Commit 229c1150 authored by 🤖 GitLab Bot 🤖's avatar 🤖 GitLab Bot 🤖
Browse files

Add latest changes from gitlab-org/gitlab@master

parent 8d09cf28
......@@ -181,7 +181,6 @@ setup-test-env:
paths:
- config/secrets.yml
- tmp/tests/gitaly/_build/bin/
- tmp/tests/gitaly/_build/deps/git/install
- tmp/tests/gitaly/config.toml
- tmp/tests/gitaly/gitaly2.config.toml
- tmp/tests/gitaly/internal/
......
This diff is collapsed.
ee4b20cc318876c4b237e277fefd9d75186a085c
4f0a07ba39f14adacf7d482128a5de2bb84f0eac
......@@ -64,8 +64,12 @@ build:
entrypoint: [""]
script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
rules:
- if: $CI_COMMIT_TAG
```
......@@ -91,14 +95,19 @@ build:
- mkdir -p /kaniko/.docker
- |-
KANIKOPROXYBUILDARGS=""
KANIKOCFG="{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"}}}"
KANIKOCFG="{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}"
if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then
KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}"
KANIKOPROXYBUILDARGS="--build-arg http_proxy=${http_proxy} --build-arg https_proxy=${https_proxy} --build-arg no_proxy=${no_proxy}"
fi
KANIKOCFG="${KANIKOCFG} }"
echo "${KANIKOCFG}" > /kaniko/.docker/config.json
- /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile $KANIKOPROXYBUILDARGS --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
"${KANIKOPROXYBUILDARGS}"
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
rules:
- if: $CI_COMMIT_TAG
```
......@@ -120,7 +129,7 @@ store:
```yaml
before_script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(echo -n ${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD} | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
- |
echo "-----BEGIN CERTIFICATE-----
...
......
......@@ -111,12 +111,9 @@ To generate an API Fuzzing configuration snippet:
### OpenAPI Specification
> Support for OpenAPI Specification v3.1 was
> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327268) in GitLab 14.2.
> Support for OpenAPI Specification using YAML format was
> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0.
> Support for OpenAPI Specification v3.0 was
> [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228652) in GitLab 13.9.
> - Support for OpenAPI Specification v3.0 was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/228652) in GitLab 13.9.
> - Support for OpenAPI Specification using YAML format was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/330583) in GitLab 14.0.
> - Support for OpenAPI Specification v3.1 was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/327268) in GitLab 14.2.
The [OpenAPI Specification](https://www.openapis.org/) (formerly the Swagger Specification) is an API description format for REST APIs.
This section shows you how to configure API fuzzing using an OpenAPI Specification to provide information about the target API to test.
......@@ -214,7 +211,7 @@ To configure API fuzzing to use a HAR file:
```
1. Provide the location of the HAR specification. You can provide the specification as a file
or URL. [URL support was introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
or URL. URL support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
in GitLab 13.10 and later. Specify the location by adding the `FUZZAPI_HAR` variable.
1. The target API instance's base URL is also required. Provide it by using the `FUZZAPI_TARGET_URL`
......@@ -285,7 +282,7 @@ To configure API fuzzing to use a Postman Collection file:
```
1. Provide the location of the Postman Collection specification. You can provide the specification
as a file or URL. [URL support was introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
as a file or URL. URL support was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/285020)
in GitLab 13.10 and later. Specify the location by adding the `FUZZAPI_POSTMAN_COLLECTION`
variable.
......@@ -613,15 +610,15 @@ Overrides use a JSON document, where each type of override is represented by a J
},
"body-form": {
"form-param1": "value",
"form-param1": "value",
"form-param2": "value"
},
"body-json": {
"json-path1": "value",
"json-path2": "value",
"json-path2": "value"
},
"body-xml" : {
"xpath1": "value",
"xpath2": "value",
"xpath2": "value"
}
}
```
......@@ -975,7 +972,7 @@ reported.
### View details of an API Fuzzing vulnerability
> Introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.7.
> Introduced in GitLab 13.7.
Faults detected by API Fuzzing occur in the live web application, and require manual investigation
to determine if they are vulnerabilities. Fuzzing faults are included as vulnerabilities with a
......
......@@ -146,7 +146,7 @@ corpus.
### Reports JSON format
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220062) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.3 as an [Alpha feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha).
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/220062) in GitLab 13.3 as an [Alpha feature](https://about.gitlab.com/handbook/product/gitlab-the-product/#alpha).
The `gitlab-cov-fuzz` tool emits a JSON report file. For more information, see the
[schema for this report](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/coverage-fuzzing-report-format.json).
......
......@@ -127,7 +127,6 @@ dast:
DAST_BROWSER_ACTION_TIMEOUT: "10s"
DAST_BROWSER_STABILITY_TIMEOUT: "15s"
DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT: "15s"
DAST_BROWSER_ACTION_TIMEOUT: "10s"
DAST_BROWSER_ACTION_STABILITY_TIMEOUT: "3s"
```
......
......@@ -320,8 +320,8 @@ tips for optimizing DAST scans in a [blog post](https://about.gitlab.com/blog/20
### API scan
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10928) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.10.
> - A new DAST API scanning engine was introduced in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.10.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10928) in GitLab 12.10.
> - A new DAST API scanning engine was introduced in GitLab 13.10.
Using an API specification as a scan's target is a useful way to seed URLs for scanning an API.
Vulnerability rules in an API scan are different than those in a normal website scan.
......@@ -416,7 +416,7 @@ variables:
### URL scan
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214120) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.4.
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214120) in GitLab 13.4.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/273141) in GitLab 13.11.
A URL scan allows you to specify which parts of a website are scanned by DAST.
......@@ -492,7 +492,7 @@ Click **View details** to view the web console output which includes the list of
### View details of a vulnerability detected by DAST
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.1.
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36332) in GitLab 13.1.
Vulnerabilities detected by DAST occur in the live web application. Addressing these types of
vulnerabilities requires specific information. DAST provides the information required to
......
......@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
type: reference, howto
---
# Run DAST in an offline environment
# Run DAST in an offline environment **(ULTIMATE)**
For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
to external resources through the internet, some adjustments are required for the DAST job to
......
......@@ -681,15 +681,15 @@ Overrides use a JSON document, where each type of override is represented by a J
},
"body-form": {
"form-param1": "value",
"form-param1": "value",
"form-param2": "value"
},
"body-json": {
"json-path1": "value",
"json-path2": "value",
"json-path2": "value"
},
"body-xml" : {
"xpath1": "value",
"xpath2": "value",
"xpath2": "value"
}
}
```
......@@ -968,16 +968,16 @@ Follow these steps to view details of a vulnerability:
| Field | Description |
|:--------------------|:----------------------------------------------------------------------------------------|
| Description | Description of the vulnerability including what was modified. |
| Description | Description of the vulnerability including what was modified. |
| Project | Namespace and project in which the vulnerability was detected. |
| Method | HTTP method used to detect the vulnerability. |
| URL | URL at which the vulnerability was detected. |
| Request | The HTTP request that caused the vulnerability. |
| Request | The HTTP request that caused the vulnerability. |
| Unmodified Response | Response from an unmodified request. This is what a normal working response looks like. |
| Actual Response | Response received from test request. |
| Evidence | How we determined a vulnerability occurred. |
| Identifiers | The DAST API check used to find this vulnerability. |
| Severity | Severity of the vulnerability. |
| Actual Response | Response received from test request. |
| Evidence | How we determined a vulnerability occurred. |
| Identifiers | The DAST API check used to find this vulnerability. |
| Severity | Severity of the vulnerability. |
| Scanner Type | Scanner used to perform testing. |
### Security Dashboard
......@@ -1139,7 +1139,7 @@ The DAST API engine outputs an error message when it cannot establish a connecti
**Error message**
- In [GitLab 13.11 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/323939), `Failed to start scanner session (version header not found).`
- In GitLab 13.10 and earlier, `API Security version header not found. Are you sure that you are connecting to the API Security server?`.
- In GitLab 13.10 and earlier, `API Security version header not found. Are you sure that you are connecting to the API Security server?`.
**Solution**
......
......@@ -104,6 +104,9 @@ def configuration_toml(gitaly_dir, storage_paths, options, gitaly_ruby: true)
socket_filename = options[:gitaly_socket] || "gitaly.socket"
prometheus_listen_addr = options[:prometheus_listen_addr]
git_bin_path = File.expand_path('../gitaly/_build/deps/git/install/bin/git')
git_bin_path = nil unless File.exist?(git_bin_path)
config = {
# Override the set gitaly_address since Praefect is in the loop
socket_path: File.join(gitaly_dir, socket_filename),
......@@ -113,8 +116,8 @@ def configuration_toml(gitaly_dir, storage_paths, options, gitaly_ruby: true)
# sidekiq jobs, and concurrency will be low anyway in test.
git: {
catfile_cache_size: 5,
bin_path: File.expand_path(File.join(gitaly_dir, '_build', 'deps', 'git', 'install', 'bin', 'git'))
},
bin_path: git_bin_path
}.compact,
prometheus_listen_addr: prometheus_listen_addr
}.compact
......
......@@ -33,7 +33,7 @@ def fetch_issues(params = {})
end
def fetch_issue(issue_id)
raise Gitlab::Zentao::Client::Error unless issue_id_pattern.match(issue_id)
raise Gitlab::Zentao::Client::Error, 'invalid issue id' unless issue_id_pattern.match(issue_id)
get("issues/#{issue_id}")
end
......@@ -48,11 +48,11 @@ def get(path, params = {})
options = { headers: headers, query: params }
response = Gitlab::HTTP.get(url(path), options)
raise Gitlab::Zentao::Client::Error unless response.success?
raise Gitlab::Zentao::Client::Error, 'request error' unless response.success?
Gitlab::Json.parse(response.body)
rescue JSON::ParserError
raise Gitlab::Zentao::Client::Error
raise Gitlab::Zentao::Client::Error, 'invalid response format'
end
def url(path)
......
......@@ -67,7 +67,7 @@ Usage: rake "gitlab:gitaly:install[/installation/dir,/storage/path]")
env["BUNDLE_DEPLOYMENT"] = 'false'
end
Gitlab::Popen.popen([make_cmd, 'all', 'git'], nil, env)
Gitlab::Popen.popen([make_cmd], nil, env)
end
end
end
......
......@@ -67,7 +67,7 @@ def api_post_body
private
def transform_api_resource(api_resource)
api_resource[:web_url] = "#{Runtime::Scenario.gitlab_address}/#{project.full_path}/-/tree/#{branch}/#{api_resource[:file_path]}"
api_resource[:web_url] = "#{Runtime::Scenario.gitlab_address}/#{project.full_path}/-/blob/#{branch}/#{api_resource[:file_path]}"
api_resource
end
end
......
......@@ -376,7 +376,6 @@ def replication_pending?
select job from replication_queue
where state = 'ready'
and job ->> 'change' = 'update'
and job ->> 'source_node_storage' = '#{current_primary_node}'
and job ->> 'target_node_storage' = '#{@primary_node}';
SQL
) do |line|
......
......@@ -31,14 +31,6 @@ module QA
praefect_manager.stop_primary_node
praefect_manager.wait_for_gitaly_check
# Confirm that we have access to the repo after failover
Support::Waiter.wait_until(retry_on_exception: true, sleep_interval: 5) do
Resource::Repository::Commit.fabricate_via_api! do |commits|
commits.project = project
commits.sha = project.default_branch
end
end
# Push a commit to the new primary
Resource::Repository::ProjectPush.fabricate! do |push|
push.project = project
......@@ -58,6 +50,11 @@ module QA
# Wait for automatic replication
praefect_manager.wait_for_replication(project.id)
# Force switch to the old primary node
# This ensures that the commit was replicated
praefect_manager.stop_secondary_node
praefect_manager.stop_tertiary_node
# Confirm that both commits are available
expect(project.commits.map { |commit| commit[:message].chomp })
.to include("Initial commit").and include("pushed after failover")
......
......@@ -208,10 +208,10 @@
context 'by page_token only' do
let(:params) { { page_token: 'feature' } }
it 'raises an error' do
expect do
subject
end.to raise_error(Gitlab::Git::CommandError, '13:could not find page token.')
it 'returns nothing' do
result = subject
expect(result.count).to eq(0)
end
end
......
......@@ -63,7 +63,7 @@ def mock_fetch_issue_url(issue_id)
it 'fetches the empty product' do
expect do
integration.fetch_product(zentao_integration.zentao_product_xid)
end.to raise_error(Gitlab::Zentao::Client::Error)
end.to raise_error(Gitlab::Zentao::Client::Error, 'request error')
end
end
......@@ -76,7 +76,7 @@ def mock_fetch_issue_url(issue_id)
it 'fetches the empty product' do
expect do
integration.fetch_product(zentao_integration.zentao_product_xid)
end.to raise_error(Gitlab::Zentao::Client::Error)
end.to raise_error(Gitlab::Zentao::Client::Error, 'invalid response format')
end
end
end
......@@ -111,7 +111,8 @@ def mock_fetch_issue_url(issue_id)
it 'returns empty object' do
invalid_ids.each do |id|
expect { integration.fetch_issue(id) }.to raise_error(Gitlab::Zentao::Client::Error)
expect { integration.fetch_issue(id) }
.to raise_error(Gitlab::Zentao::Client::Error, 'invalid issue id')
end
end
end
......
......@@ -98,7 +98,7 @@ def install_gitaly_gems
end
def build_gitaly
system(env.merge({ 'GIT_VERSION' => nil }), 'make all git', chdir: tmp_tests_gitaly_dir) # rubocop:disable GitlabSecurity/SystemCommandInjection
system(env, 'make', chdir: tmp_tests_gitaly_dir) # rubocop:disable GitlabSecurity/SystemCommandInjection
end
def start_gitaly
......
......@@ -68,7 +68,7 @@
it 'calls gmake in the gitaly directory' do
expect(Gitlab::Popen).to receive(:popen).with(%w[which gmake]).and_return(['/usr/bin/gmake', 0])
expect(Gitlab::Popen).to receive(:popen).with(%w[gmake all git], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true)
expect(Gitlab::Popen).to receive(:popen).with(%w[gmake], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true)
subject
end
......@@ -81,13 +81,13 @@
end
it 'calls make in the gitaly directory' do
expect(Gitlab::Popen).to receive(:popen).with(%w[make all git], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true)
expect(Gitlab::Popen).to receive(:popen).with(%w[make], nil, { "BUNDLE_GEMFILE" => nil, "RUBYOPT" => nil }).and_return(true)
subject
end
context 'when Rails.env is test' do
let(:command) { %w[make all git] }
let(:command) { %w[make] }
before do
stub_rails_env('test')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment