Commits · d82571bf83afabe6f9892214648418773b46f759 · nexedi / gitlab-ce

04 Feb, 2021 40 commits

Replace the changelog regex parser with Parslet · d82571bf

Yorick Peterse authored Feb 02, 2021

In https://gitlab.com/gitlab-org/gitlab/-/merge_requests/50063 we
introduced code for generating Markdown changelogs using the API, using
a custom template language. The compiler for this language would convert
a custom syntax into ERB, making sure arbitrary code execution isn't
possible; or so we thought. In
https://gitlab.com/gitlab-org/gitlab/-/issues/300224 we found a way to
bypass the template engine's harness, and run arbitrary Ruby code.

In response to this issue, I decided to investigate replacing the setup
with something more secure. We always planned on doing so when deemed
necessary, unfortunately that need arrived sooner than expected.

In this commit we replace the regex/ERB based setup with a parser built
using Parslet (http://kschiess.github.io/parslet/). Parslet makes it
pretty easy to write a parser, and was already an indirect dependency of
GitLab (through the license_finder Gem). This new parser doesn't allow
for arbitrary code execution, doesn't depend on ERB, and is less fragile
compared to the old setup. Templates are executed by walking and
evaluating the AST nodes the parser produces. While this won't break any
speed records, it's easy to maintain and understand, and fast enough for
our needs.

In this new setup there is a slight difference compared to the old
setup. In the old setup, expression tags on their own line don't add a
new line. So this:

    foo
    {% if something %}{% end %}
    bar

Compiles into this:

    foo
    bar

Getting this right using the Parslet parser proved difficult, so we took
a slightly different approach: any newline following an expression tag
(if, else, end, and each) consumes the newline that directly follows it
(if any). This requires only a small change in the template, is easy to
implement, and still intuitive to the user.

As part of this commit we also fix a small bug that would lead to empty
entries being included in the template, and add a note about using the
right YAML syntax to preserve newlines.

d82571bf

Merge branch '290116-test-webhook-optimisations' into 'master' · 1982e005
Peter Leitzen authored Feb 04, 2021
```
Fix timeout problems on test webhooks

See merge request gitlab-org/gitlab!52646
```
1982e005
Merge branch '300035-clarify-audit_json-log-tier-entitlements' into 'master' · bea68b43
Mike Jang authored Feb 04, 2021
```
Clarify documentation for audit_json.log

See merge request gitlab-org/gitlab!52829
```
bea68b43
Clarify documentation for audit_json.log · 0319f7e0
Mike Jang authored Feb 04, 2021

0319f7e0
Merge branch '290823-allow-selecting-fields-for-requirements-export-be' into 'master' · 4ae20b52
Bob Van Landuyt authored Feb 04, 2021
```
GraphQL: Add fields selection to export requirements mutation

See merge request gitlab-org/gitlab!52706
```
4ae20b52
Add fields selection to export requirement · 28c750a5
Eugenia Grieff authored Feb 04, 2021
```
- Add new argument to GraphQL mutation
- Add permitted fields to export service
- Add specs
```
28c750a5

Merge branch 'download-patch-diff-new-tab' into 'master' · fe4bb060

Ezekiel Kigbo authored Feb 04, 2021

Fix bug, where the download email patches and plain diffs links did not download from the commit page

See merge request gitlab-org/gitlab!52899

fe4bb060

Merge branch 'fj-fix-api-when-snippet-does-not-exist' into 'master' · c4b4e78b
Arturo Herrero authored Feb 04, 2021
```
Fix snippet repository storage move API when snippet does not exist

See merge request gitlab-org/gitlab!53211
```
c4b4e78b
Merge branch 'aqualls-disable-spellcheck-metrics-dictionary' into 'master' · f8b9cc2f
Markus Koller authored Feb 04, 2021
```
Disable spellcheck on metrics dictionary

See merge request gitlab-org/gitlab!53308
```
f8b9cc2f

Disable spell-checking on the metrics dictionary · 40044696

Amy Qualls authored Feb 04, 2021

This page can't be brought up to GitLab tone and style because it
is autogenerated by a script we can't easily change. Disable spell
checking on this page.

40044696

Merge branch 'fix-opensearch' into 'master' · cf882088
Mikołaj Wawrzyniak authored Feb 04, 2021
```
Fix opensearch for anonymous users

See merge request gitlab-org/gitlab!53056
```
cf882088
Merge branch 'consistent-question-mark-mr' into 'master' · 587486ba
Kushal Pandya authored Feb 04, 2021
```
Update question mark icon while checking pipeline status

See merge request gitlab-org/gitlab!52760
```
587486ba
Update question mark icon while checking pipeline status · 89f0cb3f
Yogi authored Feb 04, 2021

89f0cb3f
Merge branch 'gl-badge-branch-list' into 'master' · 1a2a4378
Kushal Pandya authored Feb 04, 2021
```
Apply new GitLab UI for badges in the project branch list

See merge request gitlab-org/gitlab!52868
```
1a2a4378
Apply new GitLab UI for badges in the project branch list · db42a7ea
Yogi authored Feb 04, 2021

db42a7ea
Merge branch 'ph/209784/usePaginatedNotesEndpoint' into 'master' · 2b18e59e
Kushal Pandya authored Feb 04, 2021
```
Updated diffs notes app to use paginated notes

See merge request gitlab-org/gitlab!52089
```
2b18e59e
Merge branch 'kassio/bulkimports-more-log-information' into 'master' · 4b6b9203
Sean McGivern authored Feb 04, 2021
```
BulkImports: always log the current pipeline

See merge request gitlab-org/gitlab!53257
```
4b6b9203
Merge branch 'docs-review-app-tokens' into 'master' · ab4c793d
Rémy Coutable authored Feb 04, 2021
```
Update docs review apps to use project token

See merge request gitlab-org/gitlab!53336
```
ab4c793d

Merge branch... · 4b76d7e0

Sean McGivern authored Feb 04, 2021

Merge branch '294266-parse-example-alert-payload-to-return-list-of-payload-alert-fields' into 'master'

Resolve "Parse example alert payload to return list of payload alert fields"

See merge request gitlab-org/gitlab!50823

4b76d7e0

Merge branch '300261-gl-dropdown-in-pipeline_actions' into 'master' · d6a9e35c
Natalia Tepluhina authored Feb 04, 2021
```
Use gl-dropdown in pipeline manual actions

See merge request gitlab-org/gitlab!53223
```
d6a9e35c
Merge branch 'russell/update-project-visibility-settings-ui-text' into 'master' · 577dcd4a
Scott Hampton authored Feb 04, 2021
```
Edited UI copy to comply with GitLab style

See merge request gitlab-org/gitlab!50676
```
577dcd4a
Edited UI copy to comply with GitLab style · 96cea6cb
Russell Dickenson authored Feb 04, 2021

96cea6cb
Merge branch 'jdb/remove-unused-tree-files' into 'master' · c43395da
Phil Hughes authored Feb 04, 2021
```
Remove unused tree files

See merge request gitlab-org/gitlab!53188
```
c43395da
Merge branch 'disable-etag-caching-for-notes' into 'master' · 5d2941d6
Sean McGivern authored Feb 04, 2021
```
Disable ETag caching on notes due to issues with pagination

See merge request gitlab-org/gitlab!52765
```
5d2941d6
Disable ETag caching on notes due to issues with pagination · 27fdce1a
David Kim authored Feb 04, 2021

27fdce1a
Merge branch 'bvl-log-job-size-on-start' into 'master' · 1fc783a6
Vitali Tatarintev authored Feb 04, 2021
```
Add the job size to start message logging

See merge request gitlab-org/gitlab!53248
```
1fc783a6
Merge branch 'qa-shl-remove-retry-when-enabling-allow-local-requests' into 'master' · d7ffc806
Sanad Liaquat authored Feb 04, 2021
```
Remove retry on allow_local_requests_from_web_hooks_and_services

See merge request gitlab-org/gitlab!53140
```
d7ffc806
Remove retry on allow_local_requests_from_web_hooks_and_services · 3ea854f2
Sanad Liaquat authored Feb 04, 2021

3ea854f2
Merge branch 'release-tools/update-gitaly' into 'master' · 6f80f6af
Stan Hu authored Feb 04, 2021
```
Update Gitaly version

See merge request gitlab-org/gitlab!53339
```
6f80f6af
Merge branch 'georgekoltsov/update-epic-type-rubocop' into 'master' · 2a077531
Peter Leitzen authored Feb 04, 2021
```
Add dot to GraphQL descriptions of epic_type.rb

See merge request gitlab-org/gitlab!53228
```
2a077531
Merge branch 'mwaw/fix-hardcoded-ids-in-projects-spec' into 'master' · b027a297
Mikołaj Wawrzyniak authored Feb 04, 2021
```
Remove hardcoded values from projets api test

See merge request gitlab-org/gitlab!53126
```
b027a297
Merge branch 'mw-ff/remove-ff_enforce_ssh_key_expiration-flag' into 'master' · 4421c856
Mikołaj Wawrzyniak authored Feb 04, 2021
```
Enable SSH key expiration enforcement

See merge request gitlab-org/gitlab!53035
```
4421c856
Merge branch '300847-fix-link' into 'master' · b1394f1e
Phil Hughes authored Feb 04, 2021
```
Fix password reset link

See merge request gitlab-org/gitlab!53274
```
b1394f1e
Fix password reset link · 6d90162e
Cynthia Ng authored Feb 04, 2021

6d90162e
Merge branch 'gl-button-tags' into 'master' · bfe6bd87
Phil Hughes authored Feb 04, 2021
```
Apply new GitLab UI for buttons in tags page

See merge request gitlab-org/gitlab!52862
```
bfe6bd87
Apply new GitLab UI for buttons in tags page · e570948e
Yogi authored Feb 04, 2021

e570948e
Merge branch 'gl-ui-graph-page' into 'master' · 7f3c898c
Nicolò Maria Mezzopera authored Feb 04, 2021
```
GitLab UI buttons and input style for project graph page

See merge request gitlab-org/gitlab!52864
```
7f3c898c
GitLab UI buttons and input style for project graph page · 32008858
Yogi authored Feb 04, 2021

32008858
Merge branch '299489-add_descriptions_to_mr_state_enum' into 'master' · d49add3b
Rémy Coutable authored Feb 04, 2021
```
Add descriptions to MergeRequestStateEnum

See merge request gitlab-org/gitlab!53082
```
d49add3b
Add descriptions to MergeRequestStateEnum · 53910737
Jonathan Schafer authored Feb 04, 2021
```
Add missing values
Add descriptions to values
Update schema
Update documentation
```
53910737