6d37fe952b
Fix missing access checks on issue lookup using IssuableFinder Split from !2024 to partially solve https://gitlab.com/gitlab-org/gitlab-ce/issues/23867 ⚠️ - Potentially untested 💣 - No test coverage 🚥 - Test coverage of some sort exists (a test failed when error raised) 🚦 - Test coverage of return value (a test failed when nil used) ✅ - Permissions check tested - [x] ✅ app/controllers/projects/branches_controller.rb:39 - `before_action :authorize_push_code!` helpes limit/prevent exploitation. Always checks for reporter access so fine with confidential issues, issues only visible to team, etc. - [x] 🚥 app/models/cycle_analytics/summary.rb:9 [`.count`] - [x] ✅ app/controllers/projects/todos_controller.rb:19 - [x] Potential double render in app/controllers/projects/todos_controller.rb - https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2024/diffs#cedccb227af9bfdf88802767cb58d43c2b977439_24_24 See merge request !2030 |
||
---|---|---|
.. | ||
ci | ||
concerns | ||
cycle_analytics | ||
hooks | ||
issue | ||
members | ||
merge_request | ||
network | ||
project_services | ||
ability_spec.rb | ||
abuse_report_spec.rb | ||
appearance_spec.rb | ||
application_setting_spec.rb | ||
award_emoji_spec.rb | ||
blob_spec.rb | ||
board_spec.rb | ||
broadcast_message_spec.rb | ||
build_spec.rb | ||
chat_name_spec.rb | ||
commit_range_spec.rb | ||
commit_spec.rb | ||
commit_status_spec.rb | ||
compare_spec.rb | ||
deploy_key_spec.rb | ||
deploy_keys_project_spec.rb | ||
deployment_spec.rb | ||
diff_note_spec.rb | ||
discussion_spec.rb | ||
email_spec.rb | ||
environment_spec.rb | ||
event_spec.rb | ||
external_issue_spec.rb | ||
forked_project_link_spec.rb | ||
generic_commit_status_spec.rb | ||
global_milestone_spec.rb | ||
group_label_spec.rb | ||
group_spec.rb | ||
guest_spec.rb | ||
identity_spec.rb | ||
issue_collection_spec.rb | ||
issue_spec.rb | ||
key_spec.rb | ||
label_link_spec.rb | ||
label_priority_spec.rb | ||
label_spec.rb | ||
legacy_diff_note_spec.rb | ||
list_spec.rb | ||
member_spec.rb | ||
merge_request_diff_spec.rb | ||
merge_request_spec.rb | ||
milestone_spec.rb | ||
namespace_spec.rb | ||
note_spec.rb | ||
notification_setting_spec.rb | ||
personal_access_token_spec.rb | ||
project_feature_spec.rb | ||
project_group_link_spec.rb | ||
project_label_spec.rb | ||
project_snippet_spec.rb | ||
project_spec.rb | ||
project_team_spec.rb | ||
project_wiki_spec.rb | ||
protected_branch_spec.rb | ||
release_spec.rb | ||
repository_spec.rb | ||
service_spec.rb | ||
snippet_spec.rb | ||
spam_log_spec.rb | ||
subscription_spec.rb | ||
todo_spec.rb | ||
tree_spec.rb | ||
trending_project_spec.rb | ||
user_agent_detail_spec.rb | ||
user_spec.rb | ||
wiki_page_spec.rb |