From e0910f3db62339261a7e444d70aa8c59d8f39525 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 23 Mar 2024 07:36:23 -0700 Subject: [PATCH 01/15] Update CarrierWave to v3 Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/216067 --- Gemfile | 2 +- Gemfile.checksum | 4 +++- Gemfile.lock | 19 +++++++++++++------ Gemfile.next.checksum | 4 +++- Gemfile.next.lock | 19 +++++++++++++------ 5 files changed, 33 insertions(+), 15 deletions(-) diff --git a/Gemfile b/Gemfile index bfc039d3469e85..4b46b5c02acf26 100644 --- a/Gemfile +++ b/Gemfile @@ -192,7 +192,7 @@ gem 'kaminari', '~> 1.2.2', feature_category: :shared gem 'hamlit', '~> 3.0.0', feature_category: :shared # Files attachments -gem 'carrierwave', '~> 1.3', feature_category: :shared +gem 'carrierwave', '~> 3', feature_category: :shared gem 'mini_magick', '~> 4.12', feature_category: :shared gem 'marcel', '~> 1.0.4', feature_category: :shared diff --git a/Gemfile.checksum b/Gemfile.checksum index 7c2db7f440ae0e..b1392097b8305f 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -69,7 +69,7 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"1.3.4","platform":"ruby","checksum":"81772dabd1830edbd7f4526d2ae2c79f974f1d48900c3f03f7ecb7c657463a21"}, +{"name":"carrierwave","version":"3.0.4","platform":"ruby","checksum":"accd77a2167b55d0f12dcf5719ea742b422fdd5728db78fcd6d388e1d26f0880"}, {"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, @@ -339,6 +339,7 @@ {"name":"icalendar","version":"2.10.3","platform":"ruby","checksum":"0ebfc2672f9fa77b86b4d8c0e25e9b2319aad45a33319fed06d0be8ddd0cd485"}, {"name":"ice_cube","version":"0.16.4","platform":"ruby","checksum":"da117e5de24bdc33931be629f9b55048641924442c7e9b72fedc05e5592531b7"}, {"name":"ice_nine","version":"0.11.2","platform":"ruby","checksum":"5d506a7d2723d5592dc121b9928e4931742730131f22a1a37649df1c1e2e63db"}, +{"name":"image_processing","version":"1.12.2","platform":"ruby","checksum":"d3b9e9c5a1cc2607a5214cc28b90d317a03bdd06239584c97535dd73e46f62b8"}, {"name":"imagen","version":"0.2.0","platform":"ruby","checksum":"369fe912078877dba92615ebfc6f35a7d833e31f24f47bdd3ad5371a4139e24b"}, {"name":"influxdb-client","version":"3.2.0","platform":"ruby","checksum":"dc1e8ec80542f64c9f31af6d9bfa4c147474bf32b9179a7f0cab970793b8e1f2"}, {"name":"invisible_captcha","version":"2.3.0","platform":"ruby","checksum":"309ee5a5e891ecfb732c85b12f1aa9252a648df6f2761b3b41205e824e30ff15"}, @@ -660,6 +661,7 @@ {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.18.1","platform":"ruby","checksum":"1b0e7a44aef150b4197955f5e015d593672e242cfdc5d06aa7554ec2350b9107"}, {"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, +{"name":"ruby-vips","version":"2.2.0","platform":"ruby","checksum":"3be4fcf4ec77a33bbf25e4f9a9d02b21844f6c39c61af2a8221f699d5683739b"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.lock b/Gemfile.lock index c5a8006895f9e2..e54e209ce64fed 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -417,11 +417,13 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (1.3.4) - activemodel (>= 4.0.0) - activesupport (>= 4.0.0) - mime-types (>= 1.16) - ssrf_filter (~> 1.0, < 1.1.0) + carrierwave (3.0.4) + activemodel (>= 6.0.0) + activesupport (>= 6.0.0) + addressable (~> 2.6) + image_processing (~> 1.1) + marcel (~> 1.0.0) + ssrf_filter (~> 1.0) cbor (0.5.9.8) character_set (1.8.0) charlock_holmes (0.7.9) @@ -1059,6 +1061,9 @@ GEM ostruct ice_cube (0.16.4) ice_nine (0.11.2) + image_processing (1.12.2) + mini_magick (>= 4.9.5, < 5) + ruby-vips (>= 2.0.17, < 3) imagen (0.2.0) parser (>= 2.5, != 2.5.1.1) influxdb-client (3.2.0) @@ -1774,6 +1779,8 @@ GEM nokogiri (>= 1.13.10) rexml ruby-statistics (4.1.0) + ruby-vips (2.2.0) + ffi (~> 1.12) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) @@ -2116,7 +2123,7 @@ DEPENDENCIES bundler-checksum (~> 0.1.0)! capybara (~> 3.40) capybara-screenshot (~> 1.0.26) - carrierwave (~> 1.3) + carrierwave (~> 3) charlock_holmes (~> 0.7.9) circuitbox (= 2.0.0) click_house-client (= 0.8.2) diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum index 5ba54d624ca1a3..a4d2345a332a57 100644 --- a/Gemfile.next.checksum +++ b/Gemfile.next.checksum @@ -69,7 +69,7 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"1.3.4","platform":"ruby","checksum":"81772dabd1830edbd7f4526d2ae2c79f974f1d48900c3f03f7ecb7c657463a21"}, +{"name":"carrierwave","version":"3.0.4","platform":"ruby","checksum":"accd77a2167b55d0f12dcf5719ea742b422fdd5728db78fcd6d388e1d26f0880"}, {"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, @@ -339,6 +339,7 @@ {"name":"icalendar","version":"2.10.3","platform":"ruby","checksum":"0ebfc2672f9fa77b86b4d8c0e25e9b2319aad45a33319fed06d0be8ddd0cd485"}, {"name":"ice_cube","version":"0.16.4","platform":"ruby","checksum":"da117e5de24bdc33931be629f9b55048641924442c7e9b72fedc05e5592531b7"}, {"name":"ice_nine","version":"0.11.2","platform":"ruby","checksum":"5d506a7d2723d5592dc121b9928e4931742730131f22a1a37649df1c1e2e63db"}, +{"name":"image_processing","version":"1.12.2","platform":"ruby","checksum":"d3b9e9c5a1cc2607a5214cc28b90d317a03bdd06239584c97535dd73e46f62b8"}, {"name":"imagen","version":"0.2.0","platform":"ruby","checksum":"369fe912078877dba92615ebfc6f35a7d833e31f24f47bdd3ad5371a4139e24b"}, {"name":"influxdb-client","version":"3.2.0","platform":"ruby","checksum":"dc1e8ec80542f64c9f31af6d9bfa4c147474bf32b9179a7f0cab970793b8e1f2"}, {"name":"invisible_captcha","version":"2.3.0","platform":"ruby","checksum":"309ee5a5e891ecfb732c85b12f1aa9252a648df6f2761b3b41205e824e30ff15"}, @@ -660,6 +661,7 @@ {"name":"ruby-progressbar","version":"1.11.0","platform":"ruby","checksum":"cc127db3866dc414ffccbf92928a241e585b3aa2b758a5563e74a6ee0f57d50a"}, {"name":"ruby-saml","version":"1.18.1","platform":"ruby","checksum":"1b0e7a44aef150b4197955f5e015d593672e242cfdc5d06aa7554ec2350b9107"}, {"name":"ruby-statistics","version":"4.1.0","platform":"ruby","checksum":"7d697abd5dc4e6141d21ecb4165482807564f11bbe154cf1c60a2677b507f2a9"}, +{"name":"ruby-vips","version":"2.2.0","platform":"ruby","checksum":"3be4fcf4ec77a33bbf25e4f9a9d02b21844f6c39c61af2a8221f699d5683739b"}, {"name":"ruby2_keywords","version":"0.0.5","platform":"ruby","checksum":"ffd13740c573b7301cf7a2e61fc857b2a8e3d3aff32545d6f8300d8bae10e3ef"}, {"name":"rubyntlm","version":"0.6.3","platform":"ruby","checksum":"5b321456dba3130351f7451f8669f1afa83a0d26fd63cdec285b7b88e667102d"}, {"name":"rubypants","version":"0.2.0","platform":"ruby","checksum":"f07e38eac793655a0323fe91946081052341b9e69807026fcf102346589eedee"}, diff --git a/Gemfile.next.lock b/Gemfile.next.lock index 9b64c52fae8ee9..daab157eb1e143 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -411,11 +411,13 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (1.3.4) - activemodel (>= 4.0.0) - activesupport (>= 4.0.0) - mime-types (>= 1.16) - ssrf_filter (~> 1.0, < 1.1.0) + carrierwave (3.0.4) + activemodel (>= 6.0.0) + activesupport (>= 6.0.0) + addressable (~> 2.6) + image_processing (~> 1.1) + marcel (~> 1.0.0) + ssrf_filter (~> 1.0) cbor (0.5.9.8) character_set (1.8.0) charlock_holmes (0.7.9) @@ -1053,6 +1055,9 @@ GEM ostruct ice_cube (0.16.4) ice_nine (0.11.2) + image_processing (1.12.2) + mini_magick (>= 4.9.5, < 5) + ruby-vips (>= 2.0.17, < 3) imagen (0.2.0) parser (>= 2.5, != 2.5.1.1) influxdb-client (3.2.0) @@ -1768,6 +1773,8 @@ GEM nokogiri (>= 1.13.10) rexml ruby-statistics (4.1.0) + ruby-vips (2.2.0) + ffi (~> 1.12) ruby2_keywords (0.0.5) rubyntlm (0.6.3) rubypants (0.2.0) @@ -2111,7 +2118,7 @@ DEPENDENCIES bundler-checksum (~> 0.1.0)! capybara (~> 3.40) capybara-screenshot (~> 1.0.26) - carrierwave (~> 1.3) + carrierwave (~> 3) charlock_holmes (~> 0.7.9) circuitbox (= 2.0.0) click_house-client (= 0.8.2) -- GitLab From ee080db3c9bba691258ec9995839fa8cfb688428 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sun, 5 Nov 2023 09:03:05 -0800 Subject: [PATCH 02/15] Drop CarrierWave monkey patch --- .../carrierwave_performance_patch.rb | 47 ------------------- 1 file changed, 47 deletions(-) delete mode 100644 config/initializers/carrierwave_performance_patch.rb diff --git a/config/initializers/carrierwave_performance_patch.rb b/config/initializers/carrierwave_performance_patch.rb deleted file mode 100644 index a7b56cdb5ba27d..00000000000000 --- a/config/initializers/carrierwave_performance_patch.rb +++ /dev/null @@ -1,47 +0,0 @@ -# frozen_string_literal: true - -require "carrierwave/uploader/url" - -if Gem::Version.create(CarrierWave::VERSION) >= Gem::Version.create('2.0') - raise ScriptError, - "CarrierWave was upgraded to #{CarrierWave::VERSION} and this patch is not required anymore" -end - -# rubocop: disable Style/GuardClause -module CarrierWave - module Uploader - module Url - ## - # === Parameters - # - # [Hash] optional, the query params (only AWS) - # - # === Returns - # - # [String] the location where this file is accessible via a url - # - def url(options = {}) - if file.respond_to?(:url) - tmp_url = file.method(:url).arity == 0 ? file.url : file.url(options) - - return tmp_url if tmp_url.present? - end - - if file.respond_to?(:path) - path = encode_path(file.path.sub(File.expand_path(root), '')) - - if host = asset_host - if host.respond_to? :call - "#{host.call(file)}#{path}" - else - "#{host}#{path}" - end - else - (base_path || "") + path - end - end - end - end - end -end -# rubocop: enable Style/GuardClause -- GitLab From 1476d15eca4fed2be7a9320f75ac47179e68b0fe Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 14:10:35 -0800 Subject: [PATCH 03/15] Rename check_content_type_whitelist to check_content_type_allowlist This method was renamed in CarrierWave v3. --- app/uploaders/content_type_whitelist.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/uploaders/content_type_whitelist.rb b/app/uploaders/content_type_whitelist.rb index 4c9d180dab4966..30c859d4d16730 100644 --- a/app/uploaders/content_type_whitelist.rb +++ b/app/uploaders/content_type_whitelist.rb @@ -25,18 +25,18 @@ module Concern # CarrierWave calls this method as part of it's before :cache callbacks. # Here we override and extend CarrierWave's method that does not parse the # magic headers. - def check_content_type_whitelist!(new_file) + def check_content_type_allowlist!(new_file) if content_type_whitelist content_type = mime_magic_content_type(new_file.path) - unless whitelisted_content_type?(content_type) + unless allowlisted_content_type?(content_type) message = I18n.t(:"errors.messages.content_type_whitelist_error", allowed_types: Array(content_type_whitelist).join(", ")) raise CarrierWave::IntegrityError, message end end end - def whitelisted_content_type?(content_type) + def allowlisted_content_type?(content_type) Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ } end -- GitLab From 21b1296415a130e0680db4d29204018dbd6c90ea Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 14:19:20 -0800 Subject: [PATCH 04/15] Rename everything content_type_{white,black}list to allow/deny list --- .rubocop_todo/layout/line_length.yml | 2 +- .rubocop_todo/naming/inclusive_language.yml | 4 ++-- .rubocop_todo/rspec/context_wording.yml | 2 +- .rubocop_todo/rspec/feature_category.yml | 2 +- .rubocop_todo/style/guard_clause.yml | 2 +- app/uploaders/avatar_uploader.rb | 2 +- ...t_type_whitelist.rb => content_type_allowlist.rb} | 12 ++++++------ .../design_management/design_v432x230_uploader.rb | 2 +- app/uploaders/favicon_uploader.rb | 2 +- app/uploaders/gitlab_uploader.rb | 2 +- config/locales/carrierwave.en.yml | 4 ++-- spec/support/rspec_order_todo.yml | 2 +- .../upload_type_check_shared_context.rb | 2 +- ...telist_spec.rb => content_type_allowlist_spec.rb} | 6 +++--- 14 files changed, 23 insertions(+), 23 deletions(-) rename app/uploaders/{content_type_whitelist.rb => content_type_allowlist.rb} (79%) rename spec/uploaders/{content_type_whitelist_spec.rb => content_type_allowlist_spec.rb} (88%) diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml index 669ab00c976b28..3dd21bb0c73063 100644 --- a/.rubocop_todo/layout/line_length.yml +++ b/.rubocop_todo/layout/line_length.yml @@ -320,7 +320,7 @@ Layout/LineLength: - 'app/services/users/build_service.rb' - 'app/services/webauthn/authenticate_service.rb' - 'app/services/work_items/task_list_reference_replacement_service.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/job_artifact_uploader.rb' - 'app/uploaders/packages/debian/component_file_uploader.rb' - 'app/uploaders/personal_file_uploader.rb' diff --git a/.rubocop_todo/naming/inclusive_language.yml b/.rubocop_todo/naming/inclusive_language.yml index e7eb16e13f8580..6c8ebb12c4635c 100644 --- a/.rubocop_todo/naming/inclusive_language.yml +++ b/.rubocop_todo/naming/inclusive_language.yml @@ -10,7 +10,7 @@ Naming/InclusiveLanguage: - 'app/models/concerns/cache_markdown_field.rb' - 'app/services/application_settings/update_service.rb' - 'app/uploaders/avatar_uploader.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/design_management/design_v432x230_uploader.rb' - 'app/uploaders/favicon_uploader.rb' - 'app/uploaders/gitlab_uploader.rb' @@ -51,4 +51,4 @@ Naming/InclusiveLanguage: - 'spec/services/application_settings/update_service_spec.rb' - 'spec/support/shared_contexts/upload_type_check_shared_context.rb' - 'spec/support/shared_examples/models/application_setting_shared_examples.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' diff --git a/.rubocop_todo/rspec/context_wording.yml b/.rubocop_todo/rspec/context_wording.yml index 1139d6a2fd1fdc..8731b322ade4cd 100644 --- a/.rubocop_todo/rspec/context_wording.yml +++ b/.rubocop_todo/rspec/context_wording.yml @@ -2678,7 +2678,7 @@ RSpec/ContextWording: - 'spec/tooling/lib/tooling/parallel_rspec_runner_spec.rb' - 'spec/uploaders/attachment_uploader_spec.rb' - 'spec/uploaders/avatar_uploader_spec.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' - 'spec/uploaders/dependency_proxy/file_uploader_spec.rb' - 'spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - 'spec/uploaders/external_diff_uploader_spec.rb' diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml index cd29e541dc6d95..45097fa0f6a5dd 100644 --- a/.rubocop_todo/rspec/feature_category.yml +++ b/.rubocop_todo/rspec/feature_category.yml @@ -3585,7 +3585,7 @@ RSpec/FeatureCategory: - 'spec/uploaders/avatar_uploader_spec.rb' - 'spec/uploaders/ci/pipeline_artifact_uploader_spec.rb' - 'spec/uploaders/ci/secure_file_uploader_spec.rb' - - 'spec/uploaders/content_type_whitelist_spec.rb' + - 'spec/uploaders/content_type_allowlist_spec.rb' - 'spec/uploaders/dependency_proxy/file_uploader_spec.rb' - 'spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - 'spec/uploaders/external_diff_uploader_spec.rb' diff --git a/.rubocop_todo/style/guard_clause.yml b/.rubocop_todo/style/guard_clause.yml index 9c41badce22e13..8b2bb64b20e7f1 100644 --- a/.rubocop_todo/style/guard_clause.yml +++ b/.rubocop_todo/style/guard_clause.yml @@ -152,7 +152,7 @@ Style/GuardClause: - 'app/services/snippets/repository_validation_service.rb' - 'app/services/users/build_service.rb' - 'app/services/wikis/create_attachment_service.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/file_mover.rb' - 'app/uploaders/file_uploader.rb' - 'app/validators/abstract_path_validator.rb' diff --git a/app/uploaders/avatar_uploader.rb b/app/uploaders/avatar_uploader.rb index 4ccd508184b598..eda74078eea4c7 100644 --- a/app/uploaders/avatar_uploader.rb +++ b/app/uploaders/avatar_uploader.rb @@ -31,7 +31,7 @@ def mounted_as super || 'avatar' end - def content_type_whitelist + def content_type_allowlist MIME_ALLOWLIST end diff --git a/app/uploaders/content_type_whitelist.rb b/app/uploaders/content_type_allowlist.rb similarity index 79% rename from app/uploaders/content_type_whitelist.rb rename to app/uploaders/content_type_allowlist.rb index 30c859d4d16730..07950d72a04878 100644 --- a/app/uploaders/content_type_whitelist.rb +++ b/app/uploaders/content_type_allowlist.rb @@ -4,10 +4,10 @@ # by their content type through magic header parsing. # # This is a patch to hold us over until we get to CarrierWave 2 :) It's a mashup of -# CarrierWave's lib/carrierwave/uploader/content_type_whitelist.rb and +# CarrierWave's lib/carrierwave/uploader/content_type_allowlist.rb and # lib/carrierwave/sanitized_file.rb # -# Include this concern and add a content_type_whitelist method to get the same +# Include this concern and add a content_type_allowlist method to get the same # behavior as you would with CarrierWave 2. # # This is not an exact replacement as we don't override @@ -16,7 +16,7 @@ # # Remove this after moving to CarrierWave 2, though on practical terms it shouldn't # break anything if left for a while. -module ContentTypeWhitelist +module ContentTypeAllowlist module Concern extend ActiveSupport::Concern @@ -26,18 +26,18 @@ module Concern # Here we override and extend CarrierWave's method that does not parse the # magic headers. def check_content_type_allowlist!(new_file) - if content_type_whitelist + if content_type_allowlist content_type = mime_magic_content_type(new_file.path) unless allowlisted_content_type?(content_type) - message = I18n.t(:"errors.messages.content_type_whitelist_error", allowed_types: Array(content_type_whitelist).join(", ")) + message = I18n.t(:"errors.messages.content_type_allowlist_error", allowed_types: Array(content_type_allowlist).join(", ")) raise CarrierWave::IntegrityError, message end end end def allowlisted_content_type?(content_type) - Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ } + Array(content_type_allowlist).any? { |item| content_type =~ /#{item}/ } end def mime_magic_content_type(path) diff --git a/app/uploaders/design_management/design_v432x230_uploader.rb b/app/uploaders/design_management/design_v432x230_uploader.rb index 0f1ebfed4aa122..4ff69cd81c7580 100644 --- a/app/uploaders/design_management/design_v432x230_uploader.rb +++ b/app/uploaders/design_management/design_v432x230_uploader.rb @@ -25,7 +25,7 @@ class DesignV432x230Uploader < GitlabUploader process resize_to_fit: [432, 230] # Allow CarrierWave to reject files without correct mimetypes. - def content_type_whitelist + def content_type_allowlist MIME_TYPE_ALLOWLIST end diff --git a/app/uploaders/favicon_uploader.rb b/app/uploaders/favicon_uploader.rb index a21b21de101daa..20e468e2eb1e7f 100644 --- a/app/uploaders/favicon_uploader.rb +++ b/app/uploaders/favicon_uploader.rb @@ -8,7 +8,7 @@ def extension_whitelist EXTENSION_ALLOWLIST end - def content_type_whitelist + def content_type_allowlist MIME_ALLOWLIST end diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index b603a30e5be684..207441b36a27ad 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class GitlabUploader < CarrierWave::Uploader::Base - include ContentTypeWhitelist::Concern + include ContentTypeAllowlist::Concern class_attribute :storage_location_identifier diff --git a/config/locales/carrierwave.en.yml b/config/locales/carrierwave.en.yml index 864ec8fd73fc45..8763ced847f43a 100644 --- a/config/locales/carrierwave.en.yml +++ b/config/locales/carrierwave.en.yml @@ -6,8 +6,8 @@ en: carrierwave_download_error: could not be downloaded extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" - content_type_whitelist_error: "file format is not supported. Please try one of the following supported formats: %{allowed_types}" - content_type_blacklist_error: "You are not allowed to upload %{content_type} files, prohibited types: %{allowed_types}" + content_type_allowlist_error: "file format is not supported. Please try one of the following supported formats: %{allowed_types}" + content_type_denylist_error: "You are not allowed to upload %{content_type} files, prohibited types: %{allowed_types}" rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?" mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}" min_size_error: "File size should be greater than %{min_size}" diff --git a/spec/support/rspec_order_todo.yml b/spec/support/rspec_order_todo.yml index b2b39b8ddb35d8..7739ae4da70764 100644 --- a/spec/support/rspec_order_todo.yml +++ b/spec/support/rspec_order_todo.yml @@ -7558,7 +7558,7 @@ - './spec/uploaders/avatar_uploader_spec.rb' - './spec/uploaders/ci/pipeline_artifact_uploader_spec.rb' - './spec/uploaders/ci/secure_file_uploader_spec.rb' -- './spec/uploaders/content_type_whitelist_spec.rb' +- './spec/uploaders/content_type_allowlist_spec.rb' - './spec/uploaders/dependency_proxy/file_uploader_spec.rb' - './spec/uploaders/design_management/design_v432x230_uploader_spec.rb' - './spec/uploaders/external_diff_uploader_spec.rb' diff --git a/spec/support/shared_contexts/upload_type_check_shared_context.rb b/spec/support/shared_contexts/upload_type_check_shared_context.rb index 57b8d7472df4b8..a695e2cfa3e3d4 100644 --- a/spec/support/shared_contexts/upload_type_check_shared_context.rb +++ b/spec/support/shared_contexts/upload_type_check_shared_context.rb @@ -9,7 +9,7 @@ end end -# This works with a content_type_whitelist and content_type_blacklist type check. +# This works with a content_type_allowlist and content_type_denylist type check. # @param mime_type [String] mime type to forcibly detect. RSpec.shared_context 'force content type detection to mime_type' do before do diff --git a/spec/uploaders/content_type_whitelist_spec.rb b/spec/uploaders/content_type_allowlist_spec.rb similarity index 88% rename from spec/uploaders/content_type_whitelist_spec.rb rename to spec/uploaders/content_type_allowlist_spec.rb index 0cafc7a3ae29df..c6dc5f35442244 100644 --- a/spec/uploaders/content_type_whitelist_spec.rb +++ b/spec/uploaders/content_type_allowlist_spec.rb @@ -2,16 +2,16 @@ require 'spec_helper' -RSpec.describe ContentTypeWhitelist do +RSpec.describe ContentTypeAllowlist do let_it_be(:model) { build_stubbed(:user) } let!(:uploader) do stub_const('DummyUploader', Class.new(CarrierWave::Uploader::Base)) DummyUploader.class_eval do - include ContentTypeWhitelist::Concern + include ContentTypeAllowlist::Concern - def content_type_whitelist + def content_type_allowlist %w[image/png image/jpeg] end end -- GitLab From 7156b2282720121bd67314a70681824b47292fe2 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 14:20:11 -0800 Subject: [PATCH 05/15] Ensure LFS object has a file --- .../controllers/repository_lfs_file_load_shared_examples.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb b/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb index ba3b08751da69b..9f537f4db596c2 100644 --- a/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb +++ b/spec/support/shared_examples/controllers/repository_lfs_file_load_shared_examples.rb @@ -20,7 +20,7 @@ RSpec.shared_examples 'a controller that can serve LFS files' do |options = {}| let(:lfs_oid) { '91eff75a492a3ed0dfcb544d7f31326bc4014c8551849c192fd1e48d4dd2c897' } let(:lfs_size) { '1575078' } - let!(:lfs_object) { create(:lfs_object, oid: lfs_oid, size: lfs_size) } + let!(:lfs_object) { create(:lfs_object, :with_file, oid: lfs_oid, size: lfs_size) } context 'when lfs is enabled' do before do -- GitLab From 848e3b02f071c121b1909bb4b83a7066f367afce Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 15:18:57 -0800 Subject: [PATCH 06/15] Fix path traversal checks for CarrierWave v3 --- app/uploaders/gitlab_uploader.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index 207441b36a27ad..3bc15638c33d28 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -209,5 +209,12 @@ def protect_from_path_traversal!(file) rescue ObjectNotReadyError # Do nothing. This test was attempted before the file was ready for that method end + rescue ::Gitlab::PathTraversal::PathTraversalAttackError + # Since this is called in the `before :cache` callback, we should + # clear the cache ID to signal to CarrierWave that this file was not + # successful cached. This is necessary in CarrierWave v3 due to + # https://github.com/carrierwaveuploader/carrierwave/commit/a67bfb696dcba14c7cdfa2c1b5481f04d3ef8dae#diff-202f7b241fcfe4fc51fe4d7f3452dbb6edc6322a81bd218af90a734d72d40034L63. + cache_id = nil # rubocop:disable Lint/UselessAssignment -- This is used by CarrierWave + raise end end -- GitLab From 67742f75505cb08a1edc17480802fadfe1870e26 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 15:19:38 -0800 Subject: [PATCH 07/15] Restore default to caching CarrierWave files to local disk By default, CarrierWave will store these files in the same storage as the final destination. However, this requires delete privileges. --- app/uploaders/gitlab_uploader.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index 3bc15638c33d28..612bb8f900cb03 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -3,6 +3,7 @@ class GitlabUploader < CarrierWave::Uploader::Base include ContentTypeAllowlist::Concern + cache_storage :file class_attribute :storage_location_identifier PROTECTED_METHODS = %i[filename cache_dir work_dir store_dir].freeze -- GitLab From 26a14601c6e787cecd156e9d20e27b677078392e Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 15:40:35 -0800 Subject: [PATCH 08/15] Revert "Fix path traversal checks for CarrierWave v3" This reverts commit 9485e8c45f2ca50a0ba5fac9effd524f22f84df8. --- app/uploaders/gitlab_uploader.rb | 7 ------- 1 file changed, 7 deletions(-) diff --git a/app/uploaders/gitlab_uploader.rb b/app/uploaders/gitlab_uploader.rb index 612bb8f900cb03..c1451245104121 100644 --- a/app/uploaders/gitlab_uploader.rb +++ b/app/uploaders/gitlab_uploader.rb @@ -210,12 +210,5 @@ def protect_from_path_traversal!(file) rescue ObjectNotReadyError # Do nothing. This test was attempted before the file was ready for that method end - rescue ::Gitlab::PathTraversal::PathTraversalAttackError - # Since this is called in the `before :cache` callback, we should - # clear the cache ID to signal to CarrierWave that this file was not - # successful cached. This is necessary in CarrierWave v3 due to - # https://github.com/carrierwaveuploader/carrierwave/commit/a67bfb696dcba14c7cdfa2c1b5481f04d3ef8dae#diff-202f7b241fcfe4fc51fe4d7f3452dbb6edc6322a81bd218af90a734d72d40034L63. - cache_id = nil # rubocop:disable Lint/UselessAssignment -- This is used by CarrierWave - raise end end -- GitLab From 2de01355f2d76047cfe6bae39f2e2df97fd6924d Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Wed, 8 Nov 2023 15:44:27 -0800 Subject: [PATCH 09/15] Fix path traversal spec failures with CarrierWave 3 In CarrierWave v1, if `cache!` failed, calling `store!` would call `cache!` again. However, due to the change in https://github.com/carrierwaveuploader/carrierwave/commit/a67bfb696dcba14c7cdfa2c1b5481f04d3ef8dae `cache!` is assumed to complete and so it will not be called again. It's not typical for `cache!` to be called separately, so just fix the test to try both `cache!` and `store!` calls separately. --- .../uploaders/gitlab_uploader_shared_examples.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb index a7e5892d439290..dc33cfe9772264 100644 --- a/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb +++ b/spec/support/shared_examples/uploaders/gitlab_uploader_shared_examples.rb @@ -62,8 +62,11 @@ allow(subject).to receive(:filename).and_return("3bc58d54542d6a5efffa9a87554faac0254f73f675b337899ea869f6d38b7371/122../../../../../../../../.ssh/authorized_keys") end - it "throws an exception" do + it "throws an exceptionin cache!" do expect { subject.cache!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError) + end + + it 'throws an exception in store!' do expect { subject.store!(fixture_file_upload(fixture)) }.to raise_error(Gitlab::PathTraversal::PathTraversalAttackError) end end -- GitLab From 90ce6c0c15fae6d6a3c975eb88740e968eb5b25f Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 23 Mar 2024 07:49:32 -0700 Subject: [PATCH 10/15] Update to CarrierWave v3.0.7 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index e54e209ce64fed..2164f50382cc59 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -417,7 +417,7 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (3.0.4) + carrierwave (3.0.7) activemodel (>= 6.0.0) activesupport (>= 6.0.0) addressable (~> 2.6) -- GitLab From 5db9e7f010452c07bad58d3877fbd462824c8cb2 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 23 Mar 2024 07:53:47 -0700 Subject: [PATCH 11/15] Drop CarrierWave performance patch from Rubocop TODOs This file has been removed, so it is no longer needed. --- .rubocop_todo/lint/assignment_in_condition.yml | 1 - .rubocop_todo/style/inline_disable_annotation.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.rubocop_todo/lint/assignment_in_condition.yml b/.rubocop_todo/lint/assignment_in_condition.yml index 52f3dfa2036416..608dd625568975 100644 --- a/.rubocop_todo/lint/assignment_in_condition.yml +++ b/.rubocop_todo/lint/assignment_in_condition.yml @@ -79,7 +79,6 @@ Lint/AssignmentInCondition: - 'app/workers/ml/experiment_tracking/associate_ml_candidate_to_package_worker.rb' - 'app/workers/new_note_worker.rb' - 'app/workers/terraform/states/destroy_worker.rb' - - 'config/initializers/carrierwave_performance_patch.rb' - 'config/initializers/peek.rb' - 'config/initializers/validate_database_config.rb' - 'config/initializers/zz_metrics.rb' diff --git a/.rubocop_todo/style/inline_disable_annotation.yml b/.rubocop_todo/style/inline_disable_annotation.yml index 0431715d7d4369..0bb07d62750a72 100644 --- a/.rubocop_todo/style/inline_disable_annotation.yml +++ b/.rubocop_todo/style/inline_disable_annotation.yml @@ -942,7 +942,6 @@ Style/InlineDisableAnnotation: - 'config/initializers/7_redis.rb' - 'config/initializers/active_record_lifecycle.rb' - 'config/initializers/active_record_transaction_observer.rb' - - 'config/initializers/carrierwave_performance_patch.rb' - 'config/initializers/database_config.rb' - 'config/initializers/enumerator_next_patch.rb' - 'config/initializers/fix_local_cache_middleware.rb' -- GitLab From 185ea4900e0297d43e2dc07e852b2abf1907d257 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Sat, 23 Mar 2024 07:54:38 -0700 Subject: [PATCH 12/15] Update Gemfile.checksum for CarrierWave v3.0.7 update --- Gemfile.checksum | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.checksum b/Gemfile.checksum index b1392097b8305f..64a13a2bedcd9c 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -69,8 +69,8 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"3.0.4","platform":"ruby","checksum":"accd77a2167b55d0f12dcf5719ea742b422fdd5728db78fcd6d388e1d26f0880"}, -{"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, +{"name":"carrierwave","version":"3.0.7","platform":"ruby","checksum":"feaf484453f7bbb8655b45042224738d5356a331b16d4df293511e8b0f8ef06e"}, +{"name":"cbor","version":"0.5.9.6","platform":"ruby","checksum":"434a147658dd1df24ec9e7b3297c1fd4f8a691c97d0e688b3049df8e728b2114"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, {"name":"charlock_holmes","version":"0.7.9","platform":"ruby","checksum":"b49e8a11ce1921e2c5b65511bb864ae51720ce9bd1c336ccf0e89e6c8ae62db0"}, -- GitLab From 2b6242f014c4d4abf0c9a4c0652daf0f6649404e Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 7 Oct 2025 21:02:25 -0700 Subject: [PATCH 13/15] Resolve lint errors --- .rubocop_todo/gitlab/bounded_contexts.yml | 2 +- Gemfile.checksum | 2 +- Gemfile.next.checksum | 2 +- Gemfile.next.lock | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.rubocop_todo/gitlab/bounded_contexts.yml b/.rubocop_todo/gitlab/bounded_contexts.yml index 3a4f85cae55e96..f9e185b4ef0a23 100644 --- a/.rubocop_todo/gitlab/bounded_contexts.yml +++ b/.rubocop_todo/gitlab/bounded_contexts.yml @@ -1759,7 +1759,7 @@ Gitlab/BoundedContexts: - 'app/uploaders/attachment_uploader.rb' - 'app/uploaders/avatar_uploader.rb' - 'app/uploaders/bulk_imports/export_uploader.rb' - - 'app/uploaders/content_type_whitelist.rb' + - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/deleted_object_uploader.rb' - 'app/uploaders/external_diff_uploader.rb' - 'app/uploaders/favicon_uploader.rb' diff --git a/Gemfile.checksum b/Gemfile.checksum index 64a13a2bedcd9c..78201b5c9c5e26 100644 --- a/Gemfile.checksum +++ b/Gemfile.checksum @@ -70,7 +70,7 @@ {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, {"name":"carrierwave","version":"3.0.7","platform":"ruby","checksum":"feaf484453f7bbb8655b45042224738d5356a331b16d4df293511e8b0f8ef06e"}, -{"name":"cbor","version":"0.5.9.6","platform":"ruby","checksum":"434a147658dd1df24ec9e7b3297c1fd4f8a691c97d0e688b3049df8e728b2114"}, +{"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, {"name":"charlock_holmes","version":"0.7.9","platform":"ruby","checksum":"b49e8a11ce1921e2c5b65511bb864ae51720ce9bd1c336ccf0e89e6c8ae62db0"}, diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum index a4d2345a332a57..f636e8ec8c482b 100644 --- a/Gemfile.next.checksum +++ b/Gemfile.next.checksum @@ -69,7 +69,7 @@ {"name":"byebug","version":"12.0.0","platform":"ruby","checksum":"d4a150d291cca40b66ec9ca31f754e93fed8aa266a17335f71bb0afa7fca1a1e"}, {"name":"capybara","version":"3.40.0","platform":"ruby","checksum":"42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef"}, {"name":"capybara-screenshot","version":"1.0.26","platform":"ruby","checksum":"816b9370a07752097c82a05f568aaf5d3b7f45c3db5d3aab2014071e1b3c0c77"}, -{"name":"carrierwave","version":"3.0.4","platform":"ruby","checksum":"accd77a2167b55d0f12dcf5719ea742b422fdd5728db78fcd6d388e1d26f0880"}, +{"name":"carrierwave","version":"3.0.7","platform":"ruby","checksum":"feaf484453f7bbb8655b45042224738d5356a331b16d4df293511e8b0f8ef06e"}, {"name":"cbor","version":"0.5.9.8","platform":"ruby","checksum":"9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7"}, {"name":"character_set","version":"1.8.0","platform":"java","checksum":"2d94ac33d6569434cf1ba464012b5e98010f5dafbd7b750e8d7db79f4c8eb8f7"}, {"name":"character_set","version":"1.8.0","platform":"ruby","checksum":"2b7317462adaedff0bd1576ae86d71bc5efe133a5d0b7c257021b00fe3153f51"}, diff --git a/Gemfile.next.lock b/Gemfile.next.lock index daab157eb1e143..b0285b9f312b8b 100644 --- a/Gemfile.next.lock +++ b/Gemfile.next.lock @@ -411,7 +411,7 @@ GEM capybara-screenshot (1.0.26) capybara (>= 1.0, < 4) launchy - carrierwave (3.0.4) + carrierwave (3.0.7) activemodel (>= 6.0.0) activesupport (>= 6.0.0) addressable (~> 2.6) -- GitLab From 4465dbcd267a41d0c92ef9d113534dc4186c337e Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Tue, 7 Oct 2025 21:57:56 -0700 Subject: [PATCH 14/15] Fix LfsDownloadService test failure In CarrierWave 1.3.4, when you ran: ``` create(:lfs_object, oid: oid) ``` The mounter would call `write_identifier`, which would get the filename from the uploader, and even though no file was actually uploaded, it would write the OID as the identifier. In 3.0.7, `write_identifier` requires an actual file object (file) to exist before it will write an identifier. Just having a filename method isn't enough anymore. --- .../services/projects/lfs_pointers/lfs_download_service_spec.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb index 4c656b00422786..29090eec8c12c6 100644 --- a/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb +++ b/spec/services/projects/lfs_pointers/lfs_download_service_spec.rb @@ -188,7 +188,7 @@ end context 'when an lfs object with the same oid already exists' do - let!(:existing_lfs_object) { create(:lfs_object, oid: oid) } + let!(:existing_lfs_object) { create(:lfs_object, :with_file, oid: oid) } before do stub_full_request(download_link).to_return(body: lfs_content) -- GitLab From e7f36a7b13bdac12fabaf11cb0ff22e9b84f64c7 Mon Sep 17 00:00:00 2001 From: Gabriel Mazetto Date: Thu, 9 Oct 2025 18:25:32 +0200 Subject: [PATCH 15/15] Fix rubocop / dangerbot violations --- .rubocop_todo/naming/inclusive_language.yml | 1 - app/uploaders/content_type_allowlist.rb | 11 ++++------- spec/uploaders/content_type_allowlist_spec.rb | 2 +- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/.rubocop_todo/naming/inclusive_language.yml b/.rubocop_todo/naming/inclusive_language.yml index 6c8ebb12c4635c..1be17bd26b5d6b 100644 --- a/.rubocop_todo/naming/inclusive_language.yml +++ b/.rubocop_todo/naming/inclusive_language.yml @@ -10,7 +10,6 @@ Naming/InclusiveLanguage: - 'app/models/concerns/cache_markdown_field.rb' - 'app/services/application_settings/update_service.rb' - 'app/uploaders/avatar_uploader.rb' - - 'app/uploaders/content_type_allowlist.rb' - 'app/uploaders/design_management/design_v432x230_uploader.rb' - 'app/uploaders/favicon_uploader.rb' - 'app/uploaders/gitlab_uploader.rb' diff --git a/app/uploaders/content_type_allowlist.rb b/app/uploaders/content_type_allowlist.rb index 07950d72a04878..c4c4456f14c90f 100644 --- a/app/uploaders/content_type_allowlist.rb +++ b/app/uploaders/content_type_allowlist.rb @@ -1,20 +1,17 @@ # frozen_string_literal: true -# Currently we run CarrierWave 1.3.1 which means we can not whitelist files -# by their content type through magic header parsing. -# -# This is a patch to hold us over until we get to CarrierWave 2 :) It's a mashup of +# This is a patch to hold us over until we get to CarrierWave 3 :) It's a mashup of # CarrierWave's lib/carrierwave/uploader/content_type_allowlist.rb and # lib/carrierwave/sanitized_file.rb # # Include this concern and add a content_type_allowlist method to get the same -# behavior as you would with CarrierWave 2. +# behavior as you would with CarrierWave 3. # # This is not an exact replacement as we don't override # SanitizedFile#content_type but we do set the content_type attribute when we -# check the whitelist. +# check the allowlist. # -# Remove this after moving to CarrierWave 2, though on practical terms it shouldn't +# Remove this after moving to CarrierWave 3, though on practical terms it shouldn't # break anything if left for a while. module ContentTypeAllowlist module Concern diff --git a/spec/uploaders/content_type_allowlist_spec.rb b/spec/uploaders/content_type_allowlist_spec.rb index c6dc5f35442244..5ee0beb9f87a61 100644 --- a/spec/uploaders/content_type_allowlist_spec.rb +++ b/spec/uploaders/content_type_allowlist_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe ContentTypeAllowlist do +RSpec.describe ContentTypeAllowlist, feature_category: :shared do let_it_be(:model) { build_stubbed(:user) } let!(:uploader) do -- GitLab