diff --git a/app/graphql/types/notes/diff_position_input_type.rb b/app/graphql/types/notes/diff_position_input_type.rb
index ad9fe028dfd..ccde4188f29 100644
--- a/app/graphql/types/notes/diff_position_input_type.rb
+++ b/app/graphql/types/notes/diff_position_input_type.rb
@@ -6,9 +6,9 @@ module Types
graphql_name 'DiffPositionInput'
argument :new_line, GraphQL::Types::Int, required: false,
- description: copy_field_description(Types::Notes::DiffPositionType, :new_line)
+ description: "#{copy_field_description(Types::Notes::DiffPositionType, :new_line)} Please see the [REST API Documentation](https://docs.gitlab.com/ee/api/discussions.html#create-a-new-thread-in-the-merge-request-diff) for more information on how to use this field."
argument :old_line, GraphQL::Types::Int, required: false,
- description: copy_field_description(Types::Notes::DiffPositionType, :old_line)
+ description: "#{copy_field_description(Types::Notes::DiffPositionType, :old_line)} Please see the [REST API Documentation](https://docs.gitlab.com/ee/api/discussions.html#create-a-new-thread-in-the-merge-request-diff) for more information on how to use this field."
end
end
end
diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb
index 2150729cb2a..877785c9eaf 100644
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -61,7 +61,7 @@ module LabelsHelper
render_label_text(
label.name,
suffix: suffix,
- css_class: "gl-label-text #{text_color_class_for_bg(label.color)}",
+ css_class: "gl-label-text #{label.text_color_class}",
bg_color: label.color
)
end
@@ -114,30 +114,8 @@ module LabelsHelper
end
end
- def text_color_class_for_bg(bg_color)
- if light_color?(bg_color)
- 'gl-label-text-dark'
- else
- 'gl-label-text-light'
- end
- end
-
def text_color_for_bg(bg_color)
- if light_color?(bg_color)
- '#333333'
- else
- '#FFFFFF'
- end
- end
-
- def light_color?(color)
- if color.length == 4
- r, g, b = color[1, 4].scan(/./).map { |v| (v * 2).hex }
- else
- r, g, b = color[1, 7].scan(/.{2}/).map(&:hex)
- end
-
- (r + g + b) > 500
+ ::Gitlab::Color.of(bg_color).contrast
end
def labels_filter_path_with_defaults(only_group_labels: false, include_ancestor_groups: true, include_descendant_groups: false)
diff --git a/app/models/integration.rb b/app/models/integration.rb
index e64fff2d811..fd78649e372 100644
--- a/app/models/integration.rb
+++ b/app/models/integration.rb
@@ -49,6 +49,16 @@ class Integration < ApplicationRecord
serialize :properties, JSON # rubocop:disable Cop/ActiveRecordSerialize
+ attr_encrypted :encrypted_properties_tmp,
+ attribute: :encrypted_properties,
+ mode: :per_attribute_iv,
+ key: Settings.attr_encrypted_db_key_base_32,
+ algorithm: 'aes-256-gcm',
+ marshal: true,
+ marshaler: ::Gitlab::Json,
+ encode: false,
+ encode_iv: false
+
alias_attribute :type, :type_new
default_value_for :active, false
@@ -67,6 +77,8 @@ class Integration < ApplicationRecord
default_value_for :wiki_page_events, true
after_initialize :initialize_properties
+ after_initialize :copy_properties_to_encrypted_properties
+ before_save :copy_properties_to_encrypted_properties
after_commit :reset_updated_properties
@@ -123,8 +135,10 @@ class Integration < ApplicationRecord
def #{arg}=(value)
self.properties ||= {}
+ self.encrypted_properties_tmp = properties
updated_properties['#{arg}'] = #{arg} unless #{arg}_changed?
self.properties['#{arg}'] = value
+ self.encrypted_properties_tmp['#{arg}'] = value
end
def #{arg}_changed?
