Allow to use untrusted ruby syntax (!26905) · Merge requests · GitLab.org / GitLab FOSS

Allow to use untrusted ruby syntax

What does this MR do?

Brings an optional administratively controlled backward compatibility to use unsafe Ruby Regexp with only: and refs:.

This also brings back the compatibility for: // =~ 'aa' which become broken due to PATTERN.

The EE version: https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/10566

Does this MR meet the acceptance criteria?

Conformity

Changelog entry
Documentation created/updated or follow-up review issue created
Code review guidelines
Style guides

Performance and testing

Tests added for this feature/bug

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
Security reports checked/validated by a reviewer from the AppSec team

Edited Apr 04, 2019 by Kamil Trzciński