Commit 66cddf34 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'rs-doc-highlighting' into 'master'

Add more highlighting to development docs

Now that docs.gitlab.com has lovely highlighting, we should make sure we use it
everywhere it makes sense!

See merge request !7369
parents 2976ad40 de433463
...@@ -24,7 +24,7 @@ namespace you can use the `configure` class method. This method simply yields ...@@ -24,7 +24,7 @@ namespace you can use the `configure` class method. This method simply yields
the supplied block while passing `Gitlab::Metrics::Instrumentation` as its the supplied block while passing `Gitlab::Metrics::Instrumentation` as its
argument. An example: argument. An example:
``` ```ruby
Gitlab::Metrics::Instrumentation.configure do |conf| Gitlab::Metrics::Instrumentation.configure do |conf|
conf.instrument_method(Foo, :bar) conf.instrument_method(Foo, :bar)
conf.instrument_method(Foo, :baz) conf.instrument_method(Foo, :baz)
...@@ -41,7 +41,7 @@ Method instrumentation should be added in the initializer ...@@ -41,7 +41,7 @@ Method instrumentation should be added in the initializer
Instrumenting a single method: Instrumenting a single method:
``` ```ruby
Gitlab::Metrics::Instrumentation.configure do |conf| Gitlab::Metrics::Instrumentation.configure do |conf|
conf.instrument_method(User, :find_by) conf.instrument_method(User, :find_by)
end end
...@@ -49,7 +49,7 @@ end ...@@ -49,7 +49,7 @@ end
Instrumenting an entire class hierarchy: Instrumenting an entire class hierarchy:
``` ```ruby
Gitlab::Metrics::Instrumentation.configure do |conf| Gitlab::Metrics::Instrumentation.configure do |conf|
conf.instrument_class_hierarchy(ActiveRecord::Base) conf.instrument_class_hierarchy(ActiveRecord::Base)
end end
...@@ -57,7 +57,7 @@ end ...@@ -57,7 +57,7 @@ end
Instrumenting all public class methods: Instrumenting all public class methods:
``` ```ruby
Gitlab::Metrics::Instrumentation.configure do |conf| Gitlab::Metrics::Instrumentation.configure do |conf|
conf.instrument_methods(User) conf.instrument_methods(User)
end end
...@@ -68,7 +68,7 @@ end ...@@ -68,7 +68,7 @@ end
The easiest way to check if a method has been instrumented is to check its The easiest way to check if a method has been instrumented is to check its
source location. For example: source location. For example:
``` ```ruby
method = Rugged::TagCollection.instance_method(:[]) method = Rugged::TagCollection.instance_method(:[])
method.source_location method.source_location
......
...@@ -60,7 +60,7 @@ migration was tested. ...@@ -60,7 +60,7 @@ migration was tested.
If you need to remove index, please add a condition like in following example: If you need to remove index, please add a condition like in following example:
``` ```ruby
remove_index :namespaces, column: :name if index_exists?(:namespaces, :name) remove_index :namespaces, column: :name if index_exists?(:namespaces, :name)
``` ```
...@@ -75,7 +75,7 @@ need for downtime. To use this method you must disable transactions by calling ...@@ -75,7 +75,7 @@ need for downtime. To use this method you must disable transactions by calling
the method `disable_ddl_transaction!` in the body of your migration class like the method `disable_ddl_transaction!` in the body of your migration class like
so: so:
``` ```ruby
class MyMigration < ActiveRecord::Migration class MyMigration < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers include Gitlab::Database::MigrationHelpers
disable_ddl_transaction! disable_ddl_transaction!
...@@ -96,7 +96,7 @@ the `up` and `down` methods in your migration class. ...@@ -96,7 +96,7 @@ the `up` and `down` methods in your migration class.
For example, to add the column `foo` to the `projects` table with a default For example, to add the column `foo` to the `projects` table with a default
value of `10` you'd write the following: value of `10` you'd write the following:
``` ```ruby
class MyMigration < ActiveRecord::Migration class MyMigration < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers include Gitlab::Database::MigrationHelpers
disable_ddl_transaction! disable_ddl_transaction!
...@@ -125,7 +125,7 @@ set the limit to 8-bytes. This will allow the column to hold a value up to ...@@ -125,7 +125,7 @@ set the limit to 8-bytes. This will allow the column to hold a value up to
Rails migration example: Rails migration example:
``` ```ruby
add_column_with_default(:projects, :foo, :integer, default: 10, limit: 8) add_column_with_default(:projects, :foo, :integer, default: 10, limit: 8)
# or # or
...@@ -145,7 +145,7 @@ Please prefer Arel and plain SQL over usual ActiveRecord syntax. In case of usin ...@@ -145,7 +145,7 @@ Please prefer Arel and plain SQL over usual ActiveRecord syntax. In case of usin
Example with Arel: Example with Arel:
``` ```ruby
users = Arel::Table.new(:users) users = Arel::Table.new(:users)
users.group(users[:user_id]).having(users[:id].count.gt(5)) users.group(users[:user_id]).having(users[:id].count.gt(5))
...@@ -154,7 +154,7 @@ users.group(users[:user_id]).having(users[:id].count.gt(5)) ...@@ -154,7 +154,7 @@ users.group(users[:user_id]).having(users[:id].count.gt(5))
Example with plain SQL and `quote_string` helper: Example with plain SQL and `quote_string` helper:
``` ```ruby
select_all("SELECT name, COUNT(id) as cnt FROM tags GROUP BY name HAVING COUNT(id) > 1").each do |tag| select_all("SELECT name, COUNT(id) as cnt FROM tags GROUP BY name HAVING COUNT(id) > 1").each do |tag|
tag_name = quote_string(tag["name"]) tag_name = quote_string(tag["name"])
duplicate_ids = select_all("SELECT id FROM tags WHERE name = '#{tag_name}'").map{|tag| tag["id"]} duplicate_ids = select_all("SELECT id FROM tags WHERE name = '#{tag_name}'").map{|tag| tag["id"]}
......
...@@ -129,7 +129,7 @@ Various methods for opening and reading files in Ruby can be used to read the ...@@ -129,7 +129,7 @@ Various methods for opening and reading files in Ruby can be used to read the
standard output of a process instead of a file. The following two commands do standard output of a process instead of a file. The following two commands do
roughly the same: roughly the same:
``` ```ruby
`touch /tmp/pawned-by-backticks` `touch /tmp/pawned-by-backticks`
File.read('|touch /tmp/pawned-by-file-read') File.read('|touch /tmp/pawned-by-file-read')
``` ```
...@@ -142,7 +142,7 @@ attacker cannot control the start of the filename string you are opening. For ...@@ -142,7 +142,7 @@ attacker cannot control the start of the filename string you are opening. For
instance, the following is sufficient to protect against accidentally starting instance, the following is sufficient to protect against accidentally starting
a shell command with `|`: a shell command with `|`:
``` ```ruby
# we assume repo_path is not controlled by the attacker (user) # we assume repo_path is not controlled by the attacker (user)
path = File.join(repo_path, user_input) path = File.join(repo_path, user_input)
# path cannot start with '|' now. # path cannot start with '|' now.
...@@ -160,7 +160,7 @@ Path traversal is a security where the program (GitLab) tries to restrict user ...@@ -160,7 +160,7 @@ Path traversal is a security where the program (GitLab) tries to restrict user
access to a certain directory on disk, but the user manages to open a file access to a certain directory on disk, but the user manages to open a file
outside that directory by taking advantage of the `../` path notation. outside that directory by taking advantage of the `../` path notation.
``` ```ruby
# Suppose the user gave us a path and they are trying to trick us # Suppose the user gave us a path and they are trying to trick us
user_input = '../other-repo.git/other-file' user_input = '../other-repo.git/other-file'
...@@ -177,7 +177,7 @@ File.open(full_path) do # Oops! ...@@ -177,7 +177,7 @@ File.open(full_path) do # Oops!
A good way to protect against this is to compare the full path with its A good way to protect against this is to compare the full path with its
'absolute path' according to Ruby's `File.absolute_path`. 'absolute path' according to Ruby's `File.absolute_path`.
``` ```ruby
full_path = File.join(repo_path, user_input) full_path = File.join(repo_path, user_input)
if full_path != File.absolute_path(full_path) if full_path != File.absolute_path(full_path)
raise "Invalid path: #{full_path.inspect}" raise "Invalid path: #{full_path.inspect}"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment