Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
3ef13167
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
3ef13167
编写于
4月 27, 2020
作者:
G
GitLab Bot
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add latest changes from gitlab-org/security/gitlab@12-8-stable-ee
上级
83ef6fa0
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
44 addition
and
0 deletion
+44
-0
app/controllers/oauth/authorized_applications_controller.rb
app/controllers/oauth/authorized_applications_controller.rb
+7
-0
changelogs/unreleased/security-file-template-project-12-9.yml
...gelogs/unreleased/security-file-template-project-12-9.yml
+5
-0
changelogs/unreleased/security-fix-CVE-2020-10187.yml
changelogs/unreleased/security-fix-CVE-2020-10187.yml
+5
-0
changelogs/unreleased/security-fix-es-credentials-leak.yml
changelogs/unreleased/security-fix-es-credentials-leak.yml
+5
-0
config/application.rb
config/application.rb
+1
-0
spec/controllers/oauth/authorized_applications_controller_spec.rb
...trollers/oauth/authorized_applications_controller_spec.rb
+21
-0
未找到文件。
app/controllers/oauth/authorized_applications_controller.rb
浏览文件 @
3ef13167
...
...
@@ -5,6 +5,13 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio
layout
'profile'
def
index
respond_to
do
|
format
|
format
.
html
{
render
"errors/not_found"
,
layout:
"errors"
,
status: :not_found
}
format
.
json
{
render
json:
""
,
status: :not_found
}
end
end
def
destroy
if
params
[
:token_id
].
present?
current_resource_owner
.
oauth_authorized_tokens
.
find
(
params
[
:token_id
]).
revoke
...
...
changelogs/unreleased/security-file-template-project-12-9.yml
0 → 100644
浏览文件 @
3ef13167
---
title
:
Do not return private project ID without permission
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-CVE-2020-10187.yml
0 → 100644
浏览文件 @
3ef13167
---
title
:
Fix doorkeeper CVE-2020-10187
merge_request
:
author
:
type
:
security
changelogs/unreleased/security-fix-es-credentials-leak.yml
0 → 100644
浏览文件 @
3ef13167
---
title
:
Prevent ES credentials leak
merge_request
:
author
:
type
:
security
config/application.rb
浏览文件 @
3ef13167
...
...
@@ -129,6 +129,7 @@ module Gitlab
encrypted_key
hook
import_url
elasticsearch_url
otp_attempt
sentry_dsn
trace
...
...
spec/controllers/oauth/authorized_applications_controller_spec.rb
0 → 100644
浏览文件 @
3ef13167
# frozen_string_literal: true
require
'spec_helper'
describe
Oauth
::
AuthorizedApplicationsController
do
let
(
:user
)
{
create
(
:user
)
}
let
(
:guest
)
{
create
(
:user
)
}
let
(
:application
)
{
create
(
:oauth_application
,
owner:
guest
)
}
before
do
sign_in
(
user
)
end
describe
'GET #index'
do
it
'responds with 404'
do
get
:index
expect
(
response
).
to
have_gitlab_http_status
(
:not_found
)
end
end
end
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录