Skip to content

Rename Project#import_url to #unsafe_import_url

Luke Duncalferequested to merge
ld-Project-unsafe_import_url into master

What does this MR do and why?

The #import_url method can expose username and password details of the URL with the userinfo portion of the URL.

To make it more obvious to developers that they should use #safe_import_url, and that #unsafe_import_url can leak sensitive credentials, this MR renames #import_url to #unsafe_import_url.

References

Rename Project#import_url to #unsafe_import_url (#508456 - closed)

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Create a project via its import_url:

  1. Visit http://gdk.test:3000/projects/new#import_project
  2. Select Repository by URL.
  3. Import a new project via a repository URL. For example, https://github.com/lukes/test.git
  4. Repeat the same steps for a private repository (you could choose a private localhost GitLab repo, for example http://gdk.test:3000/flightjs/Flight.git). You will need to enter the username and password of your local GitLab instance account.
  5. Repeat the same steps and set up a mirrored repository by selecting "Mirror repository".
Edited by Luke Duncalfe

Merge request reports