Use the array syntax for shelling out (!93030) · Merge requests · GitLab.org / GitLab

Dominic Couture requested to merge dcouture-popen-args into master Jul 21, 2022

What does this MR do and why?

Adds defense in depth to a previous fix. If validations are bypassed now the worst possible impact would be argument injection rather than a full command injection.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Run Feature.enable(:bulk_import_projects) in your rails console
Follow this documentation to use bulk import

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 02, 2022 by Vasilii Iakliushin

Use the array syntax for shelling out

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports