kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
No description https://gitlab.com/gitlab-org/gitlab-foss
37368 commits 1 branch 0 tags 899 MiB
Ruby 69.2%
JavaScript 18.7%
Vue 6.6%
Haml 2%
HTML 1.3%
Other 2.2%
Find a file
Sean McGivern f5576b16ba Merge branch 'namespace-validation-fixes' into 'master' 
Correct namespace validation to forbid bad names #21077

## What does this MR do?
Updates master namespace regex to forbid any namespace ending in `.git` or `.atom` and corrects and adds relevant tests

## Are there points in the code the reviewer needs to double check?
I think it's all good. I could use help with the creation of tests for usernames with trailing `.atom` or `.git` as the testing framework is a bit over my head.

## Why was this MR needed?
A group that ends in `.atom` will cause the relevent dashboard to crash if the user (ANY user, not just the creator) has visibility of the group until it is deleted through the admin panel (it cannot be renamed, the edit page will crash. It may be fixable through the API, that wasn't checked.)

This allows a malicious user with group creation privileges to bulk add users to a group, rename the group to a bad name, and crash the groups dashboard for all members of the group. The same applies if the group is internal or public and users navigate to the explore tab of the groups dashboard.

The same applies to usernames ending in `.atom`.

In many places of the code, it implies that `.git` in not allowed at the end of namespaces, but many allowed it anyway. This MR forbids it everywhere to prevent potential issues (like the one with `.atom` going forward).

## What are the relevant issue numbers?
Group path validation incomplete, crashes groups dashboard #21077

## Does this MR meet the acceptance criteria?

- [X] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG) entry added
- [ ] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [ ] API support added
- Tests
  - [X] Added for this feature/bug
  - [X] All builds are passing
- [X] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [X] Branch has no merge conflicts with `master` (if you do - rebase it please)
- [X] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

See merge request !5994
2016-10-10 13:39:39 +00:00
.github Address feedback about wording. 2016-06-09 11:25:47 -06:00
.gitlab Rename behaviour to behavior in bug issue template for consistency 2016-09-01 22:01:02 -05:00
app Merge branch 'namespace-validation-fixes' into 'master' 2016-10-10 13:39:39 +00:00
bin Use ENABLE_SPRING to use it by default 2016-06-17 16:54:55 +02:00
builds
changelogs Add changelogs/unreleased/.gitkeep 2016-09-09 14:37:25 -04:00
config Fix missing constraints causing route failures when usernames with periods are used 2016-10-08 09:58:25 -07:00
db Add markdown cache columns to the database, but don't use them yet 2016-10-07 02:54:25 +01:00
doc Fix a typo in doc/api/labels.md 2016-10-09 22:42:11 +09:00
docker Update Docker Hub links. 2016-05-07 13:29:24 +09:00
features Add tag shortcut from the Commit page 2016-10-06 18:37:06 +02:00
fixtures/emojis Upgrade Gemojione from 2.6.1 to 3.0.1. 2016-07-18 10:40:16 -06:00
generator_templates/active_record/migration Added checks for migration downtime 2016-07-20 12:41:56 +02:00
lib Correct namespace validation to forbid bad names #21077 2016-10-07 13:46:59 -05:00
log
public Merge branch 'patch-3' into 'master' 2016-09-26 14:02:39 +00:00
rubocop Added RuboCop cops for checking DB migrations 2016-06-29 14:14:02 +02:00
scripts Use custom Ruby images to test builds 2016-09-30 13:45:15 +02:00
shared Add .gitkeep 2016-05-17 09:41:47 -05:00
spec Merge branch 'namespace-validation-fixes' into 'master' 2016-10-10 13:39:39 +00:00
tmp
vendor Update templates for 8.13 2016-09-30 12:16:41 +02:00
.csscomb.json Remove SCSS rules for short hex chars. 2016-10-03 20:40:22 -04:00
.flayignore Tell Flay to ignore Gitlab::Diff::PositionTracer 2016-09-27 14:31:33 +02:00
.foreman
.gitattributes Added '*.js.es6 gitlab-language=javascript' to .gitattributes 2016-07-26 00:55:00 +01:00
.gitignore Verify JWT messages from gitlab-workhorse 2016-09-05 15:05:31 +02:00
.gitlab-ci.yml Try tmpfs for repository storage, etc 2016-10-06 17:42:56 +01:00
.haml-lint.yml Improve .haml-lint.yml, simplify the haml_lint task and remove CHANGELOG entry 2016-09-13 18:56:00 +02:00
.mailmap Add an initial .mailmap 2016-08-06 23:21:11 +02:00
.pkgr.yml Update .pkgr.yml with Ubuntu 16.04 dependencies 2016-09-20 17:35:49 +02:00
.rspec
.rubocop.yml Update RuboCop to 0.43.0 and update configuration 2016-10-04 13:28:01 +02:00
.rubocop_todo.yml Update RuboCop to 0.43.0 and update configuration 2016-10-04 13:28:01 +02:00
.ruby-version Default build tests ruby 2.3.1 2016-08-11 19:00:00 +02:00
.scss-lint.yml Remove SCSS rules for short hex chars. 2016-10-03 20:40:22 -04:00
.vagrant_enabled Cache project build count. Closes #18032 2016-06-02 11:10:57 -04:00
CHANGELOG Merge branch 'namespace-validation-fixes' into 'master' 2016-10-10 13:39:39 +00:00
config.ru
CONTRIBUTING.md Improve the contribution and MR review guide 2016-10-07 15:28:15 +02:00
doc_styleguide.md
docker-compose.yml
Gemfile Make search results use the markdown cache columns, treating them consistently 2016-10-07 02:54:26 +01:00
Gemfile.lock Make search results use the markdown cache columns, treating them consistently 2016-10-07 02:54:26 +01:00
GITLAB_SHELL_VERSION Update Gitlab Shell to fix errors moving projects between storages 2016-10-07 15:47:54 -03:00
GITLAB_WORKHORSE_VERSION Use gitlab-workhorse 0.8.4 2016-10-06 14:12:31 +02:00
LICENSE
MAINTENANCE.md Update MAINTENANCE.md with our latest policy 2016-07-19 09:05:56 +03:00
PROCESS.md Fix grammar (those issue -> those issues) 2016-08-31 15:23:31 +00:00
Procfile
Rakefile Load knapsack in Rakefile only when is bundled 2016-06-07 20:02:03 +02:00
README.md Fix typo in README 2016-09-25 16:11:18 +00:00
VERSION Update VERSION to 8.13.0-pre 2016-09-22 17:39:25 +02:00

README.md

GitLab

build status coverage report Code Climate Core Infrastructure Initiative Best Practices

Canonical source

The canonical source of GitLab Community Edition is hosted on GitLab.com.

Open source software to collaborate on code

To see how GitLab looks please see the features page on our website.

  • Manage Git repositories with fine grained access controls that keep your code secure
  • Perform code reviews and enhance collaboration with merge requests
  • Each project can also have an issue tracker and a wiki
  • Used by more than 100,000 organizations, GitLab is the most popular solution to manage Git repositories on-premises
  • Completely free and open source (MIT Expat license)
  • Powered by Ruby on Rails

Hiring

We're hiring developers, support people, and production engineers all the time, please see our jobs page.

Editions

There are two editions of GitLab:

  • GitLab Community Edition (CE) is available freely under the MIT Expat license.
  • GitLab Enterprise Edition (EE) includes extra features that are more useful for organizations with more than 100 users. To use EE and get official support please become a subscriber.

Website

On about.gitlab.com you can find more information about:

Requirements

Please see the requirements documentation for system requirements and more information about the supported operating systems.

Installation

The recommended way to install GitLab is with the Omnibus packages on our package server. Compared to an installation from source, this is faster and less error prone. Just select your operating system, download the respective package (Debian or RPM) and install it using the system's package manager.

There are various other options to install GitLab, please refer to the installation page on the GitLab website for more information.

You can access a new installation with the login root and password 5iveL!fe, after login you are required to set a unique password.

Install a development environment

To work on GitLab itself, we recommend setting up your development environment with the GitLab Development Kit. If you do not use the GitLab Development Kit you need to install and setup all the dependencies yourself, this is a lot of work and error prone. One small thing you also have to do when installing it yourself is to copy the example development unicorn configuration file:

cp config/unicorn.rb.example.development config/unicorn.rb

Instructions on how to start GitLab and how to run the tests can be found in the development section of the GitLab Development Kit.

Software stack

GitLab is a Ruby on Rails application that runs on the following software:

  • Ubuntu/Debian/CentOS/RHEL
  • Ruby (MRI) 2.3
  • Git 2.7.4+
  • Redis 2.8+
  • MySQL or PostgreSQL

For more information please see the architecture documentation.

Third-party applications

There are a lot of third-party applications integrating with GitLab. These include GUI Git clients, mobile applications and API wrappers for various languages.

GitLab release cycle

For more information about the release process see the release documentation.

Upgrading

For upgrading information please see our update page.

Documentation

All documentation can be found on doc.gitlab.com/ce/.

Getting help

Please see Getting help for GitLab on our website for the many options to get help.

Is it any good?

Yes

Is it awesome?

Thanks for asking this question Joshua. These people seem to like it.