Add latest changes from gitlab-org/gitlab@master

This commit is contained in:
GitLab Bot 2022-10-12 21:10:34 +00:00
parent 41b2e83ad6
commit a9acc0c2fb
14 changed files with 287 additions and 22 deletions

View File

@ -0,0 +1,80 @@
---
Gitlab/ServiceResponse:
Details: grace period
Exclude:
- 'app/services/alert_management/metric_images/upload_service.rb'
- 'app/services/analytics/cycle_analytics/stages/base_service.rb'
- 'app/services/boards/lists/base_update_service.rb'
- 'app/services/branches/delete_service.rb'
- 'app/services/bulk_imports/create_service.rb'
- 'app/services/bulk_imports/export_service.rb'
- 'app/services/ci/build_cancel_service.rb'
- 'app/services/ci/build_erase_service.rb'
- 'app/services/ci/build_unschedule_service.rb'
- 'app/services/ci/prometheus_metrics/observe_histograms_service.rb'
- 'app/services/ci/retry_pipeline_service.rb'
- 'app/services/ci/runners/assign_runner_service.rb'
- 'app/services/ci/runners/register_runner_service.rb'
- 'app/services/concerns/alert_management/responses.rb'
- 'app/services/concerns/services/return_service_responses.rb'
- 'app/services/container_expiration_policies/update_service.rb'
- 'app/services/dependency_proxy/group_settings/update_service.rb'
- 'app/services/dependency_proxy/image_ttl_group_policies/update_service.rb'
- 'app/services/groups/update_statistics_service.rb'
- 'app/services/incident_management/pager_duty/create_incident_issue_service.rb'
- 'app/services/incident_management/pager_duty/process_webhook_service.rb'
- 'app/services/issuable/bulk_update_service.rb'
- 'app/services/jira_import/start_import_service.rb'
- 'app/services/namespaces/package_settings/update_service.rb'
- 'app/services/packages/debian/create_distribution_service.rb'
- 'app/services/packages/mark_package_for_destruction_service.rb'
- 'app/services/packages/rubygems/dependency_resolver_service.rb'
- 'app/services/snippets/base_service.rb'
- 'app/services/snippets/bulk_destroy_service.rb'
- 'app/services/snippets/destroy_service.rb'
- 'app/services/snippets/repository_validation_service.rb'
- 'app/services/snippets/update_statistics_service.rb'
- 'app/services/timelogs/base_service.rb'
- 'app/services/work_items/create_and_link_service.rb'
- 'app/services/work_items/create_from_task_service.rb'
- 'app/services/work_items/delete_task_service.rb'
- 'ee/app/services/analytics/cycle_analytics/value_streams/create_service.rb'
- 'ee/app/services/app_sec/dast/profiles/destroy_service.rb'
- 'ee/app/services/app_sec/dast/scanner_profiles/destroy_service.rb'
- 'ee/app/services/app_sec/dast/scanner_profiles/update_service.rb'
- 'ee/app/services/app_sec/dast/site_profiles/destroy_service.rb'
- 'ee/app/services/ee/analytics/cycle_analytics/stages/base_service.rb'
- 'ee/app/services/ee/ci/retry_pipeline_service.rb'
- 'ee/app/services/external_status_checks/create_service.rb'
- 'ee/app/services/external_status_checks/destroy_service.rb'
- 'ee/app/services/external_status_checks/dispatch_service.rb'
- 'ee/app/services/external_status_checks/update_service.rb'
- 'ee/app/services/gitlab_subscriptions/create_trial_or_lead_service.rb'
- 'ee/app/services/group_saml/saml_group_links/create_service.rb'
- 'ee/app/services/iterations/cadences/create_iterations_in_advance_service.rb'
- 'ee/app/services/iterations/cadences/create_service.rb'
- 'ee/app/services/iterations/cadences/destroy_service.rb'
- 'ee/app/services/iterations/cadences/update_service.rb'
- 'ee/app/services/iterations/create_service.rb'
- 'ee/app/services/iterations/delete_service.rb'
- 'ee/app/services/iterations/roll_over_issues_service.rb'
- 'ee/app/services/iterations/update_service.rb'
- 'ee/app/services/security/findings/dismiss_service.rb'
- 'ee/app/services/vulnerabilities/finding_dismiss_service.rb'
- 'ee/app/services/vulnerability_issue_links/create_service.rb'
- 'ee/app/services/vulnerability_issue_links/delete_service.rb'
- 'ee/spec/graphql/mutations/security/finding/dismiss_spec.rb'
- 'spec/controllers/import/bulk_imports_controller_spec.rb'
- 'spec/controllers/import/fogbugz_controller_spec.rb'
- 'spec/controllers/projects/alerting/notifications_controller_spec.rb'
- 'spec/controllers/projects/pipelines_controller_spec.rb'
- 'spec/controllers/projects/prometheus/alerts_controller_spec.rb'
- 'spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb'
- 'spec/requests/api/ci/pipelines_spec.rb'
- 'spec/requests/api/ci/runner/runners_post_spec.rb'
- 'spec/requests/api/group_export_spec.rb'
- 'spec/requests/api/project_export_spec.rb'
- 'spec/requests/api/project_import_spec.rb'
- 'spec/requests/projects/incident_management/pagerduty_incidents_spec.rb'
- 'spec/services/bulk_imports/export_service_spec.rb'
- 'spec/support/shared_examples/requests/api/rubygems_packages_shared_examples.rb'

View File

@ -1,7 +1,7 @@
%p
Project #{@project.name} couldn't be exported.
= s_("Notify|Project %{project_name} couldn't be exported.") % {project_name: @project.name}
%p
The errors we encountered were:
= s_('Notify|The errors we encountered were:')
%ul
- @errors.each do |error|

View File

@ -0,0 +1,10 @@
# frozen_string_literal: true
class AddMrChecksColumnsToNamespaceSettings < Gitlab::Database::Migration[2.0]
def change
add_column :namespace_settings, :only_allow_merge_if_pipeline_succeeds, :boolean, default: false, null: false
add_column :namespace_settings, :allow_merge_on_skipped_pipeline, :boolean, default: false, null: false
add_column :namespace_settings, :only_allow_merge_if_all_discussions_are_resolved, \
:boolean, default: false, null: false
end
end

View File

@ -0,0 +1 @@
125ce9bf81966840774eb69be7995c1a8e2abd901fe5f19b73df43a577a9dc44

View File

@ -17925,6 +17925,9 @@ CREATE TABLE namespace_settings (
include_for_free_user_cap_preview boolean DEFAULT false NOT NULL,
unique_project_download_limit_allowlist text[] DEFAULT '{}'::text[] NOT NULL,
auto_ban_user_on_excessive_projects_download boolean DEFAULT false NOT NULL,
only_allow_merge_if_pipeline_succeeds boolean DEFAULT false NOT NULL,
allow_merge_on_skipped_pipeline boolean DEFAULT false NOT NULL,
only_allow_merge_if_all_discussions_are_resolved boolean DEFAULT false NOT NULL,
CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)),
CONSTRAINT namespace_settings_unique_project_download_limit_allowlist_size CHECK ((cardinality(unique_project_download_limit_allowlist) <= 100))
);

View File

@ -19,19 +19,23 @@ The Security Configuration page lists the following for the security testing and
- Whether or not it is available.
- A configuration button or a link to its configuration guide.
The status of each security control is determined by the following process:
To determine the status of each security control, GitLab checks for a [CI/CD pipeline](../../../ci/pipelines/index.md)
in the most recent commit on the default branch.
1. Check for a [CI pipeline](../../../ci/pipelines/index.md) in the most recent commit on the default branch.
1. If no CI pipelines exist, then consider all security scanners disabled. Show the **Not enabled** status.
1. If a pipeline is found, then inspect the CI YAML for each job in the CI/CD pipeline. If a
job in the pipeline defines an [`artifacts:reports` keyword](../../../ci/yaml/artifacts_reports.md)
for a security scanner, then consider the security scanner enabled. Show the **Enabled** status.
If GitLab finds a CI/CD pipeline, then it inspects each job in the `.gitlab-ci.yml` file.
- If a job defines an [`artifacts:reports` keyword](../../../ci/yaml/artifacts_reports.md)
for a security scanner, then GitLab considers the security scanner enabled and shows the **Enabled** status.
- If no jobs define an `artifacts:reports` keyword for a security scanner, then GitLab considers
the security scanner disabled and shows the **Not enabled** status.
If GitLab does not find a CI/CD pipeline, then it considers all security scanners disabled and shows the **Not enabled** status.
Failed pipelines and jobs are included in this process. If a scanner is configured but the job fails,
that scanner is still considered enabled. This process also determines the scanners and statuses
returned through [our API](../../../api/graphql/reference/index.md#securityscanners).
returned through the [API](../../../api/graphql/reference/index.md#securityscanners).
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
If the latest pipeline uses [Auto DevOps](../../../topics/autodevops/index.md),
all security features are configured by default.
To view a project's security configuration:

View File

@ -56,7 +56,9 @@ the following tables:
| GitLab analyzer | Outputs severity levels? | Native severity level type | Native severity level example |
|------------------------------------------------------------------------------------------|------------------------------|----------------------------|-------------------------------------|
| [`gemnasium`](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) | **{check-circle}** Yes | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
| [`gemnasium`](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) | **{check-circle}** Yes | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating <sup>1</sup> | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
1. The CVSS v3.1 rating is used to calculate the severity level. If it's not available, the CVSS v2.0 rating is used instead.
## Container Scanning

View File

@ -27509,6 +27509,9 @@ msgstr ""
msgid "Notify|Project %{old_path_with_namespace} was moved to another location."
msgstr ""
msgid "Notify|Project %{project_name} couldn't be exported."
msgstr ""
msgid "Notify|Project %{project_name} was exported successfully."
msgstr ""
@ -27530,6 +27533,9 @@ msgstr ""
msgid "Notify|The download link will expire in 24 hours."
msgstr ""
msgid "Notify|The errors we encountered were:"
msgstr ""
msgid "Notify|The project is now located under %{project_full_name_link_start}%{project_full_name}%{link_end}."
msgstr ""

View File

@ -0,0 +1,43 @@
# frozen_string_literal: true
require_relative '../../code_reuse_helpers'
module RuboCop
module Cop
module Gitlab
class ServiceResponse < ::RuboCop::Cop::Base
include CodeReuseHelpers
# This cop checks that ServiceResponse object is not used with the
# deprecated attribute `http_status`.
#
# @example
#
# # bad
# ServiceResponse.error(message: "...", http_status: :forbidden)
#
# # good
# ServiceResponse.error(message: "...", reason: :insufficient_permissions)
MSG = 'Use `reason` instead of the deprecated `http_status`: https://gitlab.com/gitlab-org/gitlab/-/issues/356036'
RESTRICT_ON_SEND = %i[error success new].freeze
METHOD_NAMES = RESTRICT_ON_SEND.map(&:inspect).join(' ').freeze
def_node_matcher :service_response_with_http_status, <<~PATTERN
(send
(const {nil? cbase} :ServiceResponse)
{#{METHOD_NAMES}}
(hash <$(pair (sym :http_status) _) ...>)
)
PATTERN
def on_send(node)
pair = service_response_with_http_status(node)
return unless pair
add_offense(pair)
end
end
end
end
end

View File

@ -0,0 +1,41 @@
# frozen_string_literal: true
require 'rubocop_spec_helper'
require_relative '../../../../rubocop/cop/gitlab/service_response'
RSpec.describe RuboCop::Cop::Gitlab::ServiceResponse do
subject(:cop) { described_class.new }
it 'does not flag the `http_status:` param on a homonym method' do
expect_no_offenses("MyClass.error(http_status: :ok)")
end
it 'does not flag calls without params' do
expect_no_offenses('ServiceResponse.error')
end
it 'does not flag the offense when `http_status` is not used' do
expect_no_offenses('ServiceResponse.error(message: "some error", reason: :bad_time)')
end
it 'flags the use of `http_status:` parameter in ServiceResponse in error' do
expect_offense(<<~CODE, msg: described_class::MSG)
ServiceResponse.error(message: "some error", http_status: :bad_request)
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
CODE
end
it 'flags the use of `http_status:` parameter in ServiceResponse in success' do
expect_offense(<<~CODE, msg: described_class::MSG)
ServiceResponse.success(message: "some error", http_status: :bad_request)
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
CODE
end
it 'flags the use of `http_status:` parameter in ServiceResponse in initializer' do
expect_offense(<<~CODE, msg: described_class::MSG)
ServiceResponse.new(message: "some error", http_status: :bad_request)
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
CODE
end
end

View File

@ -100,9 +100,11 @@ GEM
loofah (2.19.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mini_portile2 (2.8.0)
minitest (5.16.3)
multi_json (1.15.0)
nokogiri (1.13.8-x86_64-linux)
nokogiri (1.13.8)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
public_suffix (5.0.0)
racc (1.6.0)
@ -124,15 +126,16 @@ GEM
simplecov-rcov (0.3.1)
simplecov (>= 0.4.1)
simplecov_json_formatter (0.1.4)
sqlite3 (1.5.0-x86_64-linux)
sqlite3 (1.5.0)
mini_portile2 (~> 2.8.0)
stringex (1.5.1)
tzinfo (2.0.5)
concurrent-ruby (~> 1.0)
uuidtools (2.2.0)
zeitwerk (2.6.0)
zeitwerk (2.6.1)
PLATFORMS
x86_64-linux
ruby
DEPENDENCIES
actionpack (~> 6.1)
@ -149,4 +152,4 @@ DEPENDENCIES
sqlite3
BUNDLED WITH
2.3.19
2.3.22

View File

@ -21,6 +21,7 @@
{"name":"marcel","version":"1.0.2","platform":"ruby","checksum":"a013b677ef46cbcb49fd5c59b3d35803d2ee04dd75d8bfdc43533fc5a31f7e4e"},
{"name":"method_source","version":"1.0.0","platform":"ruby","checksum":"d779455a2b5666a079ce58577bfad8534f571af7cec8107f4dce328f0981dede"},
{"name":"mini_mime","version":"1.1.2","platform":"ruby","checksum":"a54aec0cc7438a03a850adb00daca2bdb60747f839e28186994df057cea87151"},
{"name":"mini_portile2","version":"2.8.0","platform":"ruby","checksum":"1e06b286ff19b73cfc9193cb3dd2bd80416f8262443564b25b23baea74a05765"},
{"name":"minitest","version":"5.16.2","platform":"ruby","checksum":"c1be0c6b57fab451faa08e74ffa71e7d6a259b90f4bacb881c7f4808ec8b4991"},
{"name":"nio4r","version":"2.5.8","platform":"java","checksum":"b2b1800f6bf7ce4b797ca8b639ad278a99c9c904fb087a91d944f38e4bd71401"},
{"name":"nio4r","version":"2.5.8","platform":"ruby","checksum":"3becb4ad95ab8ac0a9bd2e1b16466869402be62848082bf6329ae9091f276676"},

View File

@ -76,11 +76,11 @@ GEM
marcel (1.0.2)
method_source (1.0.0)
mini_mime (1.1.2)
mini_portile2 (2.8.0)
minitest (5.16.2)
nio4r (2.5.8)
nokogiri (1.13.8-arm64-darwin)
racc (~> 1.4)
nokogiri (1.13.8-x86_64-linux)
nokogiri (1.13.8)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
racc (1.6.0)
rack (2.2.4)
@ -129,11 +129,10 @@ GEM
zeitwerk (2.6.0)
PLATFORMS
arm64-darwin-21
x86_64-linux
ruby
DEPENDENCIES
rails (~> 6.1.6.1)
BUNDLED WITH
2.3.19
2.3.22

View File

@ -0,0 +1,72 @@
GEM
remote: https://rubygems.org/
specs:
ast (2.4.2)
faraday (2.5.2)
faraday-net_http (>= 2.0, < 3.1)
ruby2_keywords (>= 0.0.4)
faraday-net_http (3.0.0)
hashie (5.0.0)
json (2.6.2)
jwt (2.5.0)
multi_json (1.15.0)
multi_xml (0.6.0)
oauth2 (1.4.11)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_json (~> 1.3)
multi_xml (~> 0.5)
rack (>= 1.2, < 4)
omniauth (1.9.2)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
omniauth-google-oauth2 (0.8.2)
jwt (>= 2.0)
oauth2 (~> 1.1)
omniauth (~> 1.1)
omniauth-oauth2 (>= 1.6)
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
parallel (1.22.1)
parser (3.1.2.1)
ast (~> 2.4.1)
rack (1.6.13)
rack-protection (1.5.5)
rack
rainbow (3.1.1)
regexp_parser (2.6.0)
rexml (3.2.5)
rubocop (1.36.0)
json (~> 2.3)
parallel (~> 1.10)
parser (>= 3.1.2.1)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 1.8, < 3.0)
rexml (>= 3.2.5, < 4.0)
rubocop-ast (>= 1.20.1, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 3.0)
rubocop-ast (1.21.0)
parser (>= 3.1.1.0)
ruby-progressbar (1.11.0)
ruby2_keywords (0.0.5)
sinatra (1.4.8)
rack (~> 1.5)
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
tilt (2.0.11)
unicode-display_width (2.3.0)
webrick (1.7.0)
PLATFORMS
ruby
DEPENDENCIES
omniauth-google-oauth2 (~> 0.8.1)
rubocop
sinatra (~> 1.4)
webrick
BUNDLED WITH
2.3.22