@@ -354,6 +368,12 @@ class Integration < ApplicationRecord
self.properties = {} if has_attribute?(:properties) && properties.nil?
end
+ def copy_properties_to_encrypted_properties
+ self.encrypted_properties_tmp = properties
+ rescue ActiveModel::MissingAttributeError
+ # ignore - in a record built from using a restricted select list
+ end
+
def title
# implement inside child
end
@@ -394,7 +414,21 @@ class Integration < ApplicationRecord
# return a hash of columns => values suitable for passing to insert_all
def to_integration_hash
column = self.class.attribute_aliases.fetch('type', 'type')
- as_json(except: %w[id instance project_id group_id]).merge(column => type)
+ copy_properties_to_encrypted_properties
+
+ as_json(except: %w[id instance project_id group_id encrypted_properties_tmp])
+ .merge(column => type)
+ .merge(reencrypt_properties)
+ end
+
+ def reencrypt_properties
+ unless properties.nil? || properties.empty?
+ alg = self.class.encrypted_attributes[:encrypted_properties_tmp][:algorithm]
+ iv = generate_iv(alg)
+ ep = self.class.encrypt(:encrypted_properties_tmp, properties, { iv: iv })
+ end
+
+ { 'encrypted_properties' => ep, 'encrypted_properties_iv' => iv }
end
def to_data_fields_hash
diff --git a/app/models/label.rb b/app/models/label.rb
index 0ebbb5b9bd3..b08b5bd63d5 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -12,8 +12,9 @@ class Label < ApplicationRecord
cache_markdown_field :description, pipeline: :single_line
- DEFAULT_COLOR = '#6699cc'
+ DEFAULT_COLOR = ::Gitlab::Color.of('#6699cc')
+ attribute :color, ::Gitlab::Database::Type::Color.new
default_value_for :color, DEFAULT_COLOR
has_many :lists, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent
@@ -22,9 +23,9 @@ class Label < ApplicationRecord
has_many :issues, through: :label_links, source: :target, source_type: 'Issue'
has_many :merge_requests, through: :label_links, source: :target, source_type: 'MergeRequest'
- before_validation :strip_whitespace_from_title_and_color
+ before_validation :strip_whitespace_from_title
- validates :color, color: true, allow_blank: false
+ validates :color, color: true, presence: true
# Don't allow ',' for label titles
validates :title, presence: true, format: { with: /\A[^,]+\z/ }
@@ -212,7 +213,7 @@ class Label < ApplicationRecord
end
def text_color
- LabelsHelper.text_color_for_bg(self.color)
+ color.contrast
end
def title=(value)
@@ -285,8 +286,8 @@ class Label < ApplicationRecord
CGI.unescapeHTML(Sanitize.clean(value.to_s))
end
- def strip_whitespace_from_title_and_color
- %w(color title).each { |attr| self[attr] = self[attr]&.strip }
+ def strip_whitespace_from_title
+ self[:title] = title&.strip
end
end
diff --git a/app/models/namespaces/traversal/linear_scopes.rb b/app/models/namespaces/traversal/linear_scopes.rb
index 09d69a5f77a..0cac4c9143a 100644
--- a/app/models/namespaces/traversal/linear_scopes.rb
+++ b/app/models/namespaces/traversal/linear_scopes.rb
@@ -126,36 +126,26 @@ module Namespaces
end
def self_and_descendants_with_comparison_operators(include_self: true)
- base = all.select(
- :traversal_ids,
- 'LEAD (namespaces.traversal_ids, 1) OVER (ORDER BY namespaces.traversal_ids ASC) next_traversal_ids'
- )
+ base = all.select(:traversal_ids)
base_cte = Gitlab::SQL::CTE.new(:descendants_base_cte, base)
namespaces = Arel::Table.new(:namespaces)
# Bound the search space to ourselves (optional) and descendants.
#
- # WHERE (base_cte.next_traversal_ids IS NULL OR base_cte.next_traversal_ids > namespaces.traversal_ids)
- # AND next_traversal_ids_sibling(base_cte.traversal_ids) > namespaces.traversal_ids
+ # WHERE next_traversal_ids_sibling(base_cte.traversal_ids) > namespaces.traversal_ids
records = unscoped
+ .distinct
+ .with(base_cte.to_arel)
.from([base_cte.table, namespaces])
- .where(base_cte.table[:next_traversal_ids].eq(nil).or(base_cte.table[:next_traversal_ids].gt(namespaces[:traversal_ids])))
.where(next_sibling_func(base_cte.table[:traversal_ids]).gt(namespaces[:traversal_ids]))
# AND base_cte.traversal_ids <= namespaces.traversal_ids
- records = if include_self
- records.where(base_cte.table[:traversal_ids].lteq(namespaces[:traversal_ids]))
- else
- records.where(base_cte.table[:traversal_ids].lt(namespaces[:traversal_ids]))
- end
-
- records_cte = Gitlab::SQL::CTE.new(:descendants_cte, records)
-
- unscoped
- .unscope(where: [:type])
- .with(base_cte.to_arel, records_cte.to_arel)
- .from(records_cte.alias_to(namespaces))
+ if include_self
+ records.where(base_cte.table[:traversal_ids].lteq(namespaces[:traversal_ids]))
+ else
+ records.where(base_cte.table[:traversal_ids].lt(namespaces[:traversal_ids]))
+ end
end
def next_sibling_func(*args)
diff --git a/app/presenters/label_presenter.rb b/app/presenters/label_presenter.rb
index 8d604f9a0f6..6929bf79fdf 100644
--- a/app/presenters/label_presenter.rb
+++ b/app/presenters/label_presenter.rb
@@ -14,6 +14,10 @@ class LabelPresenter < Gitlab::View::Presenter::Delegated
end
end
+ def text_color_class
+ "gl-label-text-#{label.color.contrast.luminosity}"
+ end
+
def destroy_path
case label
when GroupLabel then group_label_path(label.group, label)
diff --git a/app/serializers/analytics/cycle_analytics/stage_entity.rb b/app/serializers/analytics/cycle_analytics/stage_entity.rb
index cfbf6f60e38..ac19998e90e 100644
--- a/app/serializers/analytics/cycle_analytics/stage_entity.rb
+++ b/app/serializers/analytics/cycle_analytics/stage_entity.rb
@@ -57,7 +57,8 @@ module Analytics
def html_description(event)
options = {}
if event.label_based?
- options[:label_html] = render_label(event.label, link: '', small: true, tooltip: true)
+ label = event.label.present
+ options[:label_html] = render_label(label, link: '', small: true, tooltip: true)
end
content_tag(:p) { event.html_description(options).html_safe }
diff --git a/app/serializers/label_entity.rb b/app/serializers/label_entity.rb
index e586d7f8407..5785715390f 100644
--- a/app/serializers/label_entity.rb
+++ b/app/serializers/label_entity.rb
@@ -4,7 +4,9 @@ class LabelEntity < Grape::Entity
expose :id
expose :title
- expose :color
+ expose :color do |label|
+ label.color.to_s
+ end
expose :description
expose :group_id
expose :project_id
diff --git a/app/services/labels/base_service.rb b/app/services/labels/base_service.rb
index ead7f2ea607..f694e6d47a0 100644
--- a/app/services/labels/base_service.rb
+++ b/app/services/labels/base_service.rb
@@ -2,162 +2,8 @@
module Labels
class BaseService < ::BaseService
- COLOR_NAME_TO_HEX = {
- black: '#000000',
- silver: '#C0C0C0',
- gray: '#808080',
- white: '#FFFFFF',
- maroon: '#800000',
- red: '#FF0000',
- purple: '#800080',
- fuchsia: '#FF00FF',
- green: '#008000',
- lime: '#00FF00',
- olive: '#808000',
- yellow: '#FFFF00',
- navy: '#000080',
- blue: '#0000FF',
- teal: '#008080',
- aqua: '#00FFFF',
- orange: '#FFA500',
- aliceblue: '#F0F8FF',
- antiquewhite: '#FAEBD7',
- aquamarine: '#7FFFD4',
- azure: '#F0FFFF',
- beige: '#F5F5DC',
- bisque: '#FFE4C4',
- blanchedalmond: '#FFEBCD',
- blueviolet: '#8A2BE2',
- brown: '#A52A2A',
- burlywood: '#DEB887',
- cadetblue: '#5F9EA0',
- chartreuse: '#7FFF00',
- chocolate: '#D2691E',
- coral: '#FF7F50',
- cornflowerblue: '#6495ED',
- cornsilk: '#FFF8DC',
- crimson: '#DC143C',
- darkblue: '#00008B',
- darkcyan: '#008B8B',
- darkgoldenrod: '#B8860B',
- darkgray: '#A9A9A9',
- darkgreen: '#006400',
- darkgrey: '#A9A9A9',
- darkkhaki: '#BDB76B',
- darkmagenta: '#8B008B',
- darkolivegreen: '#556B2F',
- darkorange: '#FF8C00',
- darkorchid: '#9932CC',
- darkred: '#8B0000',
- darksalmon: '#E9967A',
- darkseagreen: '#8FBC8F',
- darkslateblue: '#483D8B',
- darkslategray: '#2F4F4F',
- darkslategrey: '#2F4F4F',
- darkturquoise: '#00CED1',
- darkviolet: '#9400D3',
- deeppink: '#FF1493',
- deepskyblue: '#00BFFF',
- dimgray: '#696969',
- dimgrey: '#696969',
- dodgerblue: '#1E90FF',
- firebrick: '#B22222',
- floralwhite: '#FFFAF0',
- forestgreen: '#228B22',
- gainsboro: '#DCDCDC',
- ghostwhite: '#F8F8FF',
- gold: '#FFD700',
- goldenrod: '#DAA520',
- greenyellow: '#ADFF2F',
- grey: '#808080',
- honeydew: '#F0FFF0',
- hotpink: '#FF69B4',
- indianred: '#CD5C5C',
- indigo: '#4B0082',
- ivory: '#FFFFF0',
- khaki: '#F0E68C',
- lavender: '#E6E6FA',
- lavenderblush: '#FFF0F5',
- lawngreen: '#7CFC00',
- lemonchiffon: '#FFFACD',
- lightblue: '#ADD8E6',
- lightcoral: '#F08080',
- lightcyan: '#E0FFFF',
- lightgoldenrodyellow: '#FAFAD2',
- lightgray: '#D3D3D3',
- lightgreen: '#90EE90',
- lightgrey: '#D3D3D3',
- lightpink: '#FFB6C1',
- lightsalmon: '#FFA07A',
- lightseagreen: '#20B2AA',
- lightskyblue: '#87CEFA',
- lightslategray: '#778899',
- lightslategrey: '#778899',
- lightsteelblue: '#B0C4DE',
- lightyellow: '#FFFFE0',
- limegreen: '#32CD32',
- linen: '#FAF0E6',
- mediumaquamarine: '#66CDAA',
- mediumblue: '#0000CD',
- mediumorchid: '#BA55D3',
- mediumpurple: '#9370DB',
- mediumseagreen: '#3CB371',
- mediumslateblue: '#7B68EE',
- mediumspringgreen: '#00FA9A',
- mediumturquoise: '#48D1CC',
- mediumvioletred: '#C71585',
- midnightblue: '#191970',
- mintcream: '#F5FFFA',
- mistyrose: '#FFE4E1',
- moccasin: '#FFE4B5',
- navajowhite: '#FFDEAD',
- oldlace: '#FDF5E6',
- olivedrab: '#6B8E23',
- orangered: '#FF4500',
- orchid: '#DA70D6',
- palegoldenrod: '#EEE8AA',
- palegreen: '#98FB98',
- paleturquoise: '#AFEEEE',
- palevioletred: '#DB7093',
- papayawhip: '#FFEFD5',
- peachpuff: '#FFDAB9',
- peru: '#CD853F',
- pink: '#FFC0CB',
- plum: '#DDA0DD',
- powderblue: '#B0E0E6',
- rosybrown: '#BC8F8F',
- royalblue: '#4169E1',
- saddlebrown: '#8B4513',
- salmon: '#FA8072',
- sandybrown: '#F4A460',
- seagreen: '#2E8B57',
- seashell: '#FFF5EE',
- sienna: '#A0522D',
- skyblue: '#87CEEB',
- slateblue: '#6A5ACD',
- slategray: '#708090',
- slategrey: '#708090',
- snow: '#FFFAFA',
- springgreen: '#00FF7F',
- steelblue: '#4682B4',
- tan: '#D2B48C',
- thistle: '#D8BFD8',
- tomato: '#FF6347',
- turquoise: '#40E0D0',
- violet: '#EE82EE',
- wheat: '#F5DEB3',
- whitesmoke: '#F5F5F5',
- yellowgreen: '#9ACD32',
- rebeccapurple: '#663399'
- }.freeze
-
def convert_color_name_to_hex
- color = params[:color]
- color_name = color.strip.downcase
-
- return color if color_name.start_with?('#')
-
- COLOR_NAME_TO_HEX[color_name.to_sym] || color
+ ::Gitlab::Color.of(params[:color])
end
end
end
diff --git a/app/services/security/merge_reports_service.rb b/app/services/security/merge_reports_service.rb
index 5f6f98a3c39..a982ec7efe2 100644
--- a/app/services/security/merge_reports_service.rb
+++ b/app/services/security/merge_reports_service.rb
@@ -21,7 +21,10 @@ module Security
source_reports.first.type,
source_reports.first.pipeline,
source_reports.first.created_at
- ).tap { |report| report.errors = source_reports.flat_map(&:errors) }
+ ).tap do |report|
+ report.errors = source_reports.flat_map(&:errors)
+ report.warnings = source_reports.flat_map(&:warnings)
+ end
end
def copy_resources_to_target_report
diff --git a/app/validators/color_validator.rb b/app/validators/color_validator.rb
index 974dfbbf394..d108e4c5426 100644
--- a/app/validators/color_validator.rb
+++ b/app/validators/color_validator.rb
@@ -12,11 +12,13 @@
# end
#
class ColorValidator < ActiveModel::EachValidator
- PATTERN = /\A\#(?:[0-9A-Fa-f]{3}){1,2}\Z/.freeze
-
def validate_each(record, attribute, value)
- unless value =~ PATTERN
- record.errors.add(attribute, "must be a valid color code")
+ case value
+ when NilClass then return
+ when ::Gitlab::Color then return if value.valid?
+ when ::String then return if ::Gitlab::Color.new(value).valid?
end
+
+ record.errors.add(attribute, "must be a valid color code")
end
end
diff --git a/app/views/profiles/two_factor_auths/show.html.haml b/app/views/profiles/two_factor_auths/show.html.haml
index aae6212f964..67f24383b17 100644
--- a/app/views/profiles/two_factor_auths/show.html.haml
+++ b/app/views/profiles/two_factor_auths/show.html.haml
@@ -113,7 +113,7 @@
%span.gl-text-gray-500
= _("no name set")
%td= registration[:created_at].to_date.to_s(:medium)
- %td= link_to _('Delete'), registration[:delete_path], method: :delete, class: "gl-button btn btn-danger float-right", data: { confirm: _('Are you sure you want to delete this device? This action cannot be undone.') }
+ %td= link_to _('Delete'), registration[:delete_path], method: :delete, class: "gl-button btn btn-danger float-right", data: { confirm: _('Are you sure you want to delete this device? This action cannot be undone.'), confirm_btn_variant: "danger" }, aria: { label: _('Delete') }
- else
.settings-message.text-center
diff --git a/config/feature_flags/development/enforce_security_report_validation.yml b/config/feature_flags/development/show_report_validation_warnings.yml
similarity index 71%
rename from config/feature_flags/development/enforce_security_report_validation.yml
rename to config/feature_flags/development/show_report_validation_warnings.yml
index ada5863b4d7..b184deecc0b 100644
--- a/config/feature_flags/development/enforce_security_report_validation.yml
+++ b/config/feature_flags/development/show_report_validation_warnings.yml
@@ -1,8 +1,8 @@
---
-name: enforce_security_report_validation
