Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
cdc2bc43
Commit
cdc2bc43
authored
Aug 24, 2018
by
Francisco Javier López
Committed by
Jose Vargas
Aug 28, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[master] Missing CSRF in System Hooks resend action
parent
beb8354b
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
14 additions
and
10 deletions
+14
-10
app/views/admin/hook_logs/show.html.haml
app/views/admin/hook_logs/show.html.haml
+1
-2
app/views/projects/hook_logs/show.html.haml
app/views/projects/hook_logs/show.html.haml
+1
-1
changelogs/unreleased/security-fj-missing-csrf-system-hooks-resend.yml
...released/security-fj-missing-csrf-system-hooks-resend.yml
+5
-0
config/routes/admin.rb
config/routes/admin.rb
+1
-1
config/routes/project.rb
config/routes/project.rb
+1
-1
spec/routing/admin_routing_spec.rb
spec/routing/admin_routing_spec.rb
+2
-2
spec/routing/project_routing_spec.rb
spec/routing/project_routing_spec.rb
+3
-3
No files found.
app/views/admin/hook_logs/show.html.haml
View file @
cdc2bc43
...
@@ -4,7 +4,6 @@
...
@@ -4,7 +4,6 @@
%hr
%hr
=
link_to
'Resend Request'
,
retry_admin_hook_hook_log_path
(
@hook
,
@hook_log
),
class:
"btn btn-default float-right prepend-left-10"
=
link_to
'Resend Request'
,
retry_admin_hook_hook_log_path
(
@hook
,
@hook_log
),
method: :post
,
class:
"btn btn-default float-right prepend-left-10"
=
render
partial:
'shared/hook_logs/content'
,
locals:
{
hook_log:
@hook_log
}
=
render
partial:
'shared/hook_logs/content'
,
locals:
{
hook_log:
@hook_log
}
app/views/projects/hook_logs/show.html.haml
View file @
cdc2bc43
...
@@ -4,6 +4,6 @@
...
@@ -4,6 +4,6 @@
Request details
Request details
.col-lg-9
.col-lg-9
=
link_to
'Resend Request'
,
retry_project_hook_hook_log_path
(
@project
,
@hook
,
@hook_log
),
class:
"btn btn-default float-right prepend-left-10"
=
link_to
'Resend Request'
,
retry_project_hook_hook_log_path
(
@project
,
@hook
,
@hook_log
),
method: :post
,
class:
"btn btn-default float-right prepend-left-10"
=
render
partial:
'shared/hook_logs/content'
,
locals:
{
hook_log:
@hook_log
}
=
render
partial:
'shared/hook_logs/content'
,
locals:
{
hook_log:
@hook_log
}
changelogs/unreleased/security-fj-missing-csrf-system-hooks-resend.yml
0 → 100644
View file @
cdc2bc43
---
title
:
Adding CSRF protection to Hooks resend action
merge_request
:
author
:
type
:
security
config/routes/admin.rb
View file @
cdc2bc43
...
@@ -59,7 +59,7 @@ namespace :admin do
...
@@ -59,7 +59,7 @@ namespace :admin do
resources
:hook_logs
,
only:
[
:show
]
do
resources
:hook_logs
,
only:
[
:show
]
do
member
do
member
do
ge
t
:retry
pos
t
:retry
end
end
end
end
end
end
...
...
config/routes/project.rb
View file @
cdc2bc43
...
@@ -307,7 +307,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
...
@@ -307,7 +307,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
resources
:hook_logs
,
only:
[
:show
]
do
resources
:hook_logs
,
only:
[
:show
]
do
member
do
member
do
ge
t
:retry
pos
t
:retry
end
end
end
end
end
end
...
...
spec/routing/admin_routing_spec.rb
View file @
cdc2bc43
...
@@ -103,11 +103,11 @@ describe Admin::HooksController, "routing" do
...
@@ -103,11 +103,11 @@ describe Admin::HooksController, "routing" do
end
end
end
end
# admin_hook_hook_log_retry
GE
T /admin/hooks/:hook_id/hook_logs/:id/retry(.:format) admin/hook_logs#retry
# admin_hook_hook_log_retry
POS
T /admin/hooks/:hook_id/hook_logs/:id/retry(.:format) admin/hook_logs#retry
# admin_hook_hook_log GET /admin/hooks/:hook_id/hook_logs/:id(.:format) admin/hook_logs#show
# admin_hook_hook_log GET /admin/hooks/:hook_id/hook_logs/:id(.:format) admin/hook_logs#show
describe
Admin
::
HookLogsController
,
'routing'
do
describe
Admin
::
HookLogsController
,
'routing'
do
it
'to #retry'
do
it
'to #retry'
do
expect
(
ge
t
(
'/admin/hooks/1/hook_logs/1/retry'
)).
to
route_to
(
'admin/hook_logs#retry'
,
hook_id:
'1'
,
id:
'1'
)
expect
(
pos
t
(
'/admin/hooks/1/hook_logs/1/retry'
)).
to
route_to
(
'admin/hook_logs#retry'
,
hook_id:
'1'
,
id:
'1'
)
end
end
it
'to #show'
do
it
'to #show'
do
...
...
spec/routing/project_routing_spec.rb
View file @
cdc2bc43
...
@@ -381,7 +381,7 @@ describe 'project routing' do
...
@@ -381,7 +381,7 @@ describe 'project routing' do
end
end
end
end
# test_project_hook
GE
T /:project_id/hooks/:id/test(.:format) hooks#test
# test_project_hook
POS
T /:project_id/hooks/:id/test(.:format) hooks#test
# project_hooks GET /:project_id/hooks(.:format) hooks#index
# project_hooks GET /:project_id/hooks(.:format) hooks#index
# POST /:project_id/hooks(.:format) hooks#create
# POST /:project_id/hooks(.:format) hooks#create
# edit_project_hook GET /:project_id/hooks/:id/edit(.:format) hooks#edit
# edit_project_hook GET /:project_id/hooks/:id/edit(.:format) hooks#edit
...
@@ -398,11 +398,11 @@ describe 'project routing' do
...
@@ -398,11 +398,11 @@ describe 'project routing' do
end
end
end
end
# retry_namespace_project_hook_hook_log
GE
T /:project_id/hooks/:hook_id/hook_logs/:id/retry(.:format) projects/hook_logs#retry
# retry_namespace_project_hook_hook_log
POS
T /:project_id/hooks/:hook_id/hook_logs/:id/retry(.:format) projects/hook_logs#retry
# namespace_project_hook_hook_log GET /:project_id/hooks/:hook_id/hook_logs/:id(.:format) projects/hook_logs#show
# namespace_project_hook_hook_log GET /:project_id/hooks/:hook_id/hook_logs/:id(.:format) projects/hook_logs#show
describe
Projects
::
HookLogsController
,
'routing'
do
describe
Projects
::
HookLogsController
,
'routing'
do
it
'to #retry'
do
it
'to #retry'
do
expect
(
ge
t
(
'/gitlab/gitlabhq/hooks/1/hook_logs/1/retry'
)).
to
route_to
(
'projects/hook_logs#retry'
,
namespace_id:
'gitlab'
,
project_id:
'gitlabhq'
,
hook_id:
'1'
,
id:
'1'
)
expect
(
pos
t
(
'/gitlab/gitlabhq/hooks/1/hook_logs/1/retry'
)).
to
route_to
(
'projects/hook_logs#retry'
,
namespace_id:
'gitlab'
,
project_id:
'gitlabhq'
,
hook_id:
'1'
,
id:
'1'
)
end
end
it
'to #show'
do
it
'to #show'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment