diff --git a/.rubocop_todo/gitlab/bounded_contexts.yml b/.rubocop_todo/gitlab/bounded_contexts.yml index 3a4f85cae55e96b4b48ef94f57c5fc997acd628c..f9e185b4ef0a2359b0a18c4ba1ae2608d14220b4 100644 --- a/.rubocop_todo/gitlab/bounded_contexts.yml +++ b/.rubocop_todo/gitlab/bounded_contexts.yml @@ -1759,7 +1759,7 @@ Gitlab/BoundedContexts: - 'app/uploaders/attachment_uploader.rb' - 'app/uploaders/avatar_uploader.rb' - 'app/uploaders/bulk_imports/export_uploader.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/deleted_object_uploader.rb' - 'app/uploaders/external_diff_uploader.rb' - 'app/uploaders/favicon_uploader.rb' diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml index 669ab00c976b288fb5f0365acb684a5e2b1cdf86..3dd21bb0c73063d7c2b743ea2f07287059036b7b 100644 --- a/.rubocop_todo/layout/line_length.yml +++ b/.rubocop_todo/layout/line_length.yml @@ -320,7 +320,7 @@ Layout/LineLength: - 'app/services/users/build_service.rb' - 'app/services/webauthn/authenticate_service.rb' - 'app/services/work_items/task_list_reference_replacement_service.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/job_artifact_uploader.rb' - 'app/uploaders/packages/debian/component_file_uploader.rb' - 'app/uploaders/personal_file_uploader.rb' diff --git a/.rubocop_todo/lint/assignment_in_condition.yml b/.rubocop_todo/lint/assignment_in_condition.yml index 52f3dfa2036416c4c04b5095395db3650c236019..608dd62556897508ea31a77ca07f40c4b718fe3d 100644 --- a/.rubocop_todo/lint/assignment_in_condition.yml +++ b/.rubocop_todo/lint/assignment_in_condition.yml @@ -79,7 +79,6 @@ Lint/AssignmentInCondition: - 'app/workers/ml/experiment_tracking/associate_ml_candidate_to_package_worker.rb' - 'app/workers/new_note_worker.rb' - 'app/workers/terraform/states/destroy_worker.rb' - - 'config/initializers/carrierwave_performance_patch.rb' - 'config/initializers/peek.rb' - 'config/initializers/validate_database_config.rb' - 'config/initializers/zz_metrics.rb' diff --git a/.rubocop_todo/naming/inclusive_language.yml b/.rubocop_todo/naming/inclusive_language.yml index e7eb16e13f8580c04f5ace397bb6d1cc01520bd4..1be17bd26b5d6ba54d8e2ffaefe3076d077637f7 100644 --- a/.rubocop_todo/naming/inclusive_language.yml +++ b/.rubocop_todo/naming/inclusive_language.yml @@ -10,7 +10,6 @@ Naming/InclusiveLanguage: - 'app/models/concerns/cache_markdown_field.rb' - 'app/services/application_settings/update_service.rb' - 'app/uploaders/avatar_uploader.rb' - - 'app/uploaders/content_type_whitelist.rb' - 'app/uploaders/design_management/design_v432x230_uploader.rb' - 'app/uploaders/favicon_uploader.rb' - 'app/uploaders/gitlab_uploader.rb' @@ -51,4 +50,4 @@ Naming/InclusiveLanguage: - 'spec/services/application_settings/update_service_spec.rb' - 'spec/support/shared_contexts/upload_type_check_shared_context.rb' - 'spec/support/shared_examples/models/application_setting_shared_examples.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml index 1139d6a2fd1fdc5585338b4da2a45d63542db590..8731b322ade4cd9b453e2f7e0c5c85b1b4fd8486 100644 --- a/.rubocop_todo/rspec/context_wording.yml +++ b/.rubocop_todo/rspec/context_wording.yml @@ -2678,7 +2678,7 @@ RSpec/ContextWording: - 'spec/tooling/lib/tooling/parallel_rspec_runner_spec.rb' - 'spec/uploaders/attachment_uploader_spec.rb' - 'spec/uploaders/avatar_uploader_spec.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' - 'spec/uploaders/dependency_proxy/file_uploader_spec.rb' - 'spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - 'spec/uploaders/external_diff_uploader_spec.rb' diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml index cd29e541dc6d958451f1e5f3585d8420dc089055..45097fa0f6a5dd624be31de857bf92eec1592160 100644 --- a/.rubocop_todo/rspec/feature_category.yml +++ b/.rubocop_todo/rspec/feature_category.yml @@ -3585,7 +3585,7 @@ RSpec/FeatureCategory: - 'spec/uploaders/avatar_uploader_spec.rb' - 'spec/uploaders/ci/pipeline_artifact_uploader_spec.rb' - 'spec/uploaders/ci/secure_file_uploader_spec.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' - 'spec/uploaders/dependency_proxy/file_uploader_spec.rb' - 'spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - 'spec/uploaders/external_diff_uploader_spec.rb' diff --git a/.rubocop_todo/style/guard_clause.yml b/.rubocop_todo/style/guard_clause.yml index 9c41badce22e137466642bd1e290810cf1a976ba..8b2bb64b20e7f1ed8b68f7214ac3f4b0521c0f8f 100644 --- a/.rubocop_todo/style/guard_clause.yml +++ b/.rubocop_todo/style/guard_clause.yml @@ -152,7 +152,7 @@ Style/GuardClause: - 'app/services/snippets/repository_validation_service.rb' - 'app/services/users/build_service.rb' - 'app/services/wikis/create_attachment_service.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/file_mover.rb' - 'app/uploaders/file_uploader.rb' - 'app/validators/abstract_path_validator.rb' diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml index 0431715d7d436986c52fe8250c9420c5fa90ba1d..0bb07d62750a726a4c6853230524d98ec25ebc0f 100644 --- a/.rubocop_todo/style/inline_disable_annotation.yml +++ b/.rubocop_todo/style/inline_disable_annotation.yml @@ -942,7 +942,6 @@ Style/InlineDisableAnnotation: - 'config/initializers/7_redis.rb' - 'config/initializers/active_record_lifecycle.rb' - 'config/initializers/active_record_transaction_observer.rb' - - 'config/initializers/carrierwave_performance_patch.rb' - 'config/initializers/database_config.rb' - 'config/initializers/enumerator_next_patch.rb' - 'config/initializers/fix_local_cache_middleware.rb' diff --git a/Gemfile b/Gemfile index bfc039d3469e850d61817cb30ec1adc2168aa985..4b46b5c02acf262a63f0e853943987afa9cae6c7 100644 --- a/Gemfile +++ b/Gemfile @@ -192,7 +192,7 @@ gem 'kaminari', '~> 1.2.2', feature_category: :shared gem 'hamlit', '~> 3.0.0', feature_category: :shared # Files attachments -gem 'carrierwave', '~> 1.3', feature_category: :shared +gem 'carrierwave', '~> 3', feature_category: :shared gem 'mini_magick', '~> 4.12', feature_category: :shared gem 'marcel', '~> 1.0.4', feature_category: :shared diff --git a/Gemfile.checksum b/Gemfile.checksum index 7c2db7f440ae0e4e19a722670055a0c3426bbd41..78201b5c9c5e2626767321228ff97b925c253c4f 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -69,7 +69,7 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"1.3.4","platform":"ruby","checksum":"81772dabd1830edbd7f4526d2ae2c79f974f1d48900c3f03f7ecb7c657463a21"}, +{"name":"carrierwave","version":"3.0.7","platform":"ruby","checksum":"feaf484453f7bbb8655b45042224738d5356a331b16d4df293511e8b0f8ef06e"}, {"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, @@ -339,6 +339,7 @@ {"name":"icalendar","version":"2.10.3","platform":"ruby","checksum":"0ebfc2672f9fa77b86b4d8c0e25e9b2319aad45a33319fed06d0be8ddd0cd485"}, {"name":"ice_cube","version":"0.16.4","platform":"ruby","checksum":"da117e5de24bdc33931be629f9b55048641924442c7e9b72fedc05e5592531b7"}, {"name":"ice_nine","version":"0.11.2","platform":"ruby","checksum":"5d506a7d2723d5592dc121b9928e4931742730131f22a1a37649df1c1e2e63db"}, +{"name":"image_processing","version":"1.12.2","platform":"ruby","checksum":"d3b9e9c5a1cc2607a5214cc28b90d317a03bdd06239584c97535dd73e46f62b8"}, {"name":"imagen","version":"0.2.0","platform":"ruby","checksum":"369fe912078877dba92615ebfc6f35a7d833e31f24f47bdd3ad5371a4139e24b"}, {"name":"influxdb-client","version":"3.2.0","platform":"ruby","checksum":"dc1e8ec80542f64c9f31af6d9bfa4c147474bf32b9179a7f0cab970793b8e1f2"}, {"name":"invisible_captcha","version":"2.3.0","platform":"ruby","checksum":"309ee5a5e891ecfb732c85b12f1aa9252a648df6f2761b3b41205e824e30ff15"}, @@ -660,6 +661,7 @@ {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.18.1","platform":"ruby","checksum":"1b0e7a44aef150b4197955f5e015d593672e242cfdc5d06aa7554ec2350b9107"}, {"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, +{"name":"ruby-vips","version":"2.2.0","platform":"ruby","checksum":"3be4fcf4ec77a33bbf25e4f9a9d02b21844f6c39c61af2a8221f699d5683739b"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.lock b/Gemfile.lock index c5a8006895f9e264fe69ddafb0b3c544cf067984..2164f50382cc598b9d0a3af56cc14762fcbbd918 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -417,11 +417,13 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (1.3.4) - activemodel (>= 4.0.0) - activesupport (>= 4.0.0) - mime-types (>= 1.16) - ssrf_filter (~> 1.0, < 1.1.0) + carrierwave (3.0.7) + activemodel (>= 6.0.0) + activesupport (>= 6.0.0) + addressable (~> 2.6) + image_processing (~> 1.1) + marcel (~> 1.0.0) + ssrf_filter (~> 1.0) cbor (0.5.9.8) character_set (1.8.0) charlock_holmes (0.7.9) @@ -1059,6 +1061,9 @@ GEM ostruct ice_cube (0.16.4) ice_nine (0.11.2) + image_processing (1.12.2) + mini_magick (>= 4.9.5, < 5) + ruby-vips (>= 2.0.17, < 3) imagen (0.2.0) parser (>= 2.5, != 2.5.1.1) influxdb-client (3.2.0) @@ -1774,6 +1779,8 @@ GEM nokogiri (>= 1.13.10) rexml ruby-statistics (4.1.0) + ruby-vips (2.2.0) + ffi (~> 1.12) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) @@ -2116,7 +2123,7 @@ DEPENDENCIES bundler-checksum (~> 0.1.0)! capybara (~> 3.40) capybara-screenshot (~> 1.0.26) - carrierwave (~> 1.3) + carrierwave (~> 3) charlock_holmes (~> 0.7.9) circuitbox (= 2.0.0) click_house-client (= 0.8.2) diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum index 5ba54d624ca1a34bbb9d904f386c4d51cd474a3e..f636e8ec8c482b47d68f1134f30ecf59949bee94 100644 --- a/Gemfile.next.checksum +++ b/Gemfile.next.checksum @@ -69,7 +69,7 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"1.3.4","platform":"ruby","checksum":"81772dabd1830edbd7f4526d2ae2c79f974f1d48900c3f03f7ecb7c657463a21"}, +{"name":"carrierwave","version":"3.0.7","platform":"ruby","checksum":"feaf484453f7bbb8655b45042224738d5356a331b16d4df293511e8b0f8ef06e"}, {"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, @@ -339,6 +339,7 @@ {"name":"icalendar","version":"2.10.3","platform":"ruby","checksum":"0ebfc2672f9fa77b86b4d8c0e25e9b2319aad45a33319fed06d0be8ddd0cd485"}, {"name":"ice_cube","version":"0.16.4","platform":"ruby","checksum":"da117e5de24bdc33931be629f9b55048641924442c7e9b72fedc05e5592531b7"}, {"name":"ice_nine","version":"0.11.2","platform":"ruby","checksum":"5d506a7d2723d5592dc121b9928e4931742730131f22a1a37649df1c1e2e63db"}, +{"name":"image_processing","version":"1.12.2","platform":"ruby","checksum":"d3b9e9c5a1cc2607a5214cc28b90d317a03bdd06239584c97535dd73e46f62b8"}, {"name":"imagen","version":"0.2.0","platform":"ruby","checksum":"369fe912078877dba92615ebfc6f35a7d833e31f24f47bdd3ad5371a4139e24b"}, {"name":"influxdb-client","version":"3.2.0","platform":"ruby","checksum":"dc1e8ec80542f64c9f31af6d9bfa4c147474bf32b9179a7f0cab970793b8e1f2"}, {"name":"invisible_captcha","version":"2.3.0","platform":"ruby","checksum":"309ee5a5e891ecfb732c85b12f1aa9252a648df6f2761b3b41205e824e30ff15"}, @@ -660,6 +661,7 @@ {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.18.1","platform":"ruby","checksum":"1b0e7a44aef150b4197955f5e015d593672e242cfdc5d06aa7554ec2350b9107"}, {"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, +{"name":"ruby-vips","version":"2.2.0","platform":"ruby","checksum":"3be4fcf4ec77a33bbf25e4f9a9d02b21844f6c39c61af2a8221f699d5683739b"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.next.lock b/Gemfile.next.lock index 9b64c52fae8ee9b5a78ae914cf6bb378a6218e4c..b0285b9f312b8b519639da4b45bb99c2634278ea 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -411,11 +411,13 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (1.3.4) - activemodel (>= 4.0.0) - activesupport (>= 4.0.0) - mime-types (>= 1.16) - ssrf_filter (~> 1.0, < 1.1.0) + carrierwave (3.0.7) + activemodel (>= 6.0.0) + activesupport (>= 6.0.0) + addressable (~> 2.6) + image_processing (~> 1.1) + marcel (~> 1.0.0) + ssrf_filter (~> 1.0) cbor (0.5.9.8) character_set (1.8.0) charlock_holmes (0.7.9) @@ -1053,6 +1055,9 @@ GEM ostruct ice_cube (0.16.4) ice_nine (0.11.2) + image_processing (1.12.2) + mini_magick (>= 4.9.5, < 5) + ruby-vips (>= 2.0.17, < 3) imagen (0.2.0) parser (>= 2.5, != 2.5.1.1) influxdb-client (3.2.0) @@ -1768,6 +1773,8 @@ GEM nokogiri (>= 1.13.10) rexml ruby-statistics (4.1.0) + ruby-vips (2.2.0) + ffi (~> 1.12) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) @@ -2111,7 +2118,7 @@ DEPENDENCIES bundler-checksum (~> 0.1.0)! capybara (~> 3.40) capybara-screenshot (~> 1.0.26) - carrierwave (~> 1.3) + carrierwave (~> 3) charlock_holmes (~> 0.7.9) circuitbox (= 2.0.0) click_house-client (= 0.8.2) diff --git a/app/uploaders/avatar_uploader.rb b/app/uploaders/avatar_uploader.rb index 4ccd508184b598d63ff0145510fa90ec79784ec4..eda74078eea4c7069406979fb6b2238f0eaf1487 100644 --- a/app/uploaders/avatar_uploader.rb +++ b/app/uploaders/avatar_uploader.rb @@ -31,7 +31,7 @@ def mounted_as super || 'avatar' end - def content_type_whitelist + def content_type_allowlist MIME_ALLOWLIST end diff --git a/app/uploaders/content_type_whitelist.rb b/app/uploaders/content_type_allowlist.rb similarity index 52% rename from app/uploaders/content_type_whitelist.rb rename to app/uploaders/content_type_allowlist.rb index 4c9d180dab4966c23262f0f4feeacecd3b81ea80..c4c4456f14c90f4f96d0834ef56a414e47d59245 100644 --- a/app/uploaders/content_type_whitelist.rb +++ b/app/uploaders/content_type_allowlist.rb @@ -1,22 +1,19 @@ # frozen_string_literal: true -# Currently we run CarrierWave 1.3.1 which means we can not whitelist files -# by their content type through magic header parsing. -# -# This is a patch to hold us over until we get to CarrierWave 2 :) It's a mashup of -# CarrierWave's lib/carrierwave/uploader/content_type_whitelist.rb and +# This is a patch to hold us over until we get to CarrierWave 3 :) It's a mashup of +# CarrierWave's lib/carrierwave/uploader/content_type_allowlist.rb and # lib/carrierwave/sanitized_file.rb # -# Include this concern and add a content_type_whitelist method to get the same -# behavior as you would with CarrierWave 2. +# Include this concern and add a content_type_allowlist method to get the same +# behavior as you would with CarrierWave 3. # # This is not an exact replacement as we don't override # SanitizedFile#content_type but we do set the content_type attribute when we -# check the whitelist. +# check the allowlist. # -# Remove this after moving to CarrierWave 2, though on practical terms it shouldn't +# Remove this after moving to CarrierWave 3, though on practical terms it shouldn't # break anything if left for a while. -module ContentTypeWhitelist +module ContentTypeAllowlist module Concern extend ActiveSupport::Concern @@ -25,19 +22,19 @@ module Concern # CarrierWave calls this method as part of it's before :cache callbacks. # Here we override and extend CarrierWave's method that does not parse the # magic headers. - def check_content_type_whitelist!(new_file) - if content_type_whitelist + def check_content_type_allowlist!(new_file) + if content_type_allowlist content_type = mime_magic_content_type(new_file.path) - unless whitelisted_content_type?(content_type) - message = I18n.t(:"errors.messages.content_type_whitelist_error", allowed_types: Array(content_type_whitelist).join(", ")) + unless allowlisted_content_type?(content_type) + message = I18n.t(:"errors.messages.content_type_allowlist_error", allowed_types: Array(content_type_allowlist).join(", ")) raise CarrierWave::IntegrityError, message end end end - def whitelisted_content_type?(content_type) - Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ } + def allowlisted_content_type?(content_type) + Array(content_type_allowlist).any? { |item| content_type =~ /#{item}/ } end def mime_magic_content_type(path) diff --git a/app/uploaders/design_management/design_v432x230_uploader.rb b/app/uploaders/design_management/design_v432x230_uploader.rb index 0f1ebfed4aa1220688f5a2a8aa173f62c246e582..4ff69cd81c75807e931814af48d779159b8842a3 100644 --- a/app/uploaders/design_management/design_v432x230_uploader.rb +++ b/app/uploaders/design_management/design_v432x230_uploader.rb @@ -25,7 +25,7 @@ class DesignV432x230Uploader < GitlabUploader process resize_to_fit: [432, 230] # Allow CarrierWave to reject files without correct mimetypes. - def content_type_whitelist + def content_type_allowlist MIME_TYPE_ALLOWLIST end diff --git a/app/uploaders/favicon_uploader.rb b/app/uploaders/favicon_uploader.rb index a21b21de101daa1b3ca95a220215e2fff7e47f1d..20e468e2eb1e7f9b363fccc3dbe95014511778d3 100644 --- a/app/uploaders/favicon_uploader.rb +++ b/app/uploaders/favicon_uploader.rb @@ -8,7 +8,7 @@ def extension_whitelist EXTENSION_ALLOWLIST end - def content_type_whitelist + def content_type_allowlist MIME_ALLOWLIST end diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index b603a30e5be6848c1aff43c5e9a0d7c9d5ad2b05..c1451245104121a18a03d97dcc992713c4e2eba4 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -1,8 +1,9 @@ # frozen_string_literal: true class GitlabUploader < CarrierWave::Uploader::Base - include ContentTypeWhitelist::Concern + include ContentTypeAllowlist::Concern + cache_storage :file class_attribute :storage_location_identifier PROTECTED_METHODS = %i[filename cache_dir work_dir store_dir].freeze diff --git a/config/initializers/carrierwave_performance_patch.rb b/config/initializers/carrierwave_performance_patch.rb deleted file mode 100644 index a7b56cdb5ba27da4318ee8c7fa92ac0b0275a91f..0000000000000000000000000000000000000000 --- a/config/initializers/carrierwave_performance_patch.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: true - -require "carrierwave/uploader/url" - -if Gem::Version.create(CarrierWave::VERSION) >= Gem::Version.create('2.0') - raise ScriptError, - "CarrierWave was upgraded to #{CarrierWave::VERSION} and this patch is not required anymore" -end - -# rubocop: disable Style/GuardClause -module CarrierWave - module Uploader - module Url - ## - # === Parameters - # - # [Hash] optional, the query params (only AWS) - # - # === Returns - # - # [String] the location where this file is accessible via a url - # - def url(options = {}) - if file.respond_to?(:url) - tmp_url = file.method(:url).arity == 0 ? file.url : file.url(options) - - return tmp_url if tmp_url.present? - end - - if file.respond_to?(:path) - path = encode_path(file.path.sub(File.expand_path(root), '')) - - if host = asset_host - if host.respond_to? :call - "#{host.call(file)}#{path}" - else - "#{host}#{path}" - end - else - (base_path || "") + path - end - end - end - end - end -end -# rubocop: enable Style/GuardClause diff --git a/config/locales/carrierwave.en.yml b/config/locales/carrierwave.en.yml index 864ec8fd73fc45e594ac9aac8529a3383b5c5363..8763ced847f43a19172fa1b138abdf573c7eee23 100644 --- a/config/locales/carrierwave.en.yml +++ b/config/locales/carrierwave.en.yml @@ -6,8 +6,8 @@ en: carrierwave_download_error: could not be downloaded extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" - content_type_whitelist_error: "file format is not supported. Please try one of the following supported formats: %{allowed_types}" - content_type_blacklist_error: "You are not allowed to upload %{content_type} files, prohibited types: %{allowed_types}" + content_type_allowlist_error: "file format is not supported. Please try one of the following supported formats: %{allowed_types}" + content_type_denylist_error: "You are not allowed to upload %{content_type} files, prohibited types: %{allowed_types}" rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?" mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}" min_size_error: "File size should be greater than %{min_size}" diff --git a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb index 4c656b004227865d289bb6c3b1f8476c7f5e1e5f..29090eec8c12c67144b42ff88a6171011fd6d187 100644 --- a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb +++ b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb @@ -188,7 +188,7 @@ end context 'when an lfs object with the same oid already exists' do - let!(:existing_lfs_object) { create(:lfs_object, oid: oid) } + let!(:existing_lfs_object) { create(:lfs_object, :with_file, oid: oid) } before do stub_full_request(download_link).to_return(body: lfs_content) diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml index b2b39b8ddb35d898825395e29cfb11d0908ce276..7739ae4da7076466fbf968e8a859284c0199bd3b 100644 --- a/spec/support/rspec_order_todo.yml +++ b/spec/support/rspec_order_todo.yml @@ -7558,7 +7558,7 @@ - './spec/uploaders/avatar_uploader_spec.rb' - './spec/uploaders/ci/pipeline_artifact_uploader_spec.rb' - './spec/uploaders/ci/secure_file_uploader_spec.rb' -- './spec/uploaders/content_type_whitelist_spec.rb' +- './spec/uploaders/content_type_allowlist_spec.rb' - './spec/uploaders/dependency_proxy/file_uploader_spec.rb' - './spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - './spec/uploaders/external_diff_uploader_spec.rb' diff --git a/spec/support/shared_contexts/upload_type_check_shared_context.rb b/spec/support/shared_contexts/upload_type_check_shared_context.rb index 57b8d7472df4b858bd2029243bd7d23922c2228e..a695e2cfa3e3d49cf5518bfc0f776844e2d265ee 100644 --- a/spec/support/shared_contexts/upload_type_check_shared_context.rb +++ b/spec/support/shared_contexts/upload_type_check_shared_context.rb @@ -9,7 +9,7 @@ end end -# This works with a content_type_whitelist and content_type_blacklist type check. +# This works with a content_type_allowlist and content_type_denylist type check. # @param mime_type [String] mime type to forcibly detect. RSpec.shared_context 'force content type detection to mime_type' do before do diff --git a/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb b/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb index ba3b08751da69bd510e18ba1062c798e28bdd2a0..9f537f4db596c21feb5165bd2d1af1a4b88d9e98 100644 --- a/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb +++ b/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb @@ -20,7 +20,7 @@ RSpec.shared_examples 'a controller that can serve LFS files' do |options = {}| let(:lfs_oid) { '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897' } let(:lfs_size) { '1575078' } - let!(:lfs_object) { create(:lfs_object, oid: lfs_oid, size: lfs_size) } + let!(:lfs_object) { create(:lfs_object, :with_file, oid: lfs_oid, size: lfs_size) } context 'when lfs is enabled' do before do diff --git a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb index a7e5892d439290a0ab44feb329befc6291a90a5c..dc33cfe97722643173331445414e354bfa1f90e6 100644 --- a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb +++ b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb @@ -62,8 +62,11 @@ allow(subject).to receive(:filename).and_return("3bc58d54542d6a5efffa9a87554faac0254f73f675b337899ea869f6d38b7371/122../../../../../../../../.ssh/authorized_keys") end - it "throws an exception" do + it "throws an exceptionin cache!" do expect { subject.cache!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError) + end + + it 'throws an exception in store!' do expect { subject.store!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError) end end diff --git a/spec/uploaders/content_type_whitelist_spec.rb b/spec/uploaders/content_type_allowlist_spec.rb similarity index 86% rename from spec/uploaders/content_type_whitelist_spec.rb rename to spec/uploaders/content_type_allowlist_spec.rb index 0cafc7a3ae29df1251a5ab9e055b7de5192853dc..5ee0beb9f87a6159c86bfcffeb961916f956e8e9 100644 --- a/spec/uploaders/content_type_whitelist_spec.rb +++ b/spec/uploaders/content_type_allowlist_spec.rb @@ -2,16 +2,16 @@ require 'spec_helper' -RSpec.describe ContentTypeWhitelist do +RSpec.describe ContentTypeAllowlist, feature_category: :shared do let_it_be(:model) { build_stubbed(:user) } let!(:uploader) do stub_const('DummyUploader', Class.new(CarrierWave::Uploader::Base)) DummyUploader.class_eval do - include ContentTypeWhitelist::Concern + include ContentTypeAllowlist::Concern - def content_type_whitelist + def content_type_allowlist %w[image/png image/jpeg] end end