diff options
| author | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-29 16:10:32 +0000 |
|---|---|---|
| committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-29 16:10:32 +0000 |
| commit | 5b0b73d922f5081e84697d439b30959161966727 (patch) | |
| tree | 4b1aef1253a3895cea2ee42a86cf377a87ae617d /lib | |
| parent | f0b3edf2ca9f7f1dd64d3b17eda006ab9983cfc4 (diff) | |
| parent | c1c1496405620d99d5943b1c4b5277b4b7d6ad63 (diff) | |
| download | gitlab-ce-5b0b73d922f5081e84697d439b30959161966727.tar.gz | |
Merge branch 'security-redact-links' into 'master'
[master] Redact unsubscribe links in issuable texts
See merge request gitlab/gitlabhq!2528
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/background_migration/redact_links.rb | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/lib/gitlab/background_migration/redact_links.rb b/lib/gitlab/background_migration/redact_links.rb new file mode 100644 index 00000000000..f5d3bcdd517 --- /dev/null +++ b/lib/gitlab/background_migration/redact_links.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: true +# rubocop:disable Style/Documentation + +module Gitlab + module BackgroundMigration + class RedactLinks + module Redactable + extend ActiveSupport::Concern + + def redact_field!(field) + self[field].gsub!(%r{/sent_notifications/\h{32}/unsubscribe}, '/sent_notifications/REDACTED/unsubscribe') + + if self.changed? + self.update_columns(field => self[field], + "#{field}_html" => nil) + end + end + end + + class Note < ActiveRecord::Base + include EachBatch + include Redactable + + self.table_name = 'notes' + self.inheritance_column = :_type_disabled + end + + class Issue < ActiveRecord::Base + include EachBatch + include Redactable + + self.table_name = 'issues' + self.inheritance_column = :_type_disabled + end + + class MergeRequest < ActiveRecord::Base + include EachBatch + include Redactable + + self.table_name = 'merge_requests' + self.inheritance_column = :_type_disabled + end + + class Snippet < ActiveRecord::Base + include EachBatch + include Redactable + + self.table_name = 'snippets' + self.inheritance_column = :_type_disabled + end + + def perform(model_name, field, start_id, stop_id) + link_pattern = "%/sent_notifications/" + ("_" * 32) + "/unsubscribe%" + model = "Gitlab::BackgroundMigration::RedactLinks::#{model_name}".constantize + + model.where("#{field} like ?", link_pattern).where(id: start_id..stop_id).each do |resource| + resource.redact_field!(field) + end + end + end + end +end |