-
- Downloads
Fix project import restricted visibility bypass
Add Gitlab::VisibilityLevelChecker that verifies selected project visibility level (or overridden param) is not restricted when creating or importing a project
Showing
- app/services/projects/create_service.rb 16 additions, 11 deletionsapp/services/projects/create_service.rb
- changelogs/unreleased/security-project-import-bypass.yml 5 additions, 0 deletionschangelogs/unreleased/security-project-import-bypass.yml
- lib/gitlab/visibility_level_checker.rb 88 additions, 0 deletionslib/gitlab/visibility_level_checker.rb
- spec/lib/gitlab/visibility_level_checker_spec.rb 82 additions, 0 deletionsspec/lib/gitlab/visibility_level_checker_spec.rb
- spec/services/projects/create_service_spec.rb 53 additions, 15 deletionsspec/services/projects/create_service_spec.rb
lib/gitlab/visibility_level_checker.rb
0 → 100644
Please register or sign in to comment