kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/spec
History
Douwe Maan 6d37fe952b Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 
Fix missing access checks on issue lookup using IssuableFinder

Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867

⚠️ - Potentially untested
💣 - No test coverage
🚥 - Test coverage of some sort exists (a test failed when error raised)
🚦 - Test coverage of return value (a test failed when nil used)
 - Permissions check tested

- [x]  app/controllers/projects/branches_controller.rb:39
  - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with
    confidential issues, issues only visible to team, etc.
- [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`]
- [x]  app/controllers/projects/todos_controller.rb:19

- [x] Potential double render in app/controllers/projects/todos_controller.rb

- https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24

See merge request !2030
2016-11-28 21:25:46 -03:00
..
bin DRY up the specs for bin/changelog 2016-11-03 17:35:06 +00:00
config Make mail_room idle_timeout option configurable. 2016-11-16 12:46:37 +01:00
controllers Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
factories Merge remote-tracking branch 'upstream/master' into fix-cancelling-pipelines 2016-11-22 18:46:35 +08:00
features Merge branch 'jej-22869' into 'security' 2016-11-28 21:25:18 -03:00
finders Precalculate user's authorized projects in database 2016-11-18 20:25:45 +02:00
fixtures add parsing support for incoming html email 2016-11-17 11:59:44 +09:00
helpers Refactor issuable_filters_present to reduce duplications 2016-11-28 14:48:03 +05:00
initializers
javascripts Merge branch 'zen-mode-fixture' into 'master' 2016-11-28 17:52:02 +00:00
lib Merge branch 'timeout-merge-request-for-binary-file' into 'master' 2016-11-25 16:19:03 +00:00
mailers Use Gitlab.config.gitlab.host over 'localhost' 2016-11-18 20:17:10 +08:00
models Merge branch 'jej-fix-missing-access-check-on-issues' into 'security' 2016-11-28 21:25:46 -03:00
policies Added tests for IssuePolicy 2016-11-07 12:49:24 +01:00
requests Merge branch 'zj-fix-label-creation-non-members' into 'security' 2016-11-28 21:24:19 -03:00
routing Add nested groups support to the routing 2016-11-23 14:08:36 +02:00
serializers Merge branch 'zj-upgrade-grape' into 'master' 2016-11-25 04:05:17 +00:00
services Merge branch 'zj-fix-label-creation-non-members' into 'security' 2016-11-28 21:24:19 -03:00
support Merge branch 'dynamic-build-fixture' into 'master' 2016-11-28 16:43:46 +00:00
tasks/gitlab Introduce better credential and error checking to rake gitlab:ldap:check 2016-11-08 15:46:10 -06:00
uploaders
views Prevent error when submitting a merge request and pipeline is not defined 2016-11-28 12:03:59 +01:00
workers Refresh project authorizations using a Redis lease 2016-11-25 13:35:01 +01:00
factories_spec.rb
rails_helper.rb
rake_helper.rb Add Rake task to create/repair GitLab Shell hooks symlinks 2016-11-01 14:52:59 -05:00
simplecov_env.rb
spec_helper.rb Refine specs for build show page with environments 2016-11-09 19:40:25 +01:00
teaspoon_env.rb