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/79798
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/351000
-milestone: '14.8'
+name: show_report_validation_warnings
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/80930
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353125
+milestone: '14.9'
type: development
group: group::threat insights
default_enabled: false
diff --git a/db/migrate/20220204193000_add_integrations_encrypted_properties.rb b/db/migrate/20220204193000_add_integrations_encrypted_properties.rb
new file mode 100644
index 00000000000..7df88b68657
--- /dev/null
+++ b/db/migrate/20220204193000_add_integrations_encrypted_properties.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class AddIntegrationsEncryptedProperties < Gitlab::Database::Migration[1.0]
+ def change
+ add_column :integrations, :encrypted_properties, :binary
+ add_column :integrations, :encrypted_properties_iv, :binary
+ end
+end
diff --git a/db/post_migrate/20220204194347_encrypt_integration_properties.rb b/db/post_migrate/20220204194347_encrypt_integration_properties.rb
new file mode 100644
index 00000000000..82dd3a05e1d
--- /dev/null
+++ b/db/post_migrate/20220204194347_encrypt_integration_properties.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class EncryptIntegrationProperties < Gitlab::Database::Migration[1.0]
+ disable_ddl_transaction!
+ MIGRATION = 'EncryptIntegrationProperties'
+ BATCH_SIZE = 1_000
+ INTERVAL = 2.minutes.to_i
+
+ def up
+ queue_background_migration_jobs_by_range_at_intervals(
+ define_batchable_model('integrations').all,
+ MIGRATION,
+ INTERVAL,
+ track_jobs: true,
+ batch_size: BATCH_SIZE
+ )
+ end
+
+ def down
+ # this migration is not reversible
+ end
+end
diff --git a/db/schema_migrations/20220204193000 b/db/schema_migrations/20220204193000
new file mode 100644
index 00000000000..f0d16b9671c
--- /dev/null
+++ b/db/schema_migrations/20220204193000
@@ -0,0 +1 @@
+9d98618a1e9fd0474c45ac54420fc64a1d90ad77f36be594337e5b117fccdadb
\ No newline at end of file
diff --git a/db/schema_migrations/20220204194347 b/db/schema_migrations/20220204194347
new file mode 100644
index 00000000000..d506497e036
--- /dev/null
+++ b/db/schema_migrations/20220204194347
@@ -0,0 +1 @@
+1593e935601ae1f2ab788109687bb40bad026f3f425339a39c8d13d3e4c7e306
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 8437f9bb2b5..357e332ee39 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -16093,6 +16093,8 @@ CREATE TABLE integrations (
type_new text,
vulnerability_events boolean DEFAULT false NOT NULL,
archive_trace_events boolean DEFAULT false NOT NULL,
+ encrypted_properties bytea,
+ encrypted_properties_iv bytea,
CONSTRAINT check_a948a0aa7e CHECK ((char_length(type_new) <= 255))
);
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 33c45443f69..36c4465add5 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -15255,6 +15255,7 @@ Represents the security scan information.
| ---- | ---- | ----------- |
| `errors` | [`[String!]!`](#string) | List of errors. |
| `name` | [`String!`](#string) | Name of the scan. |
+| `warnings` | [`[String!]!`](#string) | List of warnings. |
### `ScanExecutionPolicy`
@@ -19814,8 +19815,8 @@ Input type for DastSiteProfile authentication.
