...@@ -36,6 +36,13 @@ class GlobalPolicy < BasePolicy ...@@ -36,6 +36,13 @@ class GlobalPolicy < BasePolicy
enable :use_slash_commands enable :use_slash_commands
end end
rule { inactive }.policy do
prevent :log_in
prevent :access_api
prevent :access_git
prevent :use_slash_commands
end
rule { blocked | internal }.policy do rule { blocked | internal }.policy do
prevent :log_in prevent :log_in
prevent :access_api prevent :access_api
... ...
......
...@@ -3,6 +3,18 @@ ...@@ -3,6 +3,18 @@
class EventPresenter < Gitlab::View::Presenter::Delegated class EventPresenter < Gitlab::View::Presenter::Delegated
presents :event presents :event
def initialize(subject, **attributes)
super
@visible_to_user_cache = ActiveSupport::Cache::MemoryStore.new
end
# Caching `visible_to_user?` method in the presenter beause it might be called multiple times.
def visible_to_user?(user = nil)
@visible_to_user_cache.fetch(user&.id) { super(user) }
end
# implement cache here
def resource_parent_name def resource_parent_name
resource_parent&.full_name || '' resource_parent&.full_name || ''
end end
... ...
......
...@@ -18,7 +18,7 @@ class CompareService ...@@ -18,7 +18,7 @@ class CompareService
return unless raw_compare && raw_compare.base && raw_compare.head return unless raw_compare && raw_compare.base && raw_compare.head
Compare.new(raw_compare, Compare.new(raw_compare,
target_project, start_project,
base_sha: base_sha, base_sha: base_sha,
straight: straight) straight: straight)
end end
... ...
......
...@@ -6,6 +6,12 @@ module Projects ...@@ -6,6 +6,12 @@ module Projects
def execute(group_link) def execute(group_link)
return false unless group_link return false unless group_link
if group_link.project.private?
TodosDestroyer::ProjectPrivateWorker.perform_in(Todo::WAIT_FOR_DELETE, project.id)
else
TodosDestroyer::ConfidentialIssueWorker.perform_in(Todo::WAIT_FOR_DELETE, nil, project.id)
end
group_link.destroy group_link.destroy
end end
end end
... ...
......
...@@ -4,6 +4,12 @@ module Projects ...@@ -4,6 +4,12 @@ module Projects
module ImportExport module ImportExport
class ExportService < BaseService class ExportService < BaseService
def execute(after_export_strategy = nil, options = {}) def execute(after_export_strategy = nil, options = {})
unless project.template_source? || can?(current_user, :admin_project, project)
raise ::Gitlab::ImportExport::Error.new(
"User with ID: %s does not have permission to Project %s with ID: %s." %
[current_user.id, project.name, project.id])
end
@shared = project.import_export_shared @shared = project.import_export_shared
save_all! save_all!
... ...
......
.js-grafana-integration{ data: { operations_settings_endpoint: project_settings_operations_path(@project), .js-grafana-integration{ data: { operations_settings_endpoint: project_settings_operations_path(@project),
grafana_integration: { url: grafana_integration_url, token: grafana_integration_token, enabled: grafana_integration_enabled?.to_s } } } grafana_integration: { url: grafana_integration_url, token: grafana_integration_masked_token, enabled: grafana_integration_enabled?.to_s } } }
...@@ -221,6 +221,11 @@ include::basics.adoc[] ...@@ -221,6 +221,11 @@ include::basics.adoc[]
include::https://example.org/installation.adoc[] include::https://example.org/installation.adoc[]
``` ```
To guarantee good system performance and prevent malicious documents causing
problems, GitLab enforces a **maximum limit** on the number of include directives
processed in any one document. Currently a total of 32 documents can be
included, a number that is inclusive of transitive dependencies.
### Blocks ### Blocks
```asciidoc ```asciidoc
... ...
......
...@@ -85,6 +85,8 @@ module API ...@@ -85,6 +85,8 @@ module API
protected: @project.protected_for?(ref)) protected: @project.protected_for?(ref))
end end
authorize! :update_pipeline, pipeline
status = GenericCommitStatus.running_or_pending.find_or_initialize_by( status = GenericCommitStatus.running_or_pending.find_or_initialize_by(
project: @project, project: @project,
pipeline: pipeline, pipeline: pipeline,
... ...
......
...@@ -154,7 +154,7 @@ module API ...@@ -154,7 +154,7 @@ module API
not_found! 'Commit' unless commit not_found! 'Commit' unless commit
present commit, with: Entities::CommitDetail, stats: params[:stats] present commit, with: Entities::CommitDetail, stats: params[:stats], current_user: current_user
end end
desc 'Get the diff for a specific commit of a project' do desc 'Get the diff for a specific commit of a project' do
... ...
......
...@@ -476,8 +476,18 @@ module API ...@@ -476,8 +476,18 @@ module API
class CommitDetail < Commit class CommitDetail < Commit
expose :stats, using: Entities::CommitStats, if: :stats expose :stats, using: Entities::CommitStats, if: :stats
expose :status expose :status
expose :last_pipeline, using: 'API::Entities::PipelineBasic'
expose :project_id expose :project_id
expose :last_pipeline do |commit, options|
pipeline = commit.last_pipeline if can_read_pipeline?
::API::Entities::PipelineBasic.represent(pipeline, options)
end
private
def can_read_pipeline?
Ability.allowed?(options[:current_user], :read_pipeline, object.last_pipeline)
end
end end
class CommitSignature < Grape::Entity class CommitSignature < Grape::Entity
... ...
......
...@@ -127,6 +127,7 @@ module API ...@@ -127,6 +127,7 @@ module API
get ":id/repository/files/:file_path/raw", requirements: FILE_ENDPOINT_REQUIREMENTS do get ":id/repository/files/:file_path/raw", requirements: FILE_ENDPOINT_REQUIREMENTS do
assign_file_vars! assign_file_vars!
no_cache_headers
set_http_headers(blob_data) set_http_headers(blob_data)
send_git_blob @repo, @blob send_git_blob @repo, @blob
... ...
......
...@@ -256,11 +256,21 @@ module API ...@@ -256,11 +256,21 @@ module API
end end
def require_gitlab_workhorse! def require_gitlab_workhorse!
verify_workhorse_api!
unless env['HTTP_GITLAB_WORKHORSE'].present? unless env['HTTP_GITLAB_WORKHORSE'].present?
forbidden!('Request should be executed via GitLab Workhorse') forbidden!('Request should be executed via GitLab Workhorse')
end end
end end
def verify_workhorse_api!
Gitlab::Workhorse.verify_api_request!(request.headers)
rescue => e
Gitlab::ErrorTracking.track_exception(e)
forbidden!
end
def require_pages_enabled! def require_pages_enabled!
not_found! unless user_project.pages_available? not_found! unless user_project.pages_available?
end end
... ...
......
...@@ -3,6 +3,8 @@ ...@@ -3,6 +3,8 @@
module API module API
module Helpers module Helpers
module HeadersHelpers module HeadersHelpers
include Gitlab::NoCacheHeaders
def set_http_headers(header_data) def set_http_headers(header_data)
header_data.each do |key, value| header_data.each do |key, value|
if value.is_a?(Enumerable) if value.is_a?(Enumerable)
...@@ -12,6 +14,12 @@ module API ...@@ -12,6 +14,12 @@ module API
header "X-Gitlab-#{key.to_s.split('_').collect(&:capitalize).join('-')}", value.to_s header "X-Gitlab-#{key.to_s.split('_').collect(&:capitalize).join('-')}", value.to_s
end end
end end
def no_cache_headers
DEFAULT_GITLAB_NO_CACHE_HEADERS.each do |k, v|
header k, v
end
end
end end
end end
end end
...@@ -201,12 +201,14 @@ module Banzai ...@@ -201,12 +201,14 @@ module Banzai
gather_references(nodes) gather_references(nodes)
end end
# Gathers the references for the given HTML nodes. # Gathers the references for the given HTML nodes. Returns visible
# references and a list of nodes which are not visible to the user
def gather_references(nodes) def gather_references(nodes)
nodes = nodes_user_can_reference(current_user, nodes) nodes = nodes_user_can_reference(current_user, nodes)
nodes = nodes_visible_to_user(current_user, nodes) visible = nodes_visible_to_user(current_user, nodes)
not_visible = nodes - visible
referenced_by(nodes) { visible: referenced_by(visible), not_visible: not_visible }
end end
# Returns a Hash containing the projects for a given list of HTML nodes. # Returns a Hash containing the projects for a given list of HTML nodes.
... ...
......
...@@ -11,6 +11,7 @@ module Gitlab ...@@ -11,6 +11,7 @@ module Gitlab
# the resulting HTML through HTML pipeline filters. # the resulting HTML through HTML pipeline filters.
module Asciidoc module Asciidoc
MAX_INCLUDE_DEPTH = 5 MAX_INCLUDE_DEPTH = 5
MAX_INCLUDES = 32
DEFAULT_ADOC_ATTRS = { DEFAULT_ADOC_ATTRS = {
'showtitle' => true, 'showtitle' => true,
'sectanchors' => true, 'sectanchors' => true,
...@@ -40,6 +41,7 @@ module Gitlab ...@@ -40,6 +41,7 @@ module Gitlab
extensions: extensions } extensions: extensions }
context[:pipeline] = :ascii_doc context[:pipeline] = :ascii_doc
context[:max_includes] = [MAX_INCLUDES, context[:max_includes]].compact.min
plantuml_setup plantuml_setup
... ...
......
...@@ -13,7 +13,9 @@ module Gitlab ...@@ -13,7 +13,9 @@ module Gitlab
super(logger: Gitlab::AppLogger) super(logger: Gitlab::AppLogger)
@context = context @context = context
@repository = context[:project].try(:repository) @repository = context[:repository] || context[:project].try(:repository)
@max_includes = context[:max_includes].to_i
@included = []
# Note: Asciidoctor calls #freeze on extensions, so we can't set new # Note: Asciidoctor calls #freeze on extensions, so we can't set new
# instance variables after initialization. # instance variables after initialization.
...@@ -28,8 +30,11 @@ module Gitlab ...@@ -28,8 +30,11 @@ module Gitlab
def include_allowed?(target, reader) def include_allowed?(target, reader)
doc = reader.document doc = reader.document
return false if doc.attributes.fetch('max-include-depth').to_i < 1 max_include_depth = doc.attributes.fetch('max-include-depth').to_i
return false if max_include_depth < 1
return false if target_uri?(target) return false if target_uri?(target)
return false if included.size >= max_includes
true true
end end
...@@ -62,7 +67,7 @@ module Gitlab ...@@ -62,7 +67,7 @@ module Gitlab
private private
attr_accessor :context, :repository, :cache attr_reader :context, :repository, :cache, :max_includes, :included
# Gets a Blob at a path for a specific revision. # Gets a Blob at a path for a specific revision.
# This method will check that the Blob exists and contains readable text. # This method will check that the Blob exists and contains readable text.
...@@ -77,6 +82,8 @@ module Gitlab ...@@ -77,6 +82,8 @@ module Gitlab
raise 'Blob not found' unless blob raise 'Blob not found' unless blob
raise 'File is not readable' unless blob.readable_text? raise 'File is not readable' unless blob.readable_text?
included << filename
blob blob
end end
... ...
......
# frozen_string_literal: true
module Gitlab
module Git
class CrossRepoComparer
attr_reader :source_repo, :target_repo
def initialize(source_repo, target_repo)
@source_repo = source_repo
@target_repo = target_repo
end
def compare(source_ref, target_ref, straight:)
ensuring_ref_in_source(target_ref) do |target_commit_id|
Gitlab::Git::Compare.new(
source_repo,
target_commit_id,
source_ref,
straight: straight
)
end
end
private
def ensuring_ref_in_source(ref, &blk)
