Add latest changes from gitlab-org/gitlab@master
This commit is contained in:
parent
41b2e83ad6
commit
a9acc0c2fb
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
Gitlab/ServiceResponse:
|
||||
Details: grace period
|
||||
Exclude:
|
||||
- 'app/services/alert_management/metric_images/upload_service.rb'
|
||||
- 'app/services/analytics/cycle_analytics/stages/base_service.rb'
|
||||
- 'app/services/boards/lists/base_update_service.rb'
|
||||
- 'app/services/branches/delete_service.rb'
|
||||
- 'app/services/bulk_imports/create_service.rb'
|
||||
- 'app/services/bulk_imports/export_service.rb'
|
||||
- 'app/services/ci/build_cancel_service.rb'
|
||||
- 'app/services/ci/build_erase_service.rb'
|
||||
- 'app/services/ci/build_unschedule_service.rb'
|
||||
- 'app/services/ci/prometheus_metrics/observe_histograms_service.rb'
|
||||
- 'app/services/ci/retry_pipeline_service.rb'
|
||||
- 'app/services/ci/runners/assign_runner_service.rb'
|
||||
- 'app/services/ci/runners/register_runner_service.rb'
|
||||
- 'app/services/concerns/alert_management/responses.rb'
|
||||
- 'app/services/concerns/services/return_service_responses.rb'
|
||||
- 'app/services/container_expiration_policies/update_service.rb'
|
||||
- 'app/services/dependency_proxy/group_settings/update_service.rb'
|
||||
- 'app/services/dependency_proxy/image_ttl_group_policies/update_service.rb'
|
||||
- 'app/services/groups/update_statistics_service.rb'
|
||||
- 'app/services/incident_management/pager_duty/create_incident_issue_service.rb'
|
||||
- 'app/services/incident_management/pager_duty/process_webhook_service.rb'
|
||||
- 'app/services/issuable/bulk_update_service.rb'
|
||||
- 'app/services/jira_import/start_import_service.rb'
|
||||
- 'app/services/namespaces/package_settings/update_service.rb'
|
||||
- 'app/services/packages/debian/create_distribution_service.rb'
|
||||
- 'app/services/packages/mark_package_for_destruction_service.rb'
|
||||
- 'app/services/packages/rubygems/dependency_resolver_service.rb'
|
||||
- 'app/services/snippets/base_service.rb'
|
||||
- 'app/services/snippets/bulk_destroy_service.rb'
|
||||
- 'app/services/snippets/destroy_service.rb'
|
||||
- 'app/services/snippets/repository_validation_service.rb'
|
||||
- 'app/services/snippets/update_statistics_service.rb'
|
||||
- 'app/services/timelogs/base_service.rb'
|
||||
- 'app/services/work_items/create_and_link_service.rb'
|
||||
- 'app/services/work_items/create_from_task_service.rb'
|
||||
- 'app/services/work_items/delete_task_service.rb'
|
||||
- 'ee/app/services/analytics/cycle_analytics/value_streams/create_service.rb'
|
||||
- 'ee/app/services/app_sec/dast/profiles/destroy_service.rb'
|
||||
- 'ee/app/services/app_sec/dast/scanner_profiles/destroy_service.rb'
|
||||
- 'ee/app/services/app_sec/dast/scanner_profiles/update_service.rb'
|
||||
- 'ee/app/services/app_sec/dast/site_profiles/destroy_service.rb'
|
||||
- 'ee/app/services/ee/analytics/cycle_analytics/stages/base_service.rb'
|
||||
- 'ee/app/services/ee/ci/retry_pipeline_service.rb'
|
||||
- 'ee/app/services/external_status_checks/create_service.rb'
|
||||
- 'ee/app/services/external_status_checks/destroy_service.rb'
|
||||
- 'ee/app/services/external_status_checks/dispatch_service.rb'
|
||||
- 'ee/app/services/external_status_checks/update_service.rb'
|
||||
- 'ee/app/services/gitlab_subscriptions/create_trial_or_lead_service.rb'
|
||||
- 'ee/app/services/group_saml/saml_group_links/create_service.rb'
|
||||
- 'ee/app/services/iterations/cadences/create_iterations_in_advance_service.rb'
|
||||
- 'ee/app/services/iterations/cadences/create_service.rb'
|
||||
- 'ee/app/services/iterations/cadences/destroy_service.rb'
|
||||
- 'ee/app/services/iterations/cadences/update_service.rb'
|
||||
- 'ee/app/services/iterations/create_service.rb'
|
||||
- 'ee/app/services/iterations/delete_service.rb'
|
||||
- 'ee/app/services/iterations/roll_over_issues_service.rb'
|
||||
- 'ee/app/services/iterations/update_service.rb'
|
||||
- 'ee/app/services/security/findings/dismiss_service.rb'
|
||||
- 'ee/app/services/vulnerabilities/finding_dismiss_service.rb'
|
||||
- 'ee/app/services/vulnerability_issue_links/create_service.rb'
|
||||
- 'ee/app/services/vulnerability_issue_links/delete_service.rb'
|
||||
- 'ee/spec/graphql/mutations/security/finding/dismiss_spec.rb'
|
||||
- 'spec/controllers/import/bulk_imports_controller_spec.rb'
|
||||
- 'spec/controllers/import/fogbugz_controller_spec.rb'
|
||||
- 'spec/controllers/projects/alerting/notifications_controller_spec.rb'
|
||||
- 'spec/controllers/projects/pipelines_controller_spec.rb'
|
||||
- 'spec/controllers/projects/prometheus/alerts_controller_spec.rb'
|
||||
- 'spec/lib/gitlab/import_export/snippet_repo_restorer_spec.rb'
|
||||
- 'spec/requests/api/ci/pipelines_spec.rb'
|
||||
- 'spec/requests/api/ci/runner/runners_post_spec.rb'
|
||||
- 'spec/requests/api/group_export_spec.rb'
|
||||
- 'spec/requests/api/project_export_spec.rb'
|
||||
- 'spec/requests/api/project_import_spec.rb'
|
||||
- 'spec/requests/projects/incident_management/pagerduty_incidents_spec.rb'
|
||||
- 'spec/services/bulk_imports/export_service_spec.rb'
|
||||
- 'spec/support/shared_examples/requests/api/rubygems_packages_shared_examples.rb'
|
|
@ -1,7 +1,7 @@
|
|||
%p
|
||||
Project #{@project.name} couldn't be exported.
|
||||
= s_("Notify|Project %{project_name} couldn't be exported.") % {project_name: @project.name}
|
||||
%p
|
||||
The errors we encountered were:
|
||||
= s_('Notify|The errors we encountered were:')
|
||||
|
||||
%ul
|
||||
- @errors.each do |error|
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddMrChecksColumnsToNamespaceSettings < Gitlab::Database::Migration[2.0]
|
||||
def change
|
||||
add_column :namespace_settings, :only_allow_merge_if_pipeline_succeeds, :boolean, default: false, null: false
|
||||
add_column :namespace_settings, :allow_merge_on_skipped_pipeline, :boolean, default: false, null: false
|
||||
add_column :namespace_settings, :only_allow_merge_if_all_discussions_are_resolved, \
|
||||
:boolean, default: false, null: false
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
125ce9bf81966840774eb69be7995c1a8e2abd901fe5f19b73df43a577a9dc44
|
|
@ -17925,6 +17925,9 @@ CREATE TABLE namespace_settings (
|
|||
include_for_free_user_cap_preview boolean DEFAULT false NOT NULL,
|
||||
unique_project_download_limit_allowlist text[] DEFAULT '{}'::text[] NOT NULL,
|
||||
auto_ban_user_on_excessive_projects_download boolean DEFAULT false NOT NULL,
|
||||
only_allow_merge_if_pipeline_succeeds boolean DEFAULT false NOT NULL,
|
||||
allow_merge_on_skipped_pipeline boolean DEFAULT false NOT NULL,
|
||||
only_allow_merge_if_all_discussions_are_resolved boolean DEFAULT false NOT NULL,
|
||||
CONSTRAINT check_0ba93c78c7 CHECK ((char_length(default_branch_name) <= 255)),
|
||||
CONSTRAINT namespace_settings_unique_project_download_limit_allowlist_size CHECK ((cardinality(unique_project_download_limit_allowlist) <= 100))
|
||||
);
|
||||
|
|
|
@ -19,19 +19,23 @@ The Security Configuration page lists the following for the security testing and
|
|||
- Whether or not it is available.
|
||||
- A configuration button or a link to its configuration guide.
|
||||
|
||||
The status of each security control is determined by the following process:
|
||||
To determine the status of each security control, GitLab checks for a [CI/CD pipeline](../../../ci/pipelines/index.md)
|
||||
in the most recent commit on the default branch.
|
||||
|
||||
1. Check for a [CI pipeline](../../../ci/pipelines/index.md) in the most recent commit on the default branch.
|
||||
1. If no CI pipelines exist, then consider all security scanners disabled. Show the **Not enabled** status.
|
||||
1. If a pipeline is found, then inspect the CI YAML for each job in the CI/CD pipeline. If a
|
||||
job in the pipeline defines an [`artifacts:reports` keyword](../../../ci/yaml/artifacts_reports.md)
|
||||
for a security scanner, then consider the security scanner enabled. Show the **Enabled** status.
|
||||
If GitLab finds a CI/CD pipeline, then it inspects each job in the `.gitlab-ci.yml` file.
|
||||
|
||||
- If a job defines an [`artifacts:reports` keyword](../../../ci/yaml/artifacts_reports.md)
|
||||
for a security scanner, then GitLab considers the security scanner enabled and shows the **Enabled** status.
|
||||
- If no jobs define an `artifacts:reports` keyword for a security scanner, then GitLab considers
|
||||
the security scanner disabled and shows the **Not enabled** status.
|
||||
|
||||
If GitLab does not find a CI/CD pipeline, then it considers all security scanners disabled and shows the **Not enabled** status.
|
||||
|
||||
Failed pipelines and jobs are included in this process. If a scanner is configured but the job fails,
|
||||
that scanner is still considered enabled. This process also determines the scanners and statuses
|
||||
returned through [our API](../../../api/graphql/reference/index.md#securityscanners).
|
||||
returned through the [API](../../../api/graphql/reference/index.md#securityscanners).
|
||||
|
||||
If the latest pipeline used [Auto DevOps](../../../topics/autodevops/index.md),
|
||||
If the latest pipeline uses [Auto DevOps](../../../topics/autodevops/index.md),
|
||||
all security features are configured by default.
|
||||
|
||||
To view a project's security configuration:
|
||||
|
|
|
@ -56,7 +56,9 @@ the following tables:
|
|||
|
||||
| GitLab analyzer | Outputs severity levels? | Native severity level type | Native severity level example |
|
||||
|------------------------------------------------------------------------------------------|------------------------------|----------------------------|-------------------------------------|
|
||||
| [`gemnasium`](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) | **{check-circle}** Yes | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
|
||||
| [`gemnasium`](https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium) | **{check-circle}** Yes | CVSS v2.0 Rating and CVSS v3.1 Qualitative Severity Rating <sup>1</sup> | `(AV:N/AC:L/Au:S/C:P/I:P/A:N)`, `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H` |
|
||||
|
||||
1. The CVSS v3.1 rating is used to calculate the severity level. If it's not available, the CVSS v2.0 rating is used instead.
|
||||
|
||||
## Container Scanning
|
||||
|
||||
|
|
|
@ -27509,6 +27509,9 @@ msgstr ""
|
|||
msgid "Notify|Project %{old_path_with_namespace} was moved to another location."
|
||||
msgstr ""
|
||||
|
||||
msgid "Notify|Project %{project_name} couldn't be exported."
|
||||
msgstr ""
|
||||
|
||||
msgid "Notify|Project %{project_name} was exported successfully."
|
||||
msgstr ""
|
||||
|
||||
|
@ -27530,6 +27533,9 @@ msgstr ""
|
|||
msgid "Notify|The download link will expire in 24 hours."
|
||||
msgstr ""
|
||||
|
||||
msgid "Notify|The errors we encountered were:"
|
||||
msgstr ""
|
||||
|
||||
msgid "Notify|The project is now located under %{project_full_name_link_start}%{project_full_name}%{link_end}."
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require_relative '../../code_reuse_helpers'
|
||||
|
||||
module RuboCop
|
||||
module Cop
|
||||
module Gitlab
|
||||
class ServiceResponse < ::RuboCop::Cop::Base
|
||||
include CodeReuseHelpers
|
||||
|
||||
# This cop checks that ServiceResponse object is not used with the
|
||||
# deprecated attribute `http_status`.
|
||||
#
|
||||
# @example
|
||||
#
|
||||
# # bad
|
||||
# ServiceResponse.error(message: "...", http_status: :forbidden)
|
||||
#
|
||||
# # good
|
||||
# ServiceResponse.error(message: "...", reason: :insufficient_permissions)
|
||||
MSG = 'Use `reason` instead of the deprecated `http_status`: https://gitlab.com/gitlab-org/gitlab/-/issues/356036'
|
||||
|
||||
RESTRICT_ON_SEND = %i[error success new].freeze
|
||||
METHOD_NAMES = RESTRICT_ON_SEND.map(&:inspect).join(' ').freeze
|
||||
|
||||
def_node_matcher :service_response_with_http_status, <<~PATTERN
|
||||
(send
|
||||
(const {nil? cbase} :ServiceResponse)
|
||||
{#{METHOD_NAMES}}
|
||||
(hash <$(pair (sym :http_status) _) ...>)
|
||||
)
|
||||
PATTERN
|
||||
|
||||
def on_send(node)
|
||||
pair = service_response_with_http_status(node)
|
||||
return unless pair
|
||||
|
||||
add_offense(pair)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,41 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rubocop_spec_helper'
|
||||
require_relative '../../../../rubocop/cop/gitlab/service_response'
|
||||
|
||||
RSpec.describe RuboCop::Cop::Gitlab::ServiceResponse do
|
||||
subject(:cop) { described_class.new }
|
||||
|
||||
it 'does not flag the `http_status:` param on a homonym method' do
|
||||
expect_no_offenses("MyClass.error(http_status: :ok)")
|
||||
end
|
||||
|
||||
it 'does not flag calls without params' do
|
||||
expect_no_offenses('ServiceResponse.error')
|
||||
end
|
||||
|
||||
it 'does not flag the offense when `http_status` is not used' do
|
||||
expect_no_offenses('ServiceResponse.error(message: "some error", reason: :bad_time)')
|
||||
end
|
||||
|
||||
it 'flags the use of `http_status:` parameter in ServiceResponse in error' do
|
||||
expect_offense(<<~CODE, msg: described_class::MSG)
|
||||
ServiceResponse.error(message: "some error", http_status: :bad_request)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
|
||||
CODE
|
||||
end
|
||||
|
||||
it 'flags the use of `http_status:` parameter in ServiceResponse in success' do
|
||||
expect_offense(<<~CODE, msg: described_class::MSG)
|
||||
ServiceResponse.success(message: "some error", http_status: :bad_request)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
|
||||
CODE
|
||||
end
|
||||
|
||||
it 'flags the use of `http_status:` parameter in ServiceResponse in initializer' do
|
||||
expect_offense(<<~CODE, msg: described_class::MSG)
|
||||
ServiceResponse.new(message: "some error", http_status: :bad_request)
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^ %{msg}
|
||||
CODE
|
||||
end
|
||||
end
|
|
@ -100,9 +100,11 @@ GEM
|
|||
loofah (2.19.0)
|
||||
crass (~> 1.0.2)
|
||||
nokogiri (>= 1.5.9)
|
||||
mini_portile2 (2.8.0)
|
||||
minitest (5.16.3)
|
||||
multi_json (1.15.0)
|
||||
nokogiri (1.13.8-x86_64-linux)
|
||||
nokogiri (1.13.8)
|
||||
mini_portile2 (~> 2.8.0)
|
||||
racc (~> 1.4)
|
||||
public_suffix (5.0.0)
|
||||
racc (1.6.0)
|
||||
|
@ -124,15 +126,16 @@ GEM
|
|||
simplecov-rcov (0.3.1)
|
||||
simplecov (>= 0.4.1)
|
||||
simplecov_json_formatter (0.1.4)
|
||||
sqlite3 (1.5.0-x86_64-linux)
|
||||
sqlite3 (1.5.0)
|
||||
mini_portile2 (~> 2.8.0)
|
||||
stringex (1.5.1)
|
||||
tzinfo (2.0.5)
|
||||
concurrent-ruby (~> 1.0)
|
||||
uuidtools (2.2.0)
|
||||
zeitwerk (2.6.0)
|
||||
zeitwerk (2.6.1)
|
||||
|
||||
PLATFORMS
|
||||
x86_64-linux
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
actionpack (~> 6.1)
|
||||
|
@ -149,4 +152,4 @@ DEPENDENCIES
|
|||
sqlite3
|
||||
|
||||
BUNDLED WITH
|
||||
2.3.19
|
||||
2.3.22
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
{"name":"marcel","version":"1.0.2","platform":"ruby","checksum":"a013b677ef46cbcb49fd5c59b3d35803d2ee04dd75d8bfdc43533fc5a31f7e4e"},
|
||||
{"name":"method_source","version":"1.0.0","platform":"ruby","checksum":"d779455a2b5666a079ce58577bfad8534f571af7cec8107f4dce328f0981dede"},
|
||||
{"name":"mini_mime","version":"1.1.2","platform":"ruby","checksum":"a54aec0cc7438a03a850adb00daca2bdb60747f839e28186994df057cea87151"},
|
||||
{"name":"mini_portile2","version":"2.8.0","platform":"ruby","checksum":"1e06b286ff19b73cfc9193cb3dd2bd80416f8262443564b25b23baea74a05765"},
|
||||
{"name":"minitest","version":"5.16.2","platform":"ruby","checksum":"c1be0c6b57fab451faa08e74ffa71e7d6a259b90f4bacb881c7f4808ec8b4991"},
|
||||
{"name":"nio4r","version":"2.5.8","platform":"java","checksum":"b2b1800f6bf7ce4b797ca8b639ad278a99c9c904fb087a91d944f38e4bd71401"},
|
||||
{"name":"nio4r","version":"2.5.8","platform":"ruby","checksum":"3becb4ad95ab8ac0a9bd2e1b16466869402be62848082bf6329ae9091f276676"},
|
||||
|
|
|
@ -76,11 +76,11 @@ GEM
|
|||
marcel (1.0.2)
|
||||
method_source (1.0.0)
|
||||
mini_mime (1.1.2)
|
||||
mini_portile2 (2.8.0)
|
||||
minitest (5.16.2)
|
||||
nio4r (2.5.8)
|
||||
nokogiri (1.13.8-arm64-darwin)
|
||||
racc (~> 1.4)
|
||||
nokogiri (1.13.8-x86_64-linux)
|
||||
nokogiri (1.13.8)
|
||||
mini_portile2 (~> 2.8.0)
|
||||
racc (~> 1.4)
|
||||
racc (1.6.0)
|
||||
rack (2.2.4)
|
||||
|
@ -129,11 +129,10 @@ GEM
|
|||
zeitwerk (2.6.0)
|
||||
|
||||
PLATFORMS
|
||||
arm64-darwin-21
|
||||
x86_64-linux
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
rails (~> 6.1.6.1)
|
||||
|
||||
BUNDLED WITH
|
||||
2.3.19
|
||||
2.3.22
|
||||
|
|
|
@ -0,0 +1,72 @@
|
|||
GEM
|
||||
remote: https://rubygems.org/
|
||||
specs:
|
||||
ast (2.4.2)
|
||||
faraday (2.5.2)
|
||||
faraday-net_http (>= 2.0, < 3.1)
|
||||
ruby2_keywords (>= 0.0.4)
|
||||
faraday-net_http (3.0.0)
|
||||
hashie (5.0.0)
|
||||
json (2.6.2)
|
||||
jwt (2.5.0)
|
||||
multi_json (1.15.0)
|
||||
multi_xml (0.6.0)
|
||||
oauth2 (1.4.11)
|
||||
faraday (>= 0.17.3, < 3.0)
|
||||
jwt (>= 1.0, < 3.0)
|
||||
multi_json (~> 1.3)
|
||||
multi_xml (~> 0.5)
|
||||
rack (>= 1.2, < 4)
|
||||
omniauth (1.9.2)
|
||||
hashie (>= 3.4.6)
|
||||
rack (>= 1.6.2, < 3)
|
||||
omniauth-google-oauth2 (0.8.2)
|
||||
jwt (>= 2.0)
|
||||
oauth2 (~> 1.1)
|
||||
omniauth (~> 1.1)
|
||||
omniauth-oauth2 (>= 1.6)
|
||||
omniauth-oauth2 (1.7.3)
|
||||
oauth2 (>= 1.4, < 3)
|
||||
omniauth (>= 1.9, < 3)
|
||||
parallel (1.22.1)
|
||||
parser (3.1.2.1)
|
||||
ast (~> 2.4.1)
|
||||
rack (1.6.13)
|
||||
rack-protection (1.5.5)
|
||||
rack
|
||||
rainbow (3.1.1)
|
||||
regexp_parser (2.6.0)
|
||||
rexml (3.2.5)
|
||||
rubocop (1.36.0)
|
||||
json (~> 2.3)
|
||||
parallel (~> 1.10)
|
||||
parser (>= 3.1.2.1)
|
||||
rainbow (>= 2.2.2, < 4.0)
|
||||
regexp_parser (>= 1.8, < 3.0)
|
||||
rexml (>= 3.2.5, < 4.0)
|
||||
rubocop-ast (>= 1.20.1, < 2.0)
|
||||
ruby-progressbar (~> 1.7)
|
||||
unicode-display_width (>= 1.4.0, < 3.0)
|
||||
rubocop-ast (1.21.0)
|
||||
parser (>= 3.1.1.0)
|
||||
ruby-progressbar (1.11.0)
|
||||
ruby2_keywords (0.0.5)
|
||||
sinatra (1.4.8)
|
||||
rack (~> 1.5)
|
||||
rack-protection (~> 1.4)
|
||||
tilt (>= 1.3, < 3)
|
||||
tilt (2.0.11)
|
||||
unicode-display_width (2.3.0)
|
||||
webrick (1.7.0)
|
||||
|
||||
PLATFORMS
|
||||
ruby
|
||||
|
||||
DEPENDENCIES
|
||||
omniauth-google-oauth2 (~> 0.8.1)
|
||||
rubocop
|
||||
sinatra (~> 1.4)
|
||||
webrick
|
||||
|
||||
BUNDLED WITH
|
||||
2.3.22
|
Loading…
Reference in New Issue