| ---- | ---- | ----------- |
| `baseSha` | [`String`](#string) | Merge base of the branch the comment was made on. |
| `headSha` | [`String!`](#string) | SHA of the HEAD at the time the comment was made. |
-| `newLine` | [`Int`](#int) | Line on HEAD SHA that was changed. |
-| `oldLine` | [`Int`](#int) | Line on start SHA that was changed. |
+| `newLine` | [`Int`](#int) | Line on HEAD SHA that was changed. Please see the [REST API Documentation](https://docs.gitlab.com/ee/api/discussions.html#create-a-new-thread-in-the-merge-request-diff) for more information on how to use this field. |
+| `oldLine` | [`Int`](#int) | Line on start SHA that was changed. Please see the [REST API Documentation](https://docs.gitlab.com/ee/api/discussions.html#create-a-new-thread-in-the-merge-request-diff) for more information on how to use this field. |
| `paths` | [`DiffPathsInput!`](#diffpathsinput) | The paths of the file that was changed. Both of the properties of this input are optional, but at least one of them is required. |
| `startSha` | [`String!`](#string) | SHA of the branch being compared against. |
diff --git a/doc/development/secure_coding_guidelines.md b/doc/development/secure_coding_guidelines.md
index 8d77467d1b5..bc876667f8d 100644
--- a/doc/development/secure_coding_guidelines.md
+++ b/doc/development/secure_coding_guidelines.md
@@ -460,8 +460,7 @@ parameter when using `check_allowed_absolute_path!()`.
To use a combination of both checks, follow the example below:
```ruby
-path = Gitlab::Utils.check_path_traversal!(path)
-Gitlab::Utils.check_allowed_absolute_path!(path, path_allowlist)
+Gitlab::Utils.check_allowed_absolute_path_and_path_traversal!(path, path_allowlist)
```
In the REST API, we have the [`FilePath`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/lib/api/validations/validators/file_path.rb)
diff --git a/doc/security/two_factor_authentication.md b/doc/security/two_factor_authentication.md
index d0842ddb103..cab9f6a957e 100644
--- a/doc/security/two_factor_authentication.md
+++ b/doc/security/two_factor_authentication.md
@@ -33,10 +33,10 @@ To enable 2FA for all users:
If you want 2FA enforcement to take effect during the next sign-in attempt,
change the grace period to `0`.
-## Disable 2FA enforcement through rails console
+## Disable 2FA enforcement through Rails console
-Using the [rails console](../administration/operations/rails_console.md), enforcing 2FA for
-all user can be disabled. Connect to the rails console and run:
+Using the [Rails console](../administration/operations/rails_console.md), enforcing 2FA for
+all user can be disabled. Connect to the Rails console and run:
```ruby
Gitlab::CurrentSettings.update!('require_two_factor_authentication': false)
@@ -108,13 +108,10 @@ reactivate 2FA from scratch if they want to use it again.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/270554) in GitLab 13.7.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/299088) from GitLab Free to GitLab Premium in 13.9.
-> - It's [deployed behind a feature flag](../user/feature_flags.md), disabled by default.
-> - It's disabled on GitLab.com.
-> - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-2fa-for-git-operations).
+> - It's deployed behind a feature flag, disabled by default.
-WARNING:
-This feature might not be available to you. Check the **version history** note above for details.
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../administration/feature_flags.md) named `two_factor_for_cli`. On GitLab.com, this feature is not available. The feature is not ready for production use. This feature flag also affects [session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
Two-factor authentication can be enforced for Git over SSH operations. However, we recommend using
[ED25519_SK](../ssh/index.md#ed25519_sk-ssh-keys) or [ECDSA_SK](../ssh/index.md#ecdsa_sk-ssh-keys) SSH keys instead.
@@ -135,30 +132,6 @@ After the OTP is verified, Git over SSH operations can be used for a session dur
Once an OTP is verified, anyone can run Git over SSH with that private SSH key for
the configured [session duration](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
-### Enable or disable 2FA for Git operations
-
-2FA for Git operations is under development and not
-ready for production use. It is deployed behind a feature flag that is
-**disabled by default**. [GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md)
-can enable it.
-
-To enable it:
-
-```ruby
-Feature.enable(:two_factor_for_cli)
-```
-
-To disable it:
-
-```ruby
-Feature.disable(:two_factor_for_cli)
-```
-
-The feature flag affects these features:
-
-- [Two-factor Authentication (2FA) for Git over SSH operations](#2fa-for-git-over-ssh-operations).
-- [Customize session duration for Git Operations when 2FA is enabled](../user/admin_area/settings/account_and_limit_settings.md#customize-session-duration-for-git-operations-when-2fa-is-enabled).
-