Commit 2e3674f7 authored by Stan Hu's avatar Stan Hu

Prevent templated services from being imported

Templated services should only be created by admins and does not
apply to project import/export.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/54189
parent b1405787
---
title: Prevent templated services from being imported
merge_request:
author:
type: security
......@@ -154,6 +154,8 @@ excluded_attributes:
- :encrypted_token_iv
- :encrypted_url
- :encrypted_url_iv
services:
- :template
methods:
labels:
......
......@@ -101,6 +101,28 @@
]
}
],
"services": [
{
"id": 100,
"title": "JetBrains TeamCity CI",
"project_id": 5,
"created_at": "2016-06-14T15:01:51.315Z",
"updated_at": "2016-06-14T15:01:51.315Z",
"active": false,
"properties": {},
"template": true,
"push_events": true,
"issues_events": true,
"merge_requests_events": true,
"tag_push_events": true,
"note_events": true,
"job_events": true,
"type": "TeamcityService",
"category": "ci",
"default": false,
"wiki_page_events": true
}
],
"snippets": [],
"hooks": []
}
......@@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
issues: 1,
labels: 1,
milestones: 1,
first_issue_labels: 1
first_issue_labels: 1,
services: 1
context 'project.json file access check' do
it 'does not read a symlink' do
......@@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json")
end
it 'does not import any templated services' do
restored_project_json
expect(project.services.where(template: true).count).to eq(0)
end
it 'imports labels' do
create(:group_label, name: 'Another label', group: project.group)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment