Using the sed script from
https://gitlab.com/gitlab-org/gitlab-ce/issues/59758

Reuben Pereira authored 5 years ago and Mayra Cabrera committed 5 years ago

Signed-off-by: Istvan szalai <istvan.szalai@savoirfairelinux.com>

EE adds this method to Gitlab::Utils, which is also required by our
SimpleCov helper. This prevents us from injecting EE modules into
Gitlab::Utils, because the necessary bits for this are not yet in place.

To work around this we just backport try_megabytes_to_bytes, as there's
no particular reason to keep this in EE only.

These are data columns that store runtime configuration
of build needed to execute it on runner and within pipeline.

The definition of this data is that once used, and when no longer
needed (due to retry capability) they can be freely removed.

They use `jsonb` on PostgreSQL, and `text` on MySQL (due to lacking
support for json datatype on old enough version).

Signed-off-by: Rémy Coutable <remy@rymai.me>

The API permits path traversal characters like '../' to be passed down
to the template finder. Detect these requests and cause them to fail
with a 500 response code.

In Ruby 2.4, `URI.join("http://test//", "a").to_s` will
remove the double slash, however it's not the case in
Ruby 2.5. Using chomp should work better for the intention,
as we're not trying to allow things like ../ or / paths
resolution.

This helper method append path to host, making sure
there's one single slash as path separator.

Merge branch '41293-fix-command-injection-vulnerability-on-system_hook_push-queue-through-web-hook' into 'security-10-3'

Don't allow line breaks on HTTP headers

See merge request gitlab/gitlabhq!2277

(cherry picked from commit 7fc0a6fc096768a5604d6dd24d7d952e53300c82)

073b8f9c Don't allow line breaks on HTTP headers

Remove superfluous lib: true, type: redis, service: true, models: true, services: true, no_db: true, api: true

Signed-off-by: Rémy Coutable <remy@rymai.me>