BigW Consortium Gitlab

Commit 9770c57f by Brian Neel

Re-enable SqlInjection and CommandInjection

parent b612a47d
...@@ -514,8 +514,11 @@ codeclimate: ...@@ -514,8 +514,11 @@ codeclimate:
services: services:
- docker:dind - docker:dind
script: script:
- cp .rubocop.yml .rubocop.yml.bak
- grep -v "rubocop-gitlab-security" .rubocop.yml.bak > .rubocop.yml
- docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > raw_codeclimate.json - docker run --env CODECLIMATE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock --volume /tmp/cc:/tmp/cc codeclimate/codeclimate analyze -f json > raw_codeclimate.json
- cat raw_codeclimate.json | docker run -i stedolan/jq -c 'map({check_name,fingerprint,location})' > codeclimate.json - cat raw_codeclimate.json | docker run -i stedolan/jq -c 'map({check_name,fingerprint,location})' > codeclimate.json
- mv .rubocop.yml.bak .rubocop.yml
artifacts: artifacts:
paths: [codeclimate.json] paths: [codeclimate.json]
......
require: require:
- rubocop-rspec - rubocop-rspec
- rubocop-gitlab-security
- ./rubocop/rubocop - ./rubocop/rubocop
inherit_from: .rubocop_todo.yml inherit_from: .rubocop_todo.yml
...@@ -1156,3 +1157,35 @@ RSpec/SubjectStub: ...@@ -1156,3 +1157,35 @@ RSpec/SubjectStub:
# Prefer using verifying doubles over normal doubles. # Prefer using verifying doubles over normal doubles.
RSpec/VerifiedDoubles: RSpec/VerifiedDoubles:
Enabled: false Enabled: false
# GitlabSecurity ##############################################################
GitlabSecurity/DeepMunge:
Enabled: true
Exclude:
- 'spec/**/*'
- 'lib/**/*.rake'
GitlabSecurity/PublicSend:
Enabled: true
Exclude:
- 'spec/**/*'
- 'lib/**/*.rake'
GitlabSecurity/RedirectToParamsUpdate:
Enabled: true
Exclude:
- 'spec/**/*'
- 'lib/**/*.rake'
GitlabSecurity/SqlInjection:
Enabled: true
Exclude:
- 'spec/**/*'
- 'lib/**/*.rake'
GitlabSecurity/SystemCommandInjection:
Enabled: true
Exclude:
- 'spec/**/*'
- 'lib/**/*.rake'
...@@ -341,6 +341,7 @@ group :development, :test do ...@@ -341,6 +341,7 @@ group :development, :test do
gem 'rubocop', '~> 0.49.1', require: false gem 'rubocop', '~> 0.49.1', require: false
gem 'rubocop-rspec', '~> 1.15.1', require: false gem 'rubocop-rspec', '~> 1.15.1', require: false
gem 'rubocop-gitlab-security', '~> 0.0.6', require: false
gem 'scss_lint', '~> 0.54.0', require: false gem 'scss_lint', '~> 0.54.0', require: false
gem 'haml_lint', '~> 0.26.0', require: false gem 'haml_lint', '~> 0.26.0', require: false
gem 'simplecov', '~> 0.14.0', require: false gem 'simplecov', '~> 0.14.0', require: false
......
...@@ -742,7 +742,8 @@ GEM ...@@ -742,7 +742,8 @@ GEM
ruby-progressbar (~> 1.7) ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.0, >= 1.0.1) unicode-display_width (~> 1.0, >= 1.0.1)
rubocop-rspec (1.15.1) rubocop-rspec (1.15.1)
rubocop (>= 0.42.0) rubocop-gitlab-security (0.0.6)
rubocop (>= 0.47.0)
ruby-fogbugz (0.2.1) ruby-fogbugz (0.2.1)
crack (~> 0.4) crack (~> 0.4)
ruby-prof (0.16.2) ruby-prof (0.16.2)
...@@ -1089,6 +1090,7 @@ DEPENDENCIES ...@@ -1089,6 +1090,7 @@ DEPENDENCIES
rspec_profiling (~> 0.0.5) rspec_profiling (~> 0.0.5)
rubocop (~> 0.49.1) rubocop (~> 0.49.1)
rubocop-rspec (~> 1.15.1) rubocop-rspec (~> 1.15.1)
rubocop-gitlab-security (~> 0.0.6)
ruby-fogbugz (~> 0.2.1) ruby-fogbugz (~> 0.2.1)
ruby-prof (~> 0.16.2) ruby-prof (~> 0.16.2)
ruby_parser (~> 3.8) ruby_parser (~> 3.8)
......
...@@ -68,15 +68,15 @@ class Import::GithubController < Import::BaseController ...@@ -68,15 +68,15 @@ class Import::GithubController < Import::BaseController
end end
def new_import_url def new_import_url
public_send("new_import_#{provider}_url") public_send("new_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
end end
def status_import_url def status_import_url
public_send("status_import_#{provider}_url") public_send("status_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
end end
def callback_import_url def callback_import_url
public_send("callback_import_#{provider}_url") public_send("callback_import_#{provider}_url") # rubocop:disable GitlabSecurity/PublicSend
end end
def provider_unauthorized def provider_unauthorized
......
...@@ -234,7 +234,7 @@ module IssuablesHelper ...@@ -234,7 +234,7 @@ module IssuablesHelper
end end
def issuables_count_for_state(issuable_type, state, finder: nil) def issuables_count_for_state(issuable_type, state, finder: nil)
finder ||= public_send("#{issuable_type}_finder") finder ||= public_send("#{issuable_type}_finder") # rubocop:disable GitlabSecurity/PublicSend
cache_key = finder.state_counter_cache_key cache_key = finder.state_counter_cache_key
@counts ||= {} @counts ||= {}
......
...@@ -43,11 +43,11 @@ module LabelsHelper ...@@ -43,11 +43,11 @@ module LabelsHelper
def label_filter_path(subject, label, type: :issue) def label_filter_path(subject, label, type: :issue)
case subject case subject
when Group when Group
send("#{type.to_s.pluralize}_group_path", send("#{type.to_s.pluralize}_group_path", # rubocop:disable GitlabSecurity/PublicSend
subject, subject,
label_name: [label.name]) label_name: [label.name])
when Project when Project
send("namespace_project_#{type.to_s.pluralize}_path", send("namespace_project_#{type.to_s.pluralize}_path", # rubocop:disable GitlabSecurity/PublicSend
subject.namespace, subject.namespace,
subject, subject,
label_name: [label.name]) label_name: [label.name])
......
...@@ -58,7 +58,7 @@ module Spammable ...@@ -58,7 +58,7 @@ module Spammable
options.fetch(:spam_title, false) options.fetch(:spam_title, false)
end end
public_send(attr.first) if attr && respond_to?(attr.first.to_sym) public_send(attr.first) if attr && respond_to?(attr.first.to_sym) # rubocop:disable GitlabSecurity/PublicSend
end end
def spam_description def spam_description
...@@ -66,12 +66,12 @@ module Spammable ...@@ -66,12 +66,12 @@ module Spammable
options.fetch(:spam_description, false) options.fetch(:spam_description, false)
end end
public_send(attr.first) if attr && respond_to?(attr.first.to_sym) public_send(attr.first) if attr && respond_to?(attr.first.to_sym) # rubocop:disable GitlabSecurity/PublicSend
end end
def spammable_text def spammable_text
result = self.class.spammable_attrs.map do |attr| result = self.class.spammable_attrs.map do |attr|
public_send(attr.first) public_send(attr.first) # rubocop:disable GitlabSecurity/PublicSend
end end
result.reject(&:blank?).join("\n") result.reject(&:blank?).join("\n")
......
...@@ -44,7 +44,8 @@ module TokenAuthenticatable ...@@ -44,7 +44,8 @@ module TokenAuthenticatable
end end
define_method("ensure_#{token_field}!") do define_method("ensure_#{token_field}!") do
send("reset_#{token_field}!") if read_attribute(token_field).blank? send("reset_#{token_field}!") if read_attribute(token_field).blank? # rubocop:disable GitlabSecurity/PublicSend
read_attribute(token_field) read_attribute(token_field)
end end
......
...@@ -162,7 +162,7 @@ class MergeRequest < ActiveRecord::Base ...@@ -162,7 +162,7 @@ class MergeRequest < ActiveRecord::Base
target = unscoped.where(target_project_id: relation).select(:id) target = unscoped.where(target_project_id: relation).select(:id)
union = Gitlab::SQL::Union.new([source, target]) union = Gitlab::SQL::Union.new([source, target])
where("merge_requests.id IN (#{union.to_sql})") where("merge_requests.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
end end
WIP_REGEX = /\A\s*(\[WIP\]\s*|WIP:\s*|WIP\s+)+\s*/i.freeze WIP_REGEX = /\A\s*(\[WIP\]\s*|WIP:\s*|WIP\s+)+\s*/i.freeze
......
...@@ -26,7 +26,7 @@ class MergeRequestDiffCommit < ActiveRecord::Base ...@@ -26,7 +26,7 @@ class MergeRequestDiffCommit < ActiveRecord::Base
def to_hash def to_hash
Gitlab::Git::Commit::SERIALIZE_KEYS.each_with_object({}) do |key, hash| Gitlab::Git::Commit::SERIALIZE_KEYS.each_with_object({}) do |key, hash|
hash[key] = public_send(key) hash[key] = public_send(key) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
......
...@@ -66,6 +66,6 @@ class NotificationSetting < ActiveRecord::Base ...@@ -66,6 +66,6 @@ class NotificationSetting < ActiveRecord::Base
alias_method :failed_pipeline?, :failed_pipeline alias_method :failed_pipeline?, :failed_pipeline
def event_enabled?(event) def event_enabled?(event)
respond_to?(event) && !!public_send(event) respond_to?(event) && !!public_send(event) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -415,7 +415,7 @@ class Project < ActiveRecord::Base ...@@ -415,7 +415,7 @@ class Project < ActiveRecord::Base
union = Gitlab::SQL::Union.new([projects, namespaces]) union = Gitlab::SQL::Union.new([projects, namespaces])
where("projects.id IN (#{union.to_sql})") where("projects.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
end end
def search_by_title(query) def search_by_title(query)
...@@ -825,7 +825,7 @@ class Project < ActiveRecord::Base ...@@ -825,7 +825,7 @@ class Project < ActiveRecord::Base
if template.nil? if template.nil?
# If no template, we should create an instance. Ex `build_gitlab_ci_service` # If no template, we should create an instance. Ex `build_gitlab_ci_service`
public_send("build_#{service_name}_service") public_send("build_#{service_name}_service") # rubocop:disable GitlabSecurity/PublicSend
else else
Service.build_from_template(id, template) Service.build_from_template(id, template)
end end
...@@ -1326,7 +1326,7 @@ class Project < ActiveRecord::Base ...@@ -1326,7 +1326,7 @@ class Project < ActiveRecord::Base
end end
def append_or_update_attribute(name, value) def append_or_update_attribute(name, value)
old_values = public_send(name.to_s) old_values = public_send(name.to_s) # rubocop:disable GitlabSecurity/PublicSend
if Project.reflect_on_association(name).try(:macro) == :has_many && old_values.any? if Project.reflect_on_association(name).try(:macro) == :has_many && old_values.any?
update_attribute(name, old_values + value) update_attribute(name, old_values + value)
......
...@@ -55,7 +55,7 @@ class ProjectFeature < ActiveRecord::Base ...@@ -55,7 +55,7 @@ class ProjectFeature < ActiveRecord::Base
end end
def access_level(feature) def access_level(feature)
public_send(ProjectFeature.access_level_attribute(feature)) public_send(ProjectFeature.access_level_attribute(feature)) # rubocop:disable GitlabSecurity/PublicSend
end end
def builds_enabled? def builds_enabled?
...@@ -80,7 +80,7 @@ class ProjectFeature < ActiveRecord::Base ...@@ -80,7 +80,7 @@ class ProjectFeature < ActiveRecord::Base
# which cannot be higher than repository access level # which cannot be higher than repository access level
def repository_children_level def repository_children_level
validator = lambda do |field| validator = lambda do |field|
level = public_send(field) || ProjectFeature::ENABLED level = public_send(field) || ProjectFeature::ENABLED # rubocop:disable GitlabSecurity/PublicSend
not_allowed = level > repository_access_level not_allowed = level > repository_access_level
self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed self.errors.add(field, "cannot have higher visibility level than repository access level") if not_allowed
end end
......
...@@ -14,7 +14,7 @@ class ProjectStatistics < ActiveRecord::Base ...@@ -14,7 +14,7 @@ class ProjectStatistics < ActiveRecord::Base
def refresh!(only: nil) def refresh!(only: nil)
STATISTICS_COLUMNS.each do |column, generator| STATISTICS_COLUMNS.each do |column, generator|
if only.blank? || only.include?(column) if only.blank? || only.include?(column)
public_send("update_#{column}") public_send("update_#{column}") # rubocop:disable GitlabSecurity/PublicSend
end end
end end
......
...@@ -300,7 +300,7 @@ class Repository ...@@ -300,7 +300,7 @@ class Repository
expire_method_caches(to_refresh) expire_method_caches(to_refresh)
to_refresh.each { |method| send(method) } to_refresh.each { |method| send(method) } # rubocop:disable GitlabSecurity/PublicSend
end end
def expire_branch_cache(branch_name = nil) def expire_branch_cache(branch_name = nil)
......
...@@ -528,7 +528,7 @@ class User < ActiveRecord::Base ...@@ -528,7 +528,7 @@ class User < ActiveRecord::Base
union = Gitlab::SQL::Union union = Gitlab::SQL::Union
.new([groups.select(:id), authorized_projects.select(:namespace_id)]) .new([groups.select(:id), authorized_projects.select(:namespace_id)])
Group.where("namespaces.id IN (#{union.to_sql})") Group.where("namespaces.id IN (#{union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
end end
# Returns a relation of groups the user has access to, including their parent # Returns a relation of groups the user has access to, including their parent
...@@ -719,8 +719,8 @@ class User < ActiveRecord::Base ...@@ -719,8 +719,8 @@ class User < ActiveRecord::Base
def sanitize_attrs def sanitize_attrs
%w[username skype linkedin twitter].each do |attr| %w[username skype linkedin twitter].each do |attr|
value = public_send(attr) value = public_send(attr) # rubocop:disable GitlabSecurity/PublicSend
public_send("#{attr}=", Sanitize.clean(value)) if value.present? public_send("#{attr}=", Sanitize.clean(value)) if value.present? # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -779,7 +779,7 @@ class User < ActiveRecord::Base ...@@ -779,7 +779,7 @@ class User < ActiveRecord::Base
def with_defaults def with_defaults
User.defaults.each do |k, v| User.defaults.each do |k, v|
public_send("#{k}=", v) public_send("#{k}=", v) # rubocop:disable GitlabSecurity/PublicSend
end end
self self
...@@ -919,7 +919,7 @@ class User < ActiveRecord::Base ...@@ -919,7 +919,7 @@ class User < ActiveRecord::Base
def ci_authorized_runners def ci_authorized_runners
@ci_authorized_runners ||= begin @ci_authorized_runners ||= begin
runner_ids = Ci::RunnerProject runner_ids = Ci::RunnerProject
.where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") .where("ci_runner_projects.project_id IN (#{ci_projects_union.to_sql})") # rubocop:disable GitlabSecurity/SqlInjection
.select(:runner_id) .select(:runner_id)
Ci::Runner.specific.where(id: runner_ids) Ci::Runner.specific.where(id: runner_ids)
end end
......
