Skip to content
Snippets Groups Projects
Select Git revision
  • move-gl-dropdown
  • improve-table-pagination-spec
  • move-markdown-preview
  • winh-fix-merge-request-spec
  • master default
  • index-namespaces-lower-name
  • winh-single-karma-test
  • 10-3-stable
  • 36782-replace-team-user-role-with-add_role-user-in-specs
  • winh-modal-internal-state
  • tz-ide-file-icons
  • 38869-milestone-select
  • update-autodevops-template
  • jivl-activate-repo-cookie-preferences
  • qa-add-deploy-key
  • docs-move-article-ldap
  • 40780-choose-file
  • 22643-manual-job-page
  • refactor-cluster-show-page-conservative
  • dm-sidekiq-versioning
  • v10.4.0.pre
  • v10.3.0
  • v10.3.0-rc5
  • v10.3.0-rc4
  • v10.3.0-rc3
  • v10.3.0-rc2
  • v10.2.5
  • v10.3.0-rc1
  • v10.0.7
  • v10.1.5
  • v10.2.4
  • v10.2.3
  • v10.2.2
  • v10.2.1
  • v10.3.0.pre
  • v10.2.0
  • v10.2.0-rc4
  • v10.2.0-rc3
  • v10.1.4
  • v10.2.0-rc2
40 results

gitlab-ce

  • Clone with SSH
  • Clone with HTTPS
    • Forked from GitLab.org / GitLab FOSS
    13249 commits behind the upstream repository.
    user avatar
    Merge branch 'missing-raw-snippet-access-spec' into 'master'
    Sean McGivern authored 
    Add missing security specs for raw snippet access

## What does this MR do?
It extends the project snippets access security specs to cover raw snippet paths as well.

When I was researching snippets for !7256, I noticed that specs existed for the HTML show view of project snippets but not the raw view. Seeing as this is a spec that is checking for access regressions on places where sensitive information might be kept, I thought it would be a good idea to cover the raw snippets access too.

To balance out the karma of adding in extra tests I also changed the tests to all use an `empty_project` spec.

## Are there points in the code the reviewer needs to double check?

With the aim of making the specs easier to read, I restructured some of them to use context blocks for each type of snippet.

I've used the same access rights defined for the show snippet paths for the raw snippet access. 

## Why was this MR needed?

To catch security regressions on raw snippet access for projects.

## Screenshots (if relevant)

## Does this MR meet the acceptance criteria?

- [-] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added
- [-] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md)
- [-] API support added
- Tests
  - [x] Added for this feature/bug
  - [ ] All builds are passing
- [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html)
- [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides)
- [x] Branch has no merge conflicts with `master` (if it does - rebase it please)
- [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits)

## What are the relevant issue numbers?

See merge request !7300
    7ce03197
    History
    user avatar 7ce03197
    History
    Name Last commit Last update
    .github
    .gitlab
    app
    bin
    builds
    changelogs
    config
    db
    doc
    docker
    features
    fixtures/emojis
    generator_templates
    lib
    log
    public
    rubocop
    scripts
    shared
    spec
    tmp
    vendor
    .csscomb.json
    .eslintignore
    .eslintrc
    .flayignore
    .foreman
    .gitattributes
    .gitignore
    .gitlab-ci.yml
    .haml-lint.yml
    .mailmap
    .pkgr.yml
    .rspec
    .rubocop.yml
    .rubocop_todo.yml
    .ruby-version
    .scss-lint.yml
    CHANGELOG.md
    CONTRIBUTING.md
    GITLAB_SHELL_VERSION
    GITLAB_WORKHORSE_VERSION
    Gemfile
    Gemfile.lock
    LICENSE
    MAINTENANCE.md
    PROCESS.md
    Procfile
    README.md
    Rakefile
    VERSION
    config.ru
    doc_styleguide.md
    docker-compose.yml
    package.json
    README.md

    GitLab

    Build status CE coverage report Code Climate Core Infrastructure Initiative Best Practices

    Canonical source

    The canonical source of GitLab Community Edition is hosted on GitLab.com.

    Open source software to collaborate on code

    To see how GitLab looks please see the features page on our website.

    • Manage Git repositories with fine grained access controls that keep your code secure
    • Perform code reviews and enhance collaboration with merge requests
    • Each project can also have an issue tracker and a wiki
    • Used by more than 100,000 organizations, GitLab is the most popular solution to manage Git repositories on-premises
    • Completely free and open source (MIT Expat license)
    • Powered by Ruby on Rails

    Hiring

    We're hiring developers, support people, and production engineers all the time, please see our jobs page.

    Editions

    There are two editions of GitLab:

    • GitLab Community Edition (CE) is available freely under the MIT Expat license.
    • GitLab Enterprise Edition (EE) includes extra features that are more useful for organizations with more than 100 users. To use EE and get official support please become a subscriber.

    Website

    On about.gitlab.com you can find more information about:

    Requirements

    Please see the requirements documentation for system requirements and more information about the supported operating systems.

    Installation

    The recommended way to install GitLab is with the Omnibus packages on our package server. Compared to an installation from source, this is faster and less error prone. Just select your operating system, download the respective package (Debian or RPM) and install it using the system's package manager.

    There are various other options to install GitLab, please refer to the installation page on the GitLab website for more information.

    You can access a new installation with the login root and password 5iveL!fe, after login you are required to set a unique password.

    Contributing

    GitLab is an open source project and we are very happy to accept community contributions. Please refer to CONTRIBUTING.md for details.

    Install a development environment

    To work on GitLab itself, we recommend setting up your development environment with the GitLab Development Kit. If you do not use the GitLab Development Kit you need to install and setup all the dependencies yourself, this is a lot of work and error prone. One small thing you also have to do when installing it yourself is to copy the example development unicorn configuration file:

    cp config/unicorn.rb.example.development config/unicorn.rb

    Instructions on how to start GitLab and how to run the tests can be found in the development section of the GitLab Development Kit.

    Software stack

    GitLab is a Ruby on Rails application that runs on the following software:

    • Ubuntu/Debian/CentOS/RHEL
    • Ruby (MRI) 2.3
    • Git 2.7.4+
    • Redis 2.8+
    • MySQL or PostgreSQL

    For more information please see the architecture documentation.

    Third-party applications

    There are a lot of third-party applications integrating with GitLab. These include GUI Git clients, mobile applications and API wrappers for various languages.

    GitLab release cycle

    For more information about the release process see the release documentation.

    Upgrading

    For upgrading information please see our update page.

    Documentation

    All documentation can be found on docs.gitlab.com/ce/.

    Getting help

    Please see Getting help for GitLab on our website for the many options to get help.

    Is it any good?

    Yes

    Is it awesome?

    Thanks for asking this question Joshua. These people seem to like it.