
|
||||||
present content_for(snippet)
|
present content_for(snippet)
|
||||||
end
|
end
|
||||||
|
|
||||||
desc 'Get raw project snippet file contents from the repository'
|
desc 'Get raw project snippet file contents from the repository' do
|
||||||
|
success Entities::ProjectSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
|
end
|
||||||
params do
|
params do
|
||||||
use :raw_file_params
|
use :raw_file_params
|
||||||
end
|
end
|
||||||
|
@ -182,6 +222,10 @@ module API
|
||||||
|
|
||||||
desc 'Get the user agent details for a project snippet' do
|
desc 'Get the user agent details for a project snippet' do
|
||||||
success Entities::UserAgentDetail
|
success Entities::UserAgentDetail
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[project_snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
requires :snippet_id, type: Integer, desc: 'The ID of a project snippet'
|
||||||
|
|
|
@ -28,6 +28,11 @@ module API
|
||||||
desc 'Get a snippets list for an authenticated user' do
|
desc 'Get a snippets list for an authenticated user' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::Snippet
|
success Entities::Snippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
|
is_array true
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
||||||
|
@ -45,6 +50,11 @@ module API
|
||||||
desc 'List all public personal snippets current_user has access to' do
|
desc 'List all public personal snippets current_user has access to' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::PersonalSnippet
|
success Entities::PersonalSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
|
is_array true
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
optional :created_after, type: DateTime, desc: 'Return snippets created after the specified time'
|
||||||
|
@ -62,6 +72,10 @@ module API
|
||||||
desc 'Get a single snippet' do
|
desc 'Get a single snippet' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::PersonalSnippet
|
success Entities::PersonalSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||||
|
@ -77,6 +91,12 @@ module API
|
||||||
desc 'Create new snippet' do
|
desc 'Create new snippet' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::PersonalSnippet
|
success Entities::PersonalSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' },
|
||||||
|
{ code: 422, message: 'Unprocessable entity' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :title, type: String, allow_blank: false, desc: 'The title of a snippet'
|
requires :title, type: String, allow_blank: false, desc: 'The title of a snippet'
|
||||||
|
@ -110,6 +130,12 @@ module API
|
||||||
desc 'Update an existing snippet' do
|
desc 'Update an existing snippet' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::PersonalSnippet
|
success Entities::PersonalSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' },
|
||||||
|
{ code: 422, message: 'Unprocessable entity' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
|
|
||||||
params do
|
params do
|
||||||
|
@ -154,6 +180,11 @@ module API
|
||||||
desc 'Remove snippet' do
|
desc 'Remove snippet' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
success Entities::PersonalSnippet
|
success Entities::PersonalSnippet
|
||||||
|
failure [
|
||||||
|
{ code: 400, message: 'Validation error' },
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||||
|
@ -178,6 +209,10 @@ module API
|
||||||
|
|
||||||
desc 'Get a raw snippet' do
|
desc 'Get a raw snippet' do
|
||||||
detail 'This feature was introduced in GitLab 8.15.'
|
detail 'This feature was introduced in GitLab 8.15.'
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||||
|
@ -189,7 +224,12 @@ module API
|
||||||
present content_for(snippet)
|
present content_for(snippet)
|
||||||
end
|
end
|
||||||
|
|
||||||
desc 'Get raw snippet file contents from the repository'
|
desc 'Get raw snippet file contents from the repository' do
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
|
end
|
||||||
params do
|
params do
|
||||||
use :raw_file_params
|
use :raw_file_params
|
||||||
end
|
end
|
||||||
|
@ -202,6 +242,10 @@ module API
|
||||||
|
|
||||||
desc 'Get the user agent details for a snippet' do
|
desc 'Get the user agent details for a snippet' do
|
||||||
success Entities::UserAgentDetail
|
success Entities::UserAgentDetail
|
||||||
|
failure [
|
||||||
|
{ code: 404, message: 'Not found' }
|
||||||
|
]
|
||||||
|
tags %w[snippets]
|
||||||
end
|
end
|
||||||
params do
|
params do
|
||||||
requires :id, type: Integer, desc: 'The ID of a snippet'
|
requires :id, type: Integer, desc: 'The ID of a snippet'
|
||||||
|
|
|
@ -212,8 +212,8 @@ RSpec.describe GitlabSchema.types['Project'] do
|
||||||
|
|
||||||
it "returns the project's sast configuration for analyzer variables" do
|
it "returns the project's sast configuration for analyzer variables" do
|
||||||
analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first
|
analyzer = subject.dig('data', 'project', 'sastCiConfiguration', 'analyzers', 'nodes').first
|
||||||
expect(analyzer['name']).to eq('bandit')
|
expect(analyzer['name']).to eq('brakeman')
|
||||||
expect(analyzer['label']).to eq('Bandit')
|
expect(analyzer['label']).to eq('Brakeman')
|
||||||
expect(analyzer['enabled']).to eq(true)
|
expect(analyzer['enabled']).to eq(true)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -11,9 +11,9 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
||||||
let(:sast_excluded_paths) { configuration['global'][1] }
|
let(:sast_excluded_paths) { configuration['global'][1] }
|
||||||
let(:sast_pipeline_stage) { configuration['pipeline'][0] }
|
let(:sast_pipeline_stage) { configuration['pipeline'][0] }
|
||||||
let(:sast_search_max_depth) { configuration['pipeline'][1] }
|
let(:sast_search_max_depth) { configuration['pipeline'][1] }
|
||||||
let(:bandit) { configuration['analyzers'][0] }
|
let(:brakeman) { configuration['analyzers'][0] }
|
||||||
let(:brakeman) { configuration['analyzers'][1] }
|
|
||||||
let(:sast_brakeman_level) { brakeman['variables'][0] }
|
let(:sast_brakeman_level) { brakeman['variables'][0] }
|
||||||
|
let(:semgrep) { configuration['analyzers'][1] }
|
||||||
let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
|
let(:secure_analyzers_prefix) { '$CI_TEMPLATE_REGISTRY_HOST/security-products' }
|
||||||
|
|
||||||
it 'parses the configuration for SAST' do
|
it 'parses the configuration for SAST' do
|
||||||
|
@ -34,7 +34,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
||||||
expect(sast_pipeline_stage['value']).to eql('our_custom_security_stage')
|
expect(sast_pipeline_stage['value']).to eql('our_custom_security_stage')
|
||||||
expect(sast_search_max_depth['value']).to eql('8')
|
expect(sast_search_max_depth['value']).to eql('8')
|
||||||
expect(brakeman['enabled']).to be(false)
|
expect(brakeman['enabled']).to be(false)
|
||||||
expect(bandit['enabled']).to be(true)
|
expect(semgrep['enabled']).to be(true)
|
||||||
expect(sast_brakeman_level['value']).to eql('2')
|
expect(sast_brakeman_level['value']).to eql('2')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -43,7 +43,7 @@ RSpec.describe Security::CiConfiguration::SastParserService do
|
||||||
allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_excluded_analyzers_content)
|
allow(project.repository).to receive(:blob_data_at).and_return(gitlab_ci_yml_excluded_analyzers_content)
|
||||||
|
|
||||||
expect(brakeman['enabled']).to be(false)
|
expect(brakeman['enabled']).to be(false)
|
||||||
expect(bandit['enabled']).to be(true)
|
expect(semgrep['enabled']).to be(true)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
module gitlab.com/gitlab-org/gitlab/workhorse
|
module gitlab.com/gitlab-org/gitlab/workhorse
|
||||||
|
|
||||||
go 1.17
|
go 1.18
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/Azure/azure-storage-blob-go v0.14.0
|
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
|
||||||
github.com/BurntSushi/toml v1.2.1
|
github.com/BurntSushi/toml v1.2.1
|
||||||
github.com/FZambia/sentinel v1.1.1
|
github.com/FZambia/sentinel v1.1.1
|
||||||
github.com/alecthomas/chroma/v2 v2.3.0
|
github.com/alecthomas/chroma/v2 v2.3.0
|
||||||
|
@ -29,11 +29,11 @@ require (
|
||||||
gitlab.com/gitlab-org/gitaly/v15 v15.5.1
|
gitlab.com/gitlab-org/gitaly/v15 v15.5.1
|
||||||
gitlab.com/gitlab-org/golang-archive-zip v0.1.1
|
gitlab.com/gitlab-org/golang-archive-zip v0.1.1
|
||||||
gitlab.com/gitlab-org/labkit v1.16.1
|
gitlab.com/gitlab-org/labkit v1.16.1
|
||||||
gocloud.dev v0.26.0
|
gocloud.dev v0.27.0
|
||||||
golang.org/x/image v0.0.0-20220722155232-062f8c9fd539
|
golang.org/x/image v0.0.0-20220722155232-062f8c9fd539
|
||||||
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
|
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
|
||||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b
|
golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b
|
||||||
golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a
|
golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c
|
||||||
golang.org/x/tools v0.1.12
|
golang.org/x/tools v0.1.12
|
||||||
google.golang.org/grpc v1.50.1
|
google.golang.org/grpc v1.50.1
|
||||||
google.golang.org/protobuf v1.28.1
|
google.golang.org/protobuf v1.28.1
|
||||||
|
@ -41,24 +41,23 @@ require (
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
cloud.google.com/go v0.100.2 // indirect
|
cloud.google.com/go v0.103.0 // indirect
|
||||||
cloud.google.com/go/compute v1.5.0 // indirect
|
cloud.google.com/go/compute v1.7.0 // indirect
|
||||||
cloud.google.com/go/iam v0.3.0 // indirect
|
cloud.google.com/go/iam v0.3.0 // indirect
|
||||||
cloud.google.com/go/monitoring v1.4.0 // indirect
|
cloud.google.com/go/monitoring v1.5.0 // indirect
|
||||||
cloud.google.com/go/profiler v0.1.0 // indirect
|
cloud.google.com/go/profiler v0.1.0 // indirect
|
||||||
cloud.google.com/go/storage v1.21.0 // indirect
|
cloud.google.com/go/storage v1.24.0 // indirect
|
||||||
cloud.google.com/go/trace v1.2.0 // indirect
|
cloud.google.com/go/trace v1.2.0 // indirect
|
||||||
contrib.go.opencensus.io/exporter/stackdriver v0.13.10 // indirect
|
contrib.go.opencensus.io/exporter/stackdriver v0.13.13 // indirect
|
||||||
github.com/Azure/azure-pipeline-go v0.2.3 // indirect
|
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.1.1 // indirect
|
||||||
|
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0 // indirect
|
||||||
|
github.com/Azure/azure-sdk-for-go/sdk/internal v1.0.0 // indirect
|
||||||
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
|
||||||
github.com/Azure/go-autorest/autorest v0.11.22 // indirect
|
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
|
||||||
github.com/Azure/go-autorest/autorest/adal v0.9.17 // indirect
|
github.com/AzureAD/microsoft-authentication-library-for-go v0.4.0 // indirect
|
||||||
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
|
|
||||||
github.com/Azure/go-autorest/logger v0.2.1 // indirect
|
|
||||||
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
|
|
||||||
github.com/DataDog/datadog-go v4.4.0+incompatible // indirect
|
github.com/DataDog/datadog-go v4.4.0+incompatible // indirect
|
||||||
github.com/DataDog/sketches-go v1.0.0 // indirect
|
github.com/DataDog/sketches-go v1.0.0 // indirect
|
||||||
github.com/Microsoft/go-winio v0.5.0 // indirect
|
github.com/Microsoft/go-winio v0.5.1 // indirect
|
||||||
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
|
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
|
||||||
github.com/beevik/ntp v0.3.0 // indirect
|
github.com/beevik/ntp v0.3.0 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
|
@ -70,30 +69,33 @@ require (
|
||||||
github.com/dlclark/regexp2 v1.4.0 // indirect
|
github.com/dlclark/regexp2 v1.4.0 // indirect
|
||||||
github.com/go-ole/go-ole v1.2.4 // indirect
|
github.com/go-ole/go-ole v1.2.4 // indirect
|
||||||
github.com/gogo/protobuf v1.3.2 // indirect
|
github.com/gogo/protobuf v1.3.2 // indirect
|
||||||
|
github.com/golang-jwt/jwt v3.2.1+incompatible // indirect
|
||||||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
||||||
github.com/google/go-cmp v0.5.9 // indirect
|
github.com/google/go-cmp v0.5.9 // indirect
|
||||||
github.com/google/pprof v0.0.0-20210804190019-f964ff605595 // indirect
|
github.com/google/pprof v0.0.0-20220608213341-c488b8fa1db3 // indirect
|
||||||
github.com/google/uuid v1.3.0 // indirect
|
github.com/google/uuid v1.3.0 // indirect
|
||||||
github.com/google/wire v0.5.0 // indirect
|
github.com/google/wire v0.5.0 // indirect
|
||||||
github.com/googleapis/gax-go/v2 v2.2.0 // indirect
|
github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
|
||||||
|
github.com/googleapis/gax-go/v2 v2.4.0 // indirect
|
||||||
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
|
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 // indirect
|
||||||
github.com/hashicorp/yamux v0.1.1 // indirect
|
github.com/hashicorp/yamux v0.1.1 // indirect
|
||||||
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
github.com/jmespath/go-jmespath v0.4.0 // indirect
|
||||||
github.com/jtolds/gls v4.20.0+incompatible // indirect
|
github.com/jtolds/gls v4.20.0+incompatible // indirect
|
||||||
github.com/kr/text v0.2.0 // indirect
|
github.com/kylelemons/godebug v1.1.0 // indirect
|
||||||
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20210210170715-a8dfcb80d3a7 // indirect
|
github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20210210170715-a8dfcb80d3a7 // indirect
|
||||||
github.com/lightstep/lightstep-tracer-go v0.25.0 // indirect
|
github.com/lightstep/lightstep-tracer-go v0.25.0 // indirect
|
||||||
github.com/mattn/go-ieproxy v0.0.6 // indirect
|
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
|
||||||
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
|
|
||||||
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
github.com/mitchellh/reflectwalk v1.0.2 // indirect
|
||||||
github.com/oklog/ulid/v2 v2.0.2 // indirect
|
github.com/oklog/ulid/v2 v2.0.2 // indirect
|
||||||
github.com/opentracing/opentracing-go v1.2.0 // indirect
|
github.com/opentracing/opentracing-go v1.2.0 // indirect
|
||||||
github.com/philhofer/fwd v1.1.1 // indirect
|
github.com/philhofer/fwd v1.1.1 // indirect
|
||||||
|
github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect
|
||||||
github.com/pkg/errors v0.9.1 // indirect
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||||
github.com/prometheus/client_model v0.2.0 // indirect
|
github.com/prometheus/client_model v0.2.0 // indirect
|
||||||
github.com/prometheus/common v0.37.0 // indirect
|
github.com/prometheus/common v0.37.0 // indirect
|
||||||
github.com/prometheus/procfs v0.8.0 // indirect
|
github.com/prometheus/procfs v0.8.0 // indirect
|
||||||
|
github.com/prometheus/prometheus v0.37.0 // indirect
|
||||||
github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
|
github.com/ryszard/goskiplist v0.0.0-20150312221310-2dfbae5fcf46 // indirect
|
||||||
github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
|
github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 // indirect
|
||||||
github.com/shirou/gopsutil/v3 v3.21.2 // indirect
|
github.com/shirou/gopsutil/v3 v3.21.2 // indirect
|
||||||
|
@ -109,13 +111,13 @@ require (
|
||||||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
|
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
|
||||||
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
|
||||||
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
|
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
|
||||||
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
|
golang.org/x/sys v0.0.0-20220731174439-a90be440212d // indirect
|
||||||
golang.org/x/text v0.3.8 // indirect
|
golang.org/x/text v0.3.8 // indirect
|
||||||
golang.org/x/time v0.0.0-20220609170525-579cf78fd858 // indirect
|
golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
|
||||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
|
||||||
google.golang.org/api v0.74.0 // indirect
|
google.golang.org/api v0.91.0 // indirect
|
||||||
google.golang.org/appengine v1.6.7 // indirect
|
google.golang.org/appengine v1.6.7 // indirect
|
||||||
google.golang.org/genproto v0.0.0-20220401170504-314d38edb7de // indirect
|
google.golang.org/genproto v0.0.0-20220802133213-ce4fa296bf78 // indirect
|
||||||
gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect
|
gopkg.in/DataDog/dd-trace-go.v1 v1.32.0 // indirect
|
||||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||||
)
|
)
|
||||||
|
|
1554
workhorse/go.sum
1554
workhorse/go.sum
File diff suppressed because it is too large
Load Diff
|
@ -10,7 +10,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/Azure/azure-storage-blob-go/azblob"
|
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
|
||||||
"github.com/BurntSushi/toml"
|
"github.com/BurntSushi/toml"
|
||||||
"gocloud.dev/blob"
|
"gocloud.dev/blob"
|
||||||
"gocloud.dev/blob/azureblob"
|
"gocloud.dev/blob/azureblob"
|
||||||
|
@ -174,18 +174,21 @@ func (c *Config) RegisterGoCloudURLOpeners() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (creds *AzureCredentials) getURLOpener() (*azureblob.URLOpener, error) {
|
func (creds *AzureCredentials) getURLOpener() (*azureblob.URLOpener, error) {
|
||||||
accountName := azureblob.AccountName(creds.AccountName)
|
serviceURLOptions := azureblob.ServiceURLOptions{
|
||||||
accountKey := azureblob.AccountKey(creds.AccountKey)
|
AccountName: creds.AccountName,
|
||||||
|
}
|
||||||
|
|
||||||
credential, err := azureblob.NewCredential(accountName, accountKey)
|
clientFunc := func(svcURL azureblob.ServiceURL) (*azblob.ServiceClient, error) {
|
||||||
|
sharedKeyCred, err := azblob.NewSharedKeyCredential(creds.AccountName, creds.AccountKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("error creating Azure credentials: %w", err)
|
return nil, fmt.Errorf("error creating Azure credentials: %w", err)
|
||||||
}
|
}
|
||||||
|
return azblob.NewServiceClientWithSharedKey(string(svcURL), sharedKeyCred, &azblob.ClientOptions{})
|
||||||
|
}
|
||||||
|
|
||||||
return &azureblob.URLOpener{
|
return &azureblob.URLOpener{
|
||||||
AccountName: accountName,
|
MakeClient: clientFunc,
|
||||||
Pipeline: azureblob.NewPipeline(credential, azblob.PipelineOptions{}),
|
ServiceURLOptions: serviceURLOptions,
|
||||||
Options: azureblob.Options{Credential: credential},
|
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue