summaryrefslogtreecommitdiff
path: root/app/validators
Commit message (Collapse)AuthorAgeFilesLines
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2020-05-092-5/+23
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2020-03-241-0/+12
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2020-03-041-3/+5
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2020-01-081-1/+2
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-212-0/+34
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-10-081-3/+1
|
* Add latest changes from gitlab-org/gitlab@masterGitLab Bot2019-09-181-2/+2
|
* Allow to load ECDSA certificates for pages domainsVladimir Shushlin2019-09-072-2/+36
| | | | Just replace RSA.new with PKey.read
* Avoid checking dns rebind protection in validationFrancisco Javier López2019-09-051-1/+7
|
* Refactor SystemHookUrlValidator and specsGeorge Koltsov2019-08-021-14/+2
| | | | | | Simplify SystemHookUrlValidator to inherit from PublicUrlValidator Refactor specs to move out shared examples to be used in both system hooks and public url validators.
* Update security/webhooks.md doc page & specsGeorge Koltsov2019-08-021-3/+3
| | | | | | Updating security/webhooks.md to match new behaviour as well as drying up few specs to extract shared examples
* Add outbound requests setting for system hooksGeorge Koltsov2019-08-022-1/+31
| | | | | | | This MR adds new application setting to network section `allow_local_requests_from_system_hooks`. Prior to this change system hooks were allowed to do local network requests by default and we are adding an ability for admins to control it.
* Allow blank but not nil in validationsReuben Pereira2019-07-311-2/+2
| | | | | | - The most common use case for qualified_domain_validator currently is to allow blank ([]) but not allow nil. Modify the qualified_domain_validator to support this use case.
* Add validator for qualidied domain arrayReuben Pereira2019-07-231-0/+49
| | | | | - Validate that the entries contain no unicode, html tags and are not larger than 255 characters.
* Lesser Namespace#name validationsBob Van Landuyt2019-07-091-12/+0
| | | | | Since we use `Namespace#path` to build routes and URLs we can lessen the restrictions on `Namespace#name` so it can accomodate a user's name.
* Fix color validation regexHeinrich Lee Yu2019-06-251-1/+1
| | | | Also prevents ReDoS vulnerability
* Align UrlValidator to validate_url gem implementation.Thong Kuah2019-04-113-112/+123
| | | | | | | Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: allow_nil, allow_blank, message. Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-091-0/+86
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Revert "Merge branch 'if-57131-external_auth_to_ce' into 'master'"Andreas Brandl2019-04-051-86/+0
| | | This reverts merge request !26823
* Move Contribution Analytics related spec in ↵Imre Farkas2019-04-051-0/+86
| | | | spec/features/groups/group_page_with_external_authorization_service_spec to EE
* Renames Cluster#managed? to provided_by_user?Mayra Cabrera2019-03-291-5/+3
| | | | | | This will allow to user the term managed? on https://gitlab.com/gitlab-org/gitlab-ce/issues/56557. Managed? will be used to distinct clusters that are automatically managed by GitLab
* Fix Bitbucket importFrancisco Javier López2019-03-141-1/+1
| | | | | | | | | | | | In https://gitlab.com/gitlab-org/gitlab-ce/commit/ebf16ada856efb85424a98848c141f21e609886a we introduced a SHA validator, to ensure that the data provided in merge request diffs, was legit. Nevertheless, the validator assumed that the SHA should be 40 chars long. When we import a project from BitBucket, the retrieved SHA is shorter (12 chars long). Therefore, this validator prevented to create a valid MergeRequestDiff for ever MergeRequest (triggering an exception).
* Merge branch 'fix/email_validator' into 'master'Stan Hu2019-03-092-7/+36
|\ | | | | | | | | | | | | Align EmailValidator to validate_email gem implementation. Closes #57352 See merge request gitlab-org/gitlab-ce!24971
| * Align EmailValidator to validate_email gem implementation.Horatiu Eugen Vlad2019-03-052-7/+36
| | | | | | | | | | | | Renamed EmailValidator to DeviseEmailValidator to avoid 'email:' naming collision with ActiveModel::Validations::EmailValidator in 'validates' statement. Make use of the options attribute of the parent class ActiveModel::EachValidator. Add more options: regex.
* | Arbitrary file read via MergeRequestDiffFrancisco Javier López2019-03-041-0/+9
| |
* | Comment why we can't use Gitlab::CurrentSettingsThong Kuah2019-02-201-0/+6
| | | | | | | | See https://gitlab.com/gitlab-org/gitlab-ee/issues/9833
* | Revert "Merge branch 'use_gitlab_current_settings' into 'master'"Bob Van Landuyt2019-02-191-1/+1
| | | | | | This reverts merge request !25370
* | Use Gitlab::CurrentSettings in UrlValidatorThong Kuah2019-02-191-1/+1
|/ | | | | | Gitlab::CurrentSettings will create ApplicationSetting.current if not present which means we don't have to use `&.`. We can also more easily use stub_application_setting in specs
* Add table and model for error tracking settingsReuben Pereira2019-01-071-1/+3
|
* Merge branch 'ce-jej/group-saml-sso-button-link-description' into 'master'Clement Ho2018-12-081-0/+1
|\ | | | | | | | | [CE] Backport SAML unlink changes: UrlBlocker#ascii_only See merge request gitlab-org/gitlab-ce!23627
| * Allow URLs to be validated as ascii_onlyJames Edwards-Jones2018-12-061-0/+1
| | | | | | | | | | Restricts unicode characters and IDNA deviations which could be used in a phishing attack
* | Add custom validation message for chronic duration attributeGrzegorz Bizon2018-12-051-1/+5
|/
* Allow UrlValidator to work with attr_encryptedNick Thomas2018-09-171-3/+11
|
* Merge branch 'rubocop-code-reuse' into 'master'Robert Speicher2018-09-131-0/+2
|\ | | | | | | | | Add RuboCop cops to enforce code reusing rules See merge request gitlab-org/gitlab-ce!21391
| * Disable existing offenses for the CodeReuse copsYorick Peterse2018-09-111-0/+2
| | | | | | | | | | This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
* | Enable frozen string in vestigial filesgfyoung2018-09-112-0/+4
|/ | | | Partially addresses #47424.
* Merge branch 'filter-web-hooks-by-branch' into 'master'Dmitriy Zaporozhets2018-09-051-0/+35
|\ | | | | | | | | Filter web hooks by branch See merge request gitlab-org/gitlab-ce!19513
| * Refactor: move active hook filter to TriggerableHooksDuana Saskia2018-09-051-0/+1
| |
| * Filter project hooks by branchDuana Saskia2018-08-131-0/+34
| | | | | | | | | | | | Allow specificying a branch filter for a project hook and only trigger a project hook if either the branch filter is blank or the branch matches. Only supported for push_events for now.
* | Allow whitelisting for "external collaborator by default" settingRoger Rüttimann2018-08-301-0/+15
|/
* Enable frozen string in apps/validators/*.rbgfyoung2018-06-2719-2/+40
| | | | Partially addresses #47424.
* Avoid checking the user format in every url validationFrancisco Javier López2018-06-111-3/+11
|
* Add validation to webhook and service URLs to ensure they are not blocked ↵Francisco Javier López2018-06-015-95/+71
| | | | because of SSRF
* Rename allow_private_networks to allow_local_networkDouwe Maan2018-04-021-5/+3
|
* Raise more descriptive errors when URLs are blockedDouwe Maan2018-04-021-2/+4
|
* Adds validators and rack cookie helperJames Edwards-Jones2018-04-022-0/+16
| | | | | These changes are backported from EE, related to SAML settings in https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/4549
* Add HTTPS-only pagesRob Watson2018-03-221-2/+0
| | | | Closes #28857
* Merge branch 'fj-15329-services-callbacks-ssrf' into 'security-10-6'Douwe Maan2018-03-211-1/+1
| | | | | Server Side Request Forgery in Services and Web Hooks See merge request gitlab/gitlabhq!2337
* Projects and groups badges APIFrancisco Javier López2018-03-051-0/+32
|
* Skip variables duplicates validator if variable is already a duplicateMatija Čupić2018-02-221-0/+2
|