Commit e35eeaf8 authored by Steve Azzopardi's avatar Steve Azzopardi

Merge branch 'sh-fix-issue-54189' into 'master'

[master] Prevent templated services from being imported

See merge request gitlab/gitlabhq!2634
parents e5bba18f 2e3674f7
---
title: Prevent templated services from being imported
merge_request:
author:
type: security
...@@ -154,6 +154,8 @@ excluded_attributes: ...@@ -154,6 +154,8 @@ excluded_attributes:
- :encrypted_token_iv - :encrypted_token_iv
- :encrypted_url - :encrypted_url
- :encrypted_url_iv - :encrypted_url_iv
services:
- :template
methods: methods:
labels: labels:
......
...@@ -101,6 +101,28 @@ ...@@ -101,6 +101,28 @@
] ]
} }
], ],
"services": [
{
"id": 100,
"title": "JetBrains TeamCity CI",
"project_id": 5,
"created_at": "2016-06-14T15:01:51.315Z",
"updated_at": "2016-06-14T15:01:51.315Z",
"active": false,
"properties": {},
"template": true,
"push_events": true,
"issues_events": true,
"merge_requests_events": true,
"tag_push_events": true,
"note_events": true,
"job_events": true,
"type": "TeamcityService",
"category": "ci",
"default": false,
"wiki_page_events": true
}
],
"snippets": [], "snippets": [],
"hooks": [] "hooks": []
} }
...@@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do ...@@ -297,7 +297,8 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
issues: 1, issues: 1,
labels: 1, labels: 1,
milestones: 1, milestones: 1,
first_issue_labels: 1 first_issue_labels: 1,
services: 1
context 'project.json file access check' do context 'project.json file access check' do
it 'does not read a symlink' do it 'does not read a symlink' do
...@@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do ...@@ -382,6 +383,12 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json") project_tree_restorer.instance_variable_set(:@path, "spec/lib/gitlab/import_export/project.light.json")
end end
it 'does not import any templated services' do
restored_project_json
expect(project.services.where(template: true).count).to eq(0)
end
it 'imports labels' do it 'imports labels' do
create(:group_label, name: 'Another label', group: project.group) create(:group_label, name: 'Another label', group: project.group)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment