Merge branch 'files_blocklist' into 'master'

Rename internal file used to deny pushes for certain files See merge request gitlab-org/gitlab!33666

Merge branch 'files_blocklist' into 'master'
Rename internal file used to deny pushes for certain files See merge request gitlab-org/gitlab!33666
04a60057 · Jan Provaznik · b65821c5 · f818d961 · 04a60057 · 04a60057
Commit 04a60057 authored Jun 04, 2020 by Jan Provaznik
5 changed files
--- a/doc/push_rules/push_rules.md
+++ b/doc/push_rules/push_rules.md
@@ -98,12 +98,12 @@ GitLab uses [RE2 syntax](https://github.com/google/re2/wiki/Syntax) for regular
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/385) in [GitLab Starter](https://about.gitlab.com/pricing/) 8.12.

 Secrets such as credential files, SSH private keys, and other files containing secrets should never be committed to source control.
-GitLab allows you to turn on a predefined blacklist of files which won't be allowed to be
+GitLab allows you to turn on a predefined denylist of files which won't be allowed to be
 pushed to a repository, stopping those commits from reaching the remote repository.

 By selecting the checkbox *Prevent committing secrets to Git*, GitLab prevents
 pushes to the repository when a file matches a regular expression as read from
-[`files_blacklist.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/gitlab/checks/files_blacklist.yml) (make sure you are at the right branch
+[`files_denylist.yml`](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/gitlab/checks/files_denylist.yml) (make sure you are at the right branch
 as your GitLab version when viewing this file).

 NOTE: **Note:**

--- a/ee/app/models/push_rule.rb
+++ b/ee/app/models/push_rule.rb
@@ -26,7 +26,7 @@ class PushRule < ApplicationRecord

  before_update :convert_to_re2

-  FILES_BLACKLIST = YAML.load_file(Rails.root.join('ee/lib/gitlab/checks/files_blacklist.yml'))
+  FILES_DENYLIST = YAML.load_file(Rails.root.join('ee/lib/gitlab/checks/files_denylist.yml'))
  SETTINGS_WITH_GLOBAL_DEFAULT = %i[
    reject_unsigned_commits
    commit_committer_check
@@ -78,9 +78,9 @@ class PushRule < ApplicationRecord
    data_match?(email, author_email_regex)
  end

-  def filename_blacklisted?(file_path)
+  def filename_denylisted?(file_path)
    regex_list = []
-    regex_list.concat(FILES_BLACKLIST) if prevent_secrets
+    regex_list.concat(FILES_DENYLIST) if prevent_secrets
    regex_list << file_name_regex if file_name_regex

    regex_list.find { |regex| data_match?(file_path, regex) }

--- a/ee/lib/ee/gitlab/checks/diff_check.rb
+++ b/ee/lib/ee/gitlab/checks/diff_check.rb
@@ -82,7 +82,7 @@ module EE

        def file_name_validation
          lambda do |diff|
-            if (diff.renamed_file || diff.new_file) && blacklisted_regex = push_rule.filename_blacklisted?(diff.new_path)
+            if (diff.renamed_file || diff.new_file) && blacklisted_regex = push_rule.filename_denylisted?(diff.new_path)
              return unless blacklisted_regex.present?

              "File name #{diff.new_path} was blacklisted by the pattern #{blacklisted_regex}."

--- a/ee/lib/gitlab/checks/files_blacklist.yml
+++ b/ee/lib/gitlab/checks/files_blacklist.yml
--- a/ee/spec/models/push_rule_spec.rb
+++ b/ee/spec/models/push_rule_spec.rb
@@ -132,7 +132,7 @@ describe PushRule do
    commit_message_blocked?: :commit_message_negative_regex,
    branch_name_allowed?: :branch_name_regex,
    author_email_allowed?: :author_email_regex,
-    filename_blacklisted?: :file_name_regex
+    filename_denylisted?: :file_name_regex
  }

  methods_and_regexes.each do |method_name, regex_attr|