Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
8d40f35a
Commit
8d40f35a
authored
Dec 14, 2021
by
Igor Frenkel
Committed by
Heinrich Lee Yu
Dec 14, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use allowlist when importing projects
parent
97153f9b
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
104 additions
and
9 deletions
+104
-9
ee/spec/lib/gitlab/import_export/attributes_permitter_spec.rb
...pec/lib/gitlab/import_export/attributes_permitter_spec.rb
+6
-1
lib/gitlab/import_export/group/relation_tree_restorer.rb
lib/gitlab/import_export/group/relation_tree_restorer.rb
+20
-6
lib/gitlab/import_export/project/import_export.yml
lib/gitlab/import_export/project/import_export.yml
+71
-0
spec/lib/gitlab/import_export/attributes_permitter_spec.rb
spec/lib/gitlab/import_export/attributes_permitter_spec.rb
+6
-1
spec/support/shared_examples/lib/gitlab/import_export/attributes_permitter_shared_examples.rb
...lab/import_export/attributes_permitter_shared_examples.rb
+1
-1
No files found.
ee/spec/lib/gitlab/import_export/attributes_permitter_spec.rb
View file @
8d40f35a
...
...
@@ -15,6 +15,7 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
:deploy_access_levels
|
true
:protected_environments
|
true
:security_setting
|
true
:project
|
true
end
with_them
do
...
...
@@ -27,7 +28,11 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
subject
{
described_class
.
new
}
additional_attributes
=
{
user:
%w[id]
}
# these are attributes for which either a special exception is made or are available only via included modules and not attribute introspection
additional_attributes
=
{
user:
%w[id]
,
project:
%w[auto_devops_deploy_strategy auto_devops_enabled issues_enabled jobs_enabled merge_requests_enabled snippets_enabled wiki_enabled build_git_strategy build_enabled security_and_compliance_enabled requirements_enabled]
}
Gitlab
::
ImportExport
::
Config
.
new
.
to_h
[
:included_attributes
].
each
do
|
relation_sym
,
permitted_attributes
|
context
"for
#{
relation_sym
}
"
do
...
...
lib/gitlab/import_export/group/relation_tree_restorer.rb
View file @
8d40f35a
...
...
@@ -106,12 +106,7 @@ module Gitlab
def
update_params!
params
=
@importable_attributes
.
except
(
*
relations
.
keys
.
map
(
&
:to_s
))
params
=
params
.
merge
(
present_override_params
)
# Cleaning all imported and overridden params
params
=
Gitlab
::
ImportExport
::
AttributeCleaner
.
clean
(
relation_hash:
params
,
relation_class:
importable_class
,
excluded_keys:
excluded_keys_for_relation
(
importable_class_sym
))
params
=
filter_attributes
(
params
)
@importable
.
assign_attributes
(
params
)
...
...
@@ -122,6 +117,25 @@ module Gitlab
end
end
def
filter_attributes
(
params
)
if
use_attributes_permitter?
&&
attributes_permitter
.
permitted_attributes_defined?
(
importable_class_sym
)
attributes_permitter
.
permit
(
importable_class_sym
,
params
)
else
Gitlab
::
ImportExport
::
AttributeCleaner
.
clean
(
relation_hash:
params
,
relation_class:
importable_class
,
excluded_keys:
excluded_keys_for_relation
(
importable_class_sym
))
end
end
def
attributes_permitter
@attributes_permitter
||=
Gitlab
::
ImportExport
::
AttributesPermitter
.
new
end
def
use_attributes_permitter?
Feature
.
enabled?
(
:permitted_attributes_for_import_export
,
default_enabled: :yaml
)
end
def
present_override_params
# we filter out the empty strings from the overrides
# keeping the default values configured
...
...
lib/gitlab/import_export/project/import_export.yml
View file @
8d40f35a
...
...
@@ -630,6 +630,74 @@ included_attributes:
-
:expires_at
-
:ldap
-
:override
project
:
-
:approvals_before_merge
-
:archived
-
:auto_cancel_pending_pipelines
-
:autoclose_referenced_issues
-
:build_allow_git_fetch
-
:build_coverage_regex
-
:build_timeout
-
:ci_config_path
-
:delete_error
-
:description
-
:disable_overriding_approvers_per_merge_request
-
:external_authorization_classification_label
-
:has_external_issue_tracker
-
:has_external_wiki
-
:issues_template
-
:jobs_cache_index
-
:last_repository_check_failed
-
:merge_requests_author_approval
-
:merge_requests_disable_committers_approval
-
:merge_requests_ff_only_enabled
-
:merge_requests_rebase_enabled
-
:merge_requests_template
-
:only_allow_merge_if_all_discussions_are_resolved
-
:only_allow_merge_if_pipeline_succeeds
-
:pages_https_only
-
:pending_delete
-
:printing_merge_request_link_enabled
-
:public_builds
-
:remove_source_branch_after_merge
-
:request_access_enabled
-
:require_password_to_approve
-
:reset_approvals_on_push
-
:resolve_outdated_diff_discussions
-
:service_desk_enabled
-
:shared_runners_enabled
-
:suggestion_commit_message
-
:visibility_level
-
:hooks
-
:issues_access_level
-
:forking_access_level
-
:merge_requests_access_level
-
:wiki_access_level
-
:snippets_access_level
-
:builds_access_level
-
:repository_access_level
-
:pages_access_level
-
:metrics_dashboard_access_level
-
:analytics_access_level
-
:operations_access_level
-
:security_and_compliance_access_level
-
:container_registry_access_level
-
:allow_merge_on_skipped_pipeline
-
:auto_devops_deploy_strategy
-
:auto_devops_enabled
-
:container_registry_enabled
-
:issues_enabled
-
:jobs_enabled
-
:merge_method
-
:merge_requests_enabled
-
:snippets_enabled
-
:squash_option
-
:topics
-
:visibility
-
:wiki_enabled
-
:build_git_strategy
-
:build_enabled
-
:security_and_compliance_enabled
# Do not include the following attributes for the models specified.
excluded_attributes
:
...
...
@@ -1017,3 +1085,6 @@ ee:
-
:auto_fix_dast
-
:auto_fix_dependency_scanning
-
:auto_fix_sast
project
:
-
:requirements_enabled
-
:requirements_access_level
spec/lib/gitlab/import_export/attributes_permitter_spec.rb
View file @
8d40f35a
...
...
@@ -140,6 +140,7 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
:zoom_meetings
|
true
:issues
|
true
:group_members
|
true
:project
|
true
end
with_them
do
...
...
@@ -150,7 +151,11 @@ RSpec.describe Gitlab::ImportExport::AttributesPermitter do
describe
'included_attributes for Project'
do
subject
{
described_class
.
new
}
additional_attributes
=
{
user:
%w[id]
}
# these are attributes for which either a special exception is made or are available only via included modules and not attribute introspection
additional_attributes
=
{
user:
%w[id]
,
project:
%w[auto_devops_deploy_strategy auto_devops_enabled issues_enabled jobs_enabled merge_requests_enabled snippets_enabled wiki_enabled build_git_strategy build_enabled security_and_compliance_enabled requirements_enabled]
}
Gitlab
::
ImportExport
::
Config
.
new
.
to_h
[
:included_attributes
].
each
do
|
relation_sym
,
permitted_attributes
|
context
"for
#{
relation_sym
}
"
do
...
...
spec/support/shared_examples/lib/gitlab/import_export/attributes_permitter_shared_examples.rb
View file @
8d40f35a
...
...
@@ -26,7 +26,7 @@ RSpec.shared_examples 'a permitted attribute' do |relation_sym, permitted_attrib
end
it
'does not contain attributes that would be cleaned with AttributeCleaner'
do
expect
(
(
cleaned_hash
.
keys
+
additional_attributes
.
to_a
.
map
(
&
:to_s
)
)).
to
include
(
*
permitted_hash
.
keys
)
expect
(
cleaned_hash
.
keys
+
additional_attributes
.
to_a
.
map
(
&
:to_s
)).
to
include
(
*
permitted_hash
.
keys
)
end
it
'does not contain prohibited attributes that are not related to given relation'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment