gitlab-experiment 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0d1ad31e8b977491ccdd1a9d21fc348482d3942c80a3e2935a6ccabc515b4243
-  data.tar.gz: bdf9a4b67bb2b5a72931c081fed88ac246853a2e90f4f7f5c08bf7bdb9d8f55e
+  metadata.gz: cd00eb06f769b8268e0e02e7d48b38dbef6be029c8f4d02b127e9f2b44f9dbc3
+  data.tar.gz: 7a3b9c5357489afd4b14bd6411536b1a2484c50f44934cc646b20abd1607ab0b
 SHA512:
-  metadata.gz: dc1cc5077144d4e5514b6804599bba8e6829ad6472e5e362cde88940995b174f9989733fea17da91be92dc172694a4394ee0db7974efba8d6eb4e77e769a57ee
-  data.tar.gz: 958cf74fa36b1588fd7f83776e87c7f8c92120cb8a6d421c09a4bd207adffdfcfe69ea295dd1e6a49d371225988f6fde3f559baf64d755a0c9176a33e7efddca
+  metadata.gz: '08ea7e0b62c92e7674a72271e388dd104878ad2b9328ad016fba758762e244b51da1a089cec0d74e1db11fba4da3e2bc59524ef2839424295fa3c7307c73cb87'
+  data.tar.gz: 7ecfc7bbaa0803b67ccfd642c7c06baec43cde54b41cc768a7c1a1537e5c6cae6e13a355bdf342d4cdaebef15f5a1b99e76676c87612d857affb865bb543e07d

data/lib/generators/gitlab/experiment/install/templates/initializer.rb.tt

@@ -56,6 +56,16 @@ Gitlab::Experiment.configure do |config|
   #   '/-/experiment', '/redirect', nil
   config.mount_at = '/experiment'
 
+  # When using the middleware, links can be instrumented and redirected
+  # elsewhere. This can be exploited to make a harmful url look innocuous or
+  # that it's a valid url on your domain. To avoid this, you can provide your
+  # own logic for what urls will be considered valid and redirected to.
+  #
+  # Expected to return a boolean value.
+  config.redirect_url_validator = lambda do |redirect_url|
+    true
+  end
+
   # Logic this project uses to determine inclusion in a given experiment.
   #
   # Expected to return a boolean value.

data/lib/gitlab/experiment.rb

@@ -120,6 +120,13 @@ module Gitlab
       instance_exec(action, event_args, &Configuration.tracking_behavior)
     end
 
+    def process_redirect_url(url)
+      return unless Configuration.redirect_url_validator&.call(url)
+
+      track('visited', url: url)
+      url # return the url, which allows for mutation
+    end
+
     def enabled?
       true
     end

data/lib/gitlab/experiment/base_interface.rb

@@ -29,7 +29,7 @@ module Gitlab
 
         def from_param(id)
           %r{/?(?<name>.*):(?<key>.*)$} =~ id
-          Gitlab::Experiment.new(name).tap { |e| e.context.key(key) }
+          constantize(name).new(name).tap { |e| e.context.key(key) }
         end
       end
 

data/lib/gitlab/experiment/configuration.rb

@@ -39,17 +39,19 @@ module Gitlab
 
       # The default base path that the middleware (or rails engine) will be
       # mounted.
-      @mount_at = '/experiment'
+      @mount_at = nil
+
+      # The middleware won't redirect to urls that aren't considered valid.
+      # Expected to return a boolean value.
+      @redirect_url_validator = ->(_redirect_url) { true }
 
       # Logic this project uses to determine inclusion in a given experiment.
       # Expected to return a boolean value.
-      @inclusion_resolver = lambda do |requested_variant|
-        false
-      end
+      @inclusion_resolver = ->(_requested_variant) { false }
 
       # Tracking behavior can be implemented to link an event to an experiment.
       @tracking_behavior = lambda do |event, args|
-        Configuration.logger.info "Gitlab::Experiment[#{name}] #{event}: #{args.merge(signature: signature)}"
+        Configuration.logger.info("#{self.class.name}[#{name}] #{event}: #{args.merge(signature: signature)}")
       end
 
       # Called at the end of every experiment run, with the result.
@@ -88,6 +90,7 @@ module Gitlab
           :context_key_bit_length,
           :mount_at,
           :default_rollout,
+          :redirect_url_validator,
           :inclusion_resolver,
           :tracking_behavior,
           :publishing_behavior

data/lib/gitlab/experiment/dsl.rb

@@ -3,6 +3,10 @@
 module Gitlab
   class Experiment
     module Dsl
+      def self.include_in(klass, with_helper: false)
+        klass.include(self).tap { |base| base.helper_method(:experiment) if with_helper }
+      end
+
       def experiment(name, variant_name = nil, **context, &block)
         raise ArgumentError, 'name is required' if name.nil?
 

data/lib/gitlab/experiment/engine.rb

@@ -1,34 +1,42 @@
 # frozen_string_literal: true
 
+require 'active_model'
+
 module Gitlab
   class Experiment
+    include ActiveModel::Model
+
+    # used for generating routes
+    def self.model_name
+      ActiveModel::Name.new(self, Gitlab)
+    end
+
     class Engine < ::Rails::Engine
-      def self.include_dsl
-        if defined?(ActionController)
-          ActionController::Base.include(Dsl)
-          ActionController::Base.helper_method(:experiment)
-        end
+      isolate_namespace Experiment
 
-        return unless defined?(ActionMailer)
+      initializer('gitlab_experiment.include_dsl') { include_dsl }
+      initializer('gitlab_experiment.mount_engine') { |app| mount_engine(app, Configuration.mount_at) }
 
-        ActionMailer::Base.include(Dsl)
-        ActionMailer::Base.helper_method(:experiment)
+      private
+
+      def include_dsl
+        Dsl.include_in(ActionController::Base, with_helper: true) if defined?(ActionController)
+        Dsl.include_in(ActionMailer::Base, with_helper: true) if defined?(ActionMailer)
       end
 
-      def add_middleware(app, base_path)
-        return if base_path.blank?
+      def mount_engine(app, mount_at)
+        return if mount_at.blank?
 
-        app.config.middleware.use(Middleware, base_path)
-        app.routes.append do
-          direct :experiment_redirect do |experiment, to_url|
-            [base_path, experiment.to_param].join('/') + "?#{to_url}"
-          end
+        engine = routes do
+          default_url_options app.routes.default_url_options
+          resources :experiments, path: '/', only: :show
         end
-      end
 
-      config.after_initialize { include_dsl }
-      initializer 'gitlab_experiment.add_middleware' do |app|
-        add_middleware(app, Configuration.mount_at)
+        app.config.middleware.use(Middleware, mount_at)
+        app.routes.append do
+          mount Engine, at: mount_at, as: :experiment_engine
+          direct(:experiment_redirect) { |ex, url:| "#{engine.url_helpers.experiment_url(ex)}?#{url}" }
+        end
       end
     end
   end

data/lib/gitlab/experiment/middleware.rb

@@ -6,8 +6,8 @@ module Gitlab
       def self.redirect(id, url)
         raise Error, 'no url to redirect to' if url.blank?
 
-        Gitlab::Experiment.from_param(id).tap { |e| e.track('visited', url: url) }
-        [303, { 'Location' => url }, []]
+        experiment = Gitlab::Experiment.from_param(id)
+        [303, { 'Location' => experiment.process_redirect_url(url) || raise(Error, 'not redirecting') }, []]
       end
 
       def initialize(app, base_path)

data/lib/gitlab/experiment/rspec.rb

@@ -82,7 +82,7 @@ module Gitlab
       extend RSpec::Matchers::DSL
 
       def require_experiment(experiment, matcher_name, classes: false)
-        klass = experiment.class == Class ? experiment : experiment.class
+        klass = experiment.instance_of?(Class) ? experiment : experiment.class
         unless klass <= Gitlab::Experiment
           raise(
             ArgumentError,

data/lib/gitlab/experiment/version.rb

@@ -2,6 +2,6 @@
 
 module Gitlab
   class Experiment
-    VERSION = '0.6.1'
+    VERSION = '0.6.2'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-experiment
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - GitLab
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-06-22 00:00:00.000000000 Z
+date: 
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -65,38 +65,52 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- LICENSE.txt
-- README.md
-- lib/generators/gitlab/experiment/USAGE
-- lib/generators/gitlab/experiment/experiment_generator.rb
+- lib/generators/gitlab
+- lib/generators/gitlab/experiment
+- lib/generators/gitlab/experiment/install
 - lib/generators/gitlab/experiment/install/install_generator.rb
-- lib/generators/gitlab/experiment/install/templates/POST_INSTALL
+- lib/generators/gitlab/experiment/install/templates
 - lib/generators/gitlab/experiment/install/templates/application_experiment.rb.tt
 - lib/generators/gitlab/experiment/install/templates/initializer.rb.tt
+- lib/generators/gitlab/experiment/install/templates/POST_INSTALL
+- lib/generators/gitlab/experiment/USAGE
+- lib/generators/gitlab/experiment/experiment_generator.rb
+- lib/generators/gitlab/experiment/templates
 - lib/generators/gitlab/experiment/templates/experiment.rb.tt
-- lib/generators/rspec/experiment/experiment_generator.rb
-- lib/generators/rspec/experiment/templates/experiment_spec.rb.tt
+- lib/generators/test_unit
+- lib/generators/test_unit/experiment
 - lib/generators/test_unit/experiment/experiment_generator.rb
+- lib/generators/test_unit/experiment/templates
 - lib/generators/test_unit/experiment/templates/experiment_test.rb.tt
+- lib/generators/rspec
+- lib/generators/rspec/experiment
+- lib/generators/rspec/experiment/experiment_generator.rb
+- lib/generators/rspec/experiment/templates
+- lib/generators/rspec/experiment/templates/experiment_spec.rb.tt
 - lib/gitlab/experiment.rb
-- lib/gitlab/experiment/base_interface.rb
-- lib/gitlab/experiment/cache.rb
+- lib/gitlab/experiment
+- lib/gitlab/experiment/variant.rb
+- lib/gitlab/experiment/middleware.rb
+- lib/gitlab/experiment/cache
 - lib/gitlab/experiment/cache/redis_hash_store.rb
+- lib/gitlab/experiment/errors.rb
 - lib/gitlab/experiment/callbacks.rb
-- lib/gitlab/experiment/configuration.rb
+- lib/gitlab/experiment/rollout.rb
+- lib/gitlab/experiment/base_interface.rb
 - lib/gitlab/experiment/context.rb
-- lib/gitlab/experiment/cookies.rb
-- lib/gitlab/experiment/dsl.rb
 - lib/gitlab/experiment/engine.rb
-- lib/gitlab/experiment/errors.rb
-- lib/gitlab/experiment/middleware.rb
-- lib/gitlab/experiment/rollout.rb
-- lib/gitlab/experiment/rollout/percent.rb
+- lib/gitlab/experiment/rspec.rb
+- lib/gitlab/experiment/rollout
 - lib/gitlab/experiment/rollout/random.rb
 - lib/gitlab/experiment/rollout/round_robin.rb
-- lib/gitlab/experiment/rspec.rb
-- lib/gitlab/experiment/variant.rb
+- lib/gitlab/experiment/rollout/percent.rb
+- lib/gitlab/experiment/cache.rb
 - lib/gitlab/experiment/version.rb
+- lib/gitlab/experiment/cookies.rb
+- lib/gitlab/experiment/configuration.rb
+- lib/gitlab/experiment/dsl.rb
+- LICENSE.txt
+- README.md
 homepage: https://gitlab.com/gitlab-org/gitlab-experiment
 licenses:
 - MIT
@@ -116,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.20
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: GitLab experiment library built on top of scientist.