[ci skip]

Jan Provaznik authored 5 years ago and John Skarbek committed 5 years ago

Merge branch '66641-broken-master-real-http-connections-are-disabled-unregistered-request' into 'master'

Use `stub_full_request` to fix spec failure

Closes #66641

See merge request gitlab-org/gitlab-ce!32259

This reverts commit 49858350.

Return NO_ACCESS if user is nil

See merge request gitlab/gitlabhq!3388

[ci skip]

Avoid exposing unaccessible repo data upon GFM post processing

See merge request gitlab/gitlabhq!3384

When post-processing relative links to absolute links
RelativeLinkFilter didn't take into consideration that
internal repository data could be exposed for users
that do not have repository access to the project.

This commit solves that by checking whether the user
can `download_code` at this repository, avoiding any
processing of this filter if the user can't.

Additionally, if we're processing for a group (
no project was given), we check if the user can
read it in order to expand the href as an extra.
That doesn't seem necessarily a breach now,
but an extra check doesn't hurt as after all
the user needs to be able to `read_group`.

Prevent disclosure of merge request id via email

See merge request gitlab/gitlabhq!3352

Send TODOs for comments on commits correctly

See merge request gitlab/gitlabhq!3367

Require a captcha after unique failed logins from the same IP

See merge request gitlab/gitlabhq!3296

Add method to store session ids by ip

Add new specs for storing session ids

Add cleaning up records after login

Add retrieving anonymous sessions

Add login recaptcha setting

Add new setting to sessions controller

Add conditions for showing captcha

Add sessions controller specs

Add admin settings specs for login protection

Add new settings to api

Add stub to devise spec

Add new translation key

Add cr remarks

Rename class call

Add cr remarks

Change if-clause for consistency

Add cr remarks

Add code review remarks

Refactor AnonymousSession class

Add changelog entry

Move AnonymousSession class to lib

Move store unauthenticated sessions to sessions controller

Move link to recaptcha info

Regenerate text file

Improve copy on the spam page

Change action filter for storing anonymous sessions

Fix rubocop offences

Add code review remarks

Fix specs

Update schema version

Use image proxy to mitigate stealing ip addresses

See merge request gitlab/gitlabhq!3192

Queries for Upload should be scoped by model

See merge request gitlab/gitlabhq!3233

Filter out old system notes for epics in notes api endpoint response

See merge request gitlab/gitlabhq!3242

Fix HTML injection for label description

See merge request gitlab/gitlabhq!3256

Limit the size of issuable description and comments

See merge request gitlab/gitlabhq!3272

Permission fix for MergeRequestsController#pipeline_status

See merge request gitlab/gitlabhq!3279

Enforce max chars and max render time in markdown math

See merge request gitlab/gitlabhq!3288

DNS Rebind SSRF in Kubernetes Integration

See merge request gitlab/gitlabhq!3290

Ensure only authorised users can create notes on merge requests and issues

See merge request gitlab/gitlabhq!3308

Fix DNS rebind vulnerability for JIRA integration

See merge request gitlab/gitlabhq!3312

Add merge note type as cross reference

See merge request gitlab/gitlabhq!3326

Project visibility restriction bypass

See merge request gitlab/gitlabhq!3332

Bump Gitaly version to 1.47.3

See merge request gitlab/gitlabhq!3335

Introduce JobActivity limit for alive jobs

See merge request gitlab/gitlabhq!3341

Clear reset_password_tokens when login (email or username) change

See merge request gitlab/gitlabhq!3348

Restrict MergeRequests#test_reports to authenticated users with read-access on Builds

See merge request gitlab/gitlabhq!3356

Add direct upload support for personal snippets

See merge request gitlab/gitlabhq!3357

admin_group authorization for Groups::RunnersController

See merge request gitlab/gitlabhq!3364

Re-escape the whole HTML content when finding HTML references

See merge request gitlab/gitlabhq!3369

At present, the TodoService uses the `:read_project` ability to decide
whether a user can read a note on a commit. However, commits can have a
visibility level that is more restricted than the project, so this is a
security issue.

This commit changes the code to use the `:read_commit` ability in this
case instead, which ensures TODOs are only generated for commit notes
if the users can see the commit.

When we un-escape HTML text to find references in it, we should then
re-escape the whole text again, not only found matches.

Because we replace matches with milestone/label links (which contain
HTML tags we don't want to escape again), we re-escape HTML text
with placeholders instead of these links and then replace placeholders
in the escaped text.

- Use authorize_admin_group! instead of authorize_admin_pipeline!
- Added role-based permission specs for Groups::RunnersController

Limiting the size of issuable description and comments to 1_000_000,
which is close to ~1MB of ASCII characters, which represents 99.9% of
all descriptions and comments we have in DB at the moment. This should
help prevent DoS attacks when comments contain refference strings.

Also this change updates regexp matching the namespaces paths by
limiting the namespaces paths to Namespace::NUMBER_OF_ANCESTORS_ALLOWED,
as we allow 20 levels deep groups.

see https://gitlab.com/gitlab-org/gitlab-ce/issues/61974#note_191274234

Do not disclosure merge request id via email for unauthorized users
when closing issues.