EE: Allow to use untrusted ruby syntax (!10566) · Merge requests · GitLab.org / GitLab

Kamil Trzciński requested to merge allow-to-use-untrusted-ruby-syntax-ee into master Apr 03, 2019

What does this MR do?

Brings an optional administratively controlled backward compatibility to use unsafe Ruby Regexp with only: and refs:.

This also brings back the compatibility for: // =~ 'aa' which become broken due to PATTERN.

The CE version: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26905

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation created/updated or follow-up review issue created
Code review guidelines
Style guides

Performance and testing

Tests added for this feature/bug

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
Security reports checked/validated by a reviewer from the AppSec team

Edited Apr 04, 2019 by Kamil Trzciński

EE: Allow to use untrusted ruby syntax

What does this MR do?

Does this MR meet the acceptance criteria?

Conformity

Performance and testing

Security

Merge request reports