return yield ref if source_repo == target_repo
# If the commit doesn't exist in the target, there's nothing we can do
commit_id = target_repo.commit(ref)&.sha
return unless commit_id
# The commit pointed to by ref may exist in the source even when they
# are different repositories. This is particularly true of close forks,
# but may also be the case if a temporary ref for this comparison has
# already been created in the past, and the result hasn't been GC'd yet.
return yield commit_id if source_repo.commit(commit_id)
# Worst case: the commit is not in the source repo so we need to fetch
# it. Use a temporary ref and clean up afterwards
with_commit_in_source_tmp(commit_id, &blk)
end
# Fetch the ref into source_repo from target_repo, using a temporary ref
# name that will be deleted once the method completes. This is a no-op if
# fetching the source branch fails
def with_commit_in_source_tmp(commit_id, &blk)
tmp_ref = "refs/tmp/#{SecureRandom.hex}"
yield commit_id if source_repo.fetch_source_branch!(target_repo, commit_id, tmp_ref)
ensure
source_repo.delete_refs(tmp_ref) # best-effort
end
end
end
end
...@@ -746,29 +746,9 @@ module Gitlab ...@@ -746,29 +746,9 @@ module Gitlab
end end
def compare_source_branch(target_branch_name, source_repository, source_branch_name, straight:) def compare_source_branch(target_branch_name, source_repository, source_branch_name, straight:)
reachable_ref = CrossRepoComparer
if source_repository == self .new(source_repository, self)
source_branch_name .compare(source_branch_name, target_branch_name, straight: straight)
else
# If a tmp ref was created before for a separate repo comparison (forks),
# we're able to short-circuit the tmp ref re-creation:
# 1. Take the SHA from the source repo
# 2. Read that in the current "target" repo
# 3. If that SHA is still known (readable), it means GC hasn't
# cleaned it up yet, so we can use it instead re-writing the tmp ref.
source_commit_id = source_repository.commit(source_branch_name)&.sha
commit(source_commit_id)&.sha if source_commit_id
end
return compare(target_branch_name, reachable_ref, straight: straight) if reachable_ref
tmp_ref = "refs/tmp/#{SecureRandom.hex}"
return unless fetch_source_branch!(source_repository, source_branch_name, tmp_ref)
compare(target_branch_name, tmp_ref, straight: straight)
ensure
delete_refs(tmp_ref) if tmp_ref
end end
def write_ref(ref_path, ref, old_ref: nil) def write_ref(ref_path, ref, old_ref: nil)
...@@ -1045,13 +1025,6 @@ module Gitlab ...@@ -1045,13 +1025,6 @@ module Gitlab
private private
def compare(base_ref, head_ref, straight:)
Gitlab::Git::Compare.new(self,
base_ref,
head_ref,
straight: straight)
end
def empty_diff_stats def empty_diff_stats
Gitlab::Git::DiffStatsCollection.new([]) Gitlab::Git::DiffStatsCollection.new([])
end end
... ...
......
# frozen_string_literal: true
module Gitlab
module NoCacheHeaders
DEFAULT_GITLAB_NO_CACHE_HEADERS = {
'Cache-Control' => "#{ActionDispatch::Http::Cache::Response::DEFAULT_CACHE_CONTROL}, no-store, no-cache",
'Pragma' => 'no-cache', # HTTP 1.0 compatibility
'Expires' => 'Fri, 01 Jan 1990 00:00:00 GMT'
}.freeze
def no_cache_headers
raise "#no_cache_headers is not implemented for this object"
end
end
end
...@@ -6,11 +6,16 @@ module Gitlab ...@@ -6,11 +6,16 @@ module Gitlab
REFERABLES = %i(user issue label milestone mentioned_user mentioned_group mentioned_project REFERABLES = %i(user issue label milestone mentioned_user mentioned_group mentioned_project
merge_request snippet commit commit_range directly_addressed_user epic).freeze merge_request snippet commit commit_range directly_addressed_user epic).freeze
attr_accessor :project, :current_user, :author attr_accessor :project, :current_user, :author
# This counter is increased by a number of references filtered out by
# banzai reference exctractor. Note that this counter is stateful and
# not idempotent and is increased whenever you call `references`.
attr_reader :stateful_not_visible_counter
def initialize(project, current_user = nil) def initialize(project, current_user = nil)
@project = project @project = project
@current_user = current_user @current_user = current_user
@references = {} @references = {}
@stateful_not_visible_counter = 0
super() super()
end end
...@@ -20,11 +25,15 @@ module Gitlab ...@@ -20,11 +25,15 @@ module Gitlab
end end
def references(type) def references(type)
super(type, project, current_user) refs = super(type, project, current_user)
@stateful_not_visible_counter += refs[:not_visible].count
refs[:visible]
end end
def reset_memoized_values def reset_memoized_values
@references = {} @references = {}
@stateful_not_visible_counter = 0
super() super()
end end
... ...
......