...@@ -35,6 +35,6 @@ class AnalyticsBuildEntity < Grape::Entity ...@@ -35,6 +35,6 @@ class AnalyticsBuildEntity < Grape::Entity
private private
def url_to(route, build, id = nil) def url_to(route, build, id = nil)
public_send("#{route}_url", build.project.namespace, build.project, id || build) public_send("#{route}_url", build.project.namespace, build.project, id || build) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -24,6 +24,6 @@ class AnalyticsIssueEntity < Grape::Entity ...@@ -24,6 +24,6 @@ class AnalyticsIssueEntity < Grape::Entity
private private
def url_to(route, id) def url_to(route, id)
public_send("#{route}_url", request.project.namespace, request.project, id) public_send("#{route}_url", request.project.namespace, request.project, id) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -46,6 +46,6 @@ class JobEntity < Grape::Entity ...@@ -46,6 +46,6 @@ class JobEntity < Grape::Entity
end end
def path_to(route, build) def path_to(route, build)
send("#{route}_path", build.project.namespace, build.project, build) send("#{route}_path", build.project.namespace, build.project, build) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -37,7 +37,7 @@ module Labels ...@@ -37,7 +37,7 @@ module Labels
union = Gitlab::SQL::Union.new(label_ids) union = Gitlab::SQL::Union.new(label_ids)
Label.where("labels.id IN (#{union.to_sql})").reorder(nil).uniq Label.where("labels.id IN (#{union.to_sql})").reorder(nil).uniq # rubocop:disable GitlabSecurity/SqlInjection
end end
def group_labels_applied_to_issues def group_labels_applied_to_issues
......
...@@ -4,7 +4,7 @@ class PagesWorker ...@@ -4,7 +4,7 @@ class PagesWorker
sidekiq_options queue: :pages, retry: false sidekiq_options queue: :pages, retry: false
def perform(action, *arg) def perform(action, *arg)
send(action, *arg) send(action, *arg) # rubocop:disable GitlabSecurity/PublicSend
end end
def deploy(build_id) def deploy(build_id)
......
...@@ -176,7 +176,7 @@ module Gitlab ...@@ -176,7 +176,7 @@ module Gitlab
next unless name.include?('namespace_project') next unless name.include?('namespace_project')
define_method(name.sub('namespace_project', 'project')) do |project, *args| define_method(name.sub('namespace_project', 'project')) do |project, *args|
send(name, project&.namespace, project, *args) send(name, project&.namespace, project, *args) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
end end
......
...@@ -18,7 +18,7 @@ module ActiveRecord ...@@ -18,7 +18,7 @@ module ActiveRecord
lock_col = self.class.locking_column lock_col = self.class.locking_column
previous_lock_value = send(lock_col).to_i previous_lock_value = send(lock_col).to_i # rubocop:disable GitlabSecurity/PublicSend
# This line is added as a patch # This line is added as a patch
previous_lock_value = nil if previous_lock_value == '0' || previous_lock_value == 0 previous_lock_value = nil if previous_lock_value == '0' || previous_lock_value == 0
...@@ -48,7 +48,7 @@ module ActiveRecord ...@@ -48,7 +48,7 @@ module ActiveRecord
# If something went wrong, revert the version. # If something went wrong, revert the version.
rescue Exception rescue Exception
send(lock_col + '=', previous_lock_value) send(lock_col + '=', previous_lock_value) # rubocop:disable GitlabSecurity/PublicSend
raise raise
end end
end end
......
# rubocop:disable GitlabSecurity/PublicSend
module API module API
module Helpers module Helpers
module MembersHelpers module MembersHelpers
def find_source(source_type, id) def find_source(source_type, id)
public_send("find_#{source_type}!", id) public_send("find_#{source_type}!", id) # rubocop:disable GitlabSecurity/PublicSend
end end
def authorize_admin_source!(source_type, source) def authorize_admin_source!(source_type, source)
......
...@@ -139,7 +139,7 @@ module API ...@@ -139,7 +139,7 @@ module API
helpers do helpers do
def find_project_noteable(noteables_str, noteable_id) def find_project_noteable(noteables_str, noteable_id)
public_send("find_project_#{noteables_str.singularize}", noteable_id) public_send("find_project_#{noteables_str.singularize}", noteable_id) # rubocop:disable GitlabSecurity/PublicSend
end end
def noteable_read_ability_name(noteable) def noteable_read_ability_name(noteable)
......
...@@ -254,7 +254,7 @@ module Ci ...@@ -254,7 +254,7 @@ module Ci
def state def state
state = STATE_PARAMS.inject({}) do |h, param| state = STATE_PARAMS.inject({}) do |h, param|
h[param] = send(param) h[param] = send(param) # rubocop:disable GitlabSecurity/PublicSend
h h
end end
Base64.urlsafe_encode64(state.to_json) Base64.urlsafe_encode64(state.to_json)
...@@ -266,7 +266,7 @@ module Ci ...@@ -266,7 +266,7 @@ module Ci
return if state[:offset].to_i > stream.size return if state[:offset].to_i > stream.size
STATE_PARAMS.each do |param| STATE_PARAMS.each do |param|
send("#{param}=".to_sym, state[param]) send("#{param}=".to_sym, state[param]) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
......
...@@ -47,7 +47,7 @@ module Ci ...@@ -47,7 +47,7 @@ module Ci
def collect def collect
query = project.pipelines query = project.pipelines
.where("? > #{Ci::Pipeline.table_name}.created_at AND #{Ci::Pipeline.table_name}.created_at > ?", @to, @from) .where("? > #{Ci::Pipeline.table_name}.created_at AND #{Ci::Pipeline.table_name}.created_at > ?", @to, @from) # rubocop:disable GitlabSecurity/SqlInjection
totals_count = grouped_count(query) totals_count = grouped_count(query)
success_count = grouped_count(query.success) success_count = grouped_count(query.success)
......
...@@ -21,7 +21,7 @@ module Gitlab ...@@ -21,7 +21,7 @@ module Gitlab
def to_hash def to_hash
hash = {} hash = {}
serialize_keys.each { |key| hash[key] = send(key) } serialize_keys.each { |key| hash[key] = send(key) } # rubocop:disable GitlabSecurity/PublicSend
hash hash
end end
......
...@@ -319,7 +319,7 @@ module Gitlab ...@@ -319,7 +319,7 @@ module Gitlab
def to_hash def to_hash
serialize_keys.map.with_object({}) do |key, hash| serialize_keys.map.with_object({}) do |key, hash|
hash[key] = send(key) hash[key] = send(key) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
...@@ -412,7 +412,7 @@ module Gitlab ...@@ -412,7 +412,7 @@ module Gitlab
raw_commit = hash.symbolize_keys raw_commit = hash.symbolize_keys
serialize_keys.each do |key| serialize_keys.each do |key|
send("#{key}=", raw_commit[key]) send("#{key}=", raw_commit[key]) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
......
...@@ -143,7 +143,7 @@ module Gitlab ...@@ -143,7 +143,7 @@ module Gitlab
hash = {} hash = {}
SERIALIZE_KEYS.each do |key| SERIALIZE_KEYS.each do |key|
hash[key] = send(key) hash[key] = send(key) # rubocop:disable GitlabSecurity/PublicSend
end end
hash hash
...@@ -221,7 +221,7 @@ module Gitlab ...@@ -221,7 +221,7 @@ module Gitlab
raw_diff = hash.symbolize_keys raw_diff = hash.symbolize_keys
SERIALIZE_KEYS.each do |key| SERIALIZE_KEYS.each do |key|
send(:"#{key}=", raw_diff[key.to_sym]) send(:"#{key}=", raw_diff[key.to_sym]) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
......
...@@ -7,13 +7,13 @@ module Gitlab ...@@ -7,13 +7,13 @@ module Gitlab
def initialize(params) def initialize(params)
params.each do |key, val| params.each do |key, val|
public_send(:"#{key}=", val) public_send(:"#{key}=", val) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
def ==(other) def ==(other)
FIELDS.all? do |field| FIELDS.all? do |field|
public_send(field) == other.public_send(field) public_send(field) == other.public_send(field) # rubocop:disable GitlabSecurity/PublicSend
end end
end end
end end
......
...@@ -45,7 +45,7 @@ module Gitlab ...@@ -45,7 +45,7 @@ module Gitlab
end end
def all def all
REFERABLES.each { |referable| send(referable.to_s.pluralize) } REFERABLES.each { |referable| send(referable.to_s.pluralize) } # rubocop:disable GitlabSecurity/PublicSend
@references.values.flatten @references.values.flatten
end end
......
...@@ -18,7 +18,7 @@ module StaticModel ...@@ -18,7 +18,7 @@ module StaticModel
# #
# Pass it along if we respond to it. # Pass it along if we respond to it.
def [](key) def [](key)
send(key) if respond_to?(key) send(key) if respond_to?(key) # rubocop:disable GitlabSecurity/PublicSend
end end
def to_param def to_param
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment