gitlab-exporter 11.18.0 → 12.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 885bd06ee8dbcc064e6f1f05fb13d2b216d8f371f2781d4fb6118ac1ab073236
-  data.tar.gz: 2257a1c7eaf0caecd81adc4f7db1b66f2d4176fe3d594969be15add4fb190ce9
+  metadata.gz: 7c67811051d44f3c3e2fe6213eeb60f7a1c7997ddd2409008d52949cff5560fa
+  data.tar.gz: 0d750aef0b50d237783a09c22c35fdbcef0651a4998f6363cef2447786b9f8e1
 SHA512:
-  metadata.gz: 3c7683f8f49f4d600bff7612eb1a7608b994ab19a5e8c220ebc78115ffd05ac8f778d2d57a2036a444570254eae1d0278f3bfcc5716ea79134ac9b87e6bde417
-  data.tar.gz: 336f305f91b21446789b8152d255929419bf494ed6f1c74faf03e7c4b89e4b117b02e584170ec5d64efddd64c4ad6f0adc1a8037b00f7c26fcb2835ddc9a49ff
+  metadata.gz: 5e60b685e6005754b165963ad218462875a80eb26aef8f5a01753fb90c138f6e98e2ceb13a43aea058487579c2a9068328611af78b01ba6b58a391cc0d0e84a0
+  data.tar.gz: 611b3b9f1a66a50e7754a27f16f8fbd12f143559607fa1a4097c252823ace586043d334df8ae2a6a7060a52adb01b24ff6978141267bdddb2dc9b595d8f004e1

data/.gitlab-ci.yml

@@ -43,8 +43,19 @@ rspec:
   before_script: *before_scripts
   parallel:
     matrix:
-      - RUBY_VERSION: "2.7"
-      - RUBY_VERSION: "3.0"
+      - RUBY_VERSION: ["2.7", "3.0"]
+
+rspec_integration:
+  script:
+    - bundle exec rspec spec -t integration -f d -c
+  before_script: *before_scripts
+  services:
+    - redis:latest
+  variables:
+    REDIS_URL: "redis://redis"
+  parallel:
+    matrix:
+      - RUBY_VERSION: ["2.7", "3.0"]
 
 rubocop:
   script:

data/.ruby-version

@@ -1 +1 @@
-2.7.4
+2.7.7

data/Gemfile.lock

@@ -1,14 +1,14 @@
 PATH
   remote: .
   specs:
-    gitlab-exporter (11.18.0)
+    gitlab-exporter (12.1.0)
       connection_pool (= 2.2.5)
       faraday (~> 1.8.0)
       pg (= 1.2.3)
-      puma (= 5.6.2)
+      puma (= 5.6.5)
       quantile (= 0.2.1)
       redis (= 4.4.0)
-      redis-namespace (= 1.6.0)
+      redis-namespace (= 1.9.0)
       sidekiq (= 6.4.0)
       sinatra (~> 2.2.0)
 
@@ -45,16 +45,16 @@ GEM
     parser (3.0.0.0)
       ast (~> 2.4.1)
     pg (1.2.3)
-    puma (5.6.2)
+    puma (5.6.5)
       nio4r (~> 2.0)
     quantile (0.2.1)
-    rack (2.2.4)
-    rack-protection (2.2.2)
+    rack (2.2.5)
+    rack-protection (2.2.4)
       rack
     rainbow (3.0.0)
     redis (4.4.0)
-    redis-namespace (1.6.0)
-      redis (>= 3.0.4)
+    redis-namespace (1.9.0)
+      redis (>= 4)
     regexp_parser (2.0.3)
     rexml (3.2.4)
     rspec (3.7.0)
@@ -87,10 +87,10 @@ GEM
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
       redis (>= 4.2.0)
-    sinatra (2.2.2)
+    sinatra (2.2.4)
       mustermann (~> 2.0)
       rack (~> 2.2)
-      rack-protection (= 2.2.2)
+      rack-protection (= 2.2.4)
       tilt (~> 2.0)
     tilt (2.0.11)
     unicode-display_width (1.7.0)

data/gitlab-exporter.gemspec

@@ -23,10 +23,10 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "connection_pool", "2.2.5"
   s.add_runtime_dependency "faraday", "~> 1.8.0"
   s.add_runtime_dependency "pg", "1.2.3"
-  s.add_runtime_dependency "puma", "5.6.2"
+  s.add_runtime_dependency "puma", "5.6.5"
   s.add_runtime_dependency "quantile", "0.2.1"
   s.add_runtime_dependency "redis", "4.4.0"
-  s.add_runtime_dependency "redis-namespace", "1.6.0"
+  s.add_runtime_dependency "redis-namespace", "1.9.0"
   s.add_runtime_dependency "sidekiq", "6.4.0"
   s.add_runtime_dependency "sinatra", "~> 2.2.0"
 

data/lib/gitlab_exporter/database/row_count.rb

@@ -19,11 +19,6 @@ module GitLab
           projects.mirror = true
           AND projects.archived = false
           AND project_mirror_data.retry_count <= 14
-          AND (
-            (projects.visibility_level = 20 AND root_namespaces.visibility_level = 20)
-            OR
-            plans.name IN ('early_adopter', 'bronze', 'silver', 'gold')
-          )
           AND project_mirror_data.next_execution_timestamp > '2020-03-28'
         SQL
 
@@ -31,15 +26,6 @@ module GitLab
           select: :projects,
           joins: <<~SQL,
             INNER JOIN project_mirror_data ON project_mirror_data.project_id = projects.id
-            INNER JOIN namespaces AS root_namespaces ON root_namespaces.id = (
-              WITH RECURSIVE "base_and_ancestors" AS (
-                (SELECT "namespaces".* FROM "namespaces" WHERE "namespaces"."id" = projects.namespace_id)
-                UNION
-                (SELECT "namespaces".* FROM "namespaces", "base_and_ancestors" WHERE "namespaces"."id" = "base_and_ancestors"."parent_id")
-              ) SELECT "namespaces".id FROM "base_and_ancestors" AS "namespaces" WHERE "namespaces"."parent_id" IS NULL
-            )
-            LEFT JOIN gitlab_subscriptions ON gitlab_subscriptions.namespace_id = root_namespaces.id
-            LEFT JOIN plans ON plans.id = gitlab_subscriptions.hosted_plan_id
           SQL
           check: "SELECT 1 FROM information_schema.tables WHERE table_name='plans'"
         }.freeze
@@ -125,9 +111,10 @@ module GitLab
               archived: {}
             }
           },
-          groups: {
+          namespaces: {
             select: :namespaces,
             fields: {
+              type: {},
               visibility_level: {},
               root: { definition: "(parent_id IS NULL)" }
             }
@@ -191,21 +178,21 @@ module GitLab
             select: :container_repositories,
             where: <<~SQL
               migration_state = 'pre_importing'
-              AND (COALESCE(migration_pre_import_started_at, '01-01-1970') < (now() - INTERVAL '20 minutes'))
+              AND (COALESCE(migration_pre_import_started_at, TO_TIMESTAMP(0)) < (now() - INTERVAL '20 minutes'))
             SQL
           },
           container_repositories_stalled_pre_import_done: {
             select: :container_repositories,
             where: <<~SQL
               migration_state = 'pre_import_done'
-              AND (COALESCE(migration_pre_import_done_at, '01-01-1970') < (now() - INTERVAL '5 minutes'))
+              AND (COALESCE(migration_pre_import_done_at, TO_TIMESTAMP(0)) < (now() - INTERVAL '5 minutes'))
             SQL
           },
           container_repositories_stalled_importing: {
             select: :container_repositories,
             where: <<~SQL
               migration_state = 'importing'
-              AND (COALESCE(migration_import_started_at, '01-01-1970') < (now() - INTERVAL '5 minutes'))
+              AND (COALESCE(migration_import_started_at, TO_TIMESTAMP(0)) < (now() - INTERVAL '5 minutes'))
             SQL
           },
           container_repositories_skipped_not_in_plan: {

data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
+  fail <<~ERR
+    This patch is unnecessary in Rack versions 3.0.0 or newer.
+    Please remove this file and the associated spec.
+
+    See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
+  ERR
+end
+
+# Patches a cache poisoning attack vector in Rack by not allowing semicolons
+# to delimit query parameters.
+# See https://github.com/rack/rack/issues/1732.
+#
+# Solution is taken from the same issue.
+#
+# The actual patch is due for release in Rack 3.0.0.
+module Rack
+  class Request # rubocop:disable Style/Documentation
+    Helpers.module_eval do
+      # rubocop: disable Naming/MethodName
+      def GET
+        if get_header(RACK_REQUEST_QUERY_STRING) == query_string
+          get_header(RACK_REQUEST_QUERY_HASH)
+        else
+          query_hash = parse_query(query_string, "&") # only allow ampersand here
+          set_header(RACK_REQUEST_QUERY_STRING, query_string)
+          set_header(RACK_REQUEST_QUERY_HASH, query_hash)
+        end
+      end
+      # rubocop: enable Naming/MethodName
+    end
+  end
+end

data/lib/gitlab_exporter/version.rb

@@ -1,5 +1,5 @@
 module GitLab
   module Exporter
-    VERSION = "11.18.0".freeze
+    VERSION = "12.1.0".freeze
   end
 end

data/lib/gitlab_exporter/web_exporter.rb

@@ -2,6 +2,7 @@ require "sinatra/base"
 require "English"
 require "cgi"
 
+require_relative "rack_vulndb_255039_patch"
 require_relative "tls_helper"
 
 module GitLab

data/spec/integration/cli_spec.rb

@@ -0,0 +1,20 @@
+require "spec_helper"
+require "gitlab_exporter/cli"
+
+module GitLab
+  module Exporter
+    module CLI
+      describe SidekiqRunner, :integration do
+        let(:redis_url) { ENV.fetch("REDIS_URL", "redis://localhost:6379") }
+        let(:io) { StringIO.new }
+
+        it "can properly reach out to redis" do
+          args = CLIArgs.new([io], options: { /^--redis-url/ => redis_url })
+          runner = SidekiqRunner.new(args)
+
+          expect { runner.run }.not_to raise_error
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -7,6 +7,10 @@ require "tmpdir"
 $LOAD_PATH.unshift File.expand_path(".")
 Dir["spec/support/**/*.rb"].each do |f| require f end
 
+RSpec.configure do |config|
+  config.filter_run_excluding integration: true
+end
+
 class GitRepoBuilder
   def origin
     @origin ||= create_origin
@@ -41,19 +45,30 @@ class GitRepoBuilder
 end
 
 class CLIArgs
-  def initialize(args)
+  def initialize(args, options: {})
     @arguments = args
+    @options = options
   end
 
   def options
     yield self
+
+    self
   end
 
-  def on(*args); end
+  def on(flag, *_)
+    match = @options.find { |regex, _| regex.match?(flag) }
+
+    yield match[1] if match
+  end
 
   def banner=(banner); end
 
   def parse!
     @arguments
   end
+
+  def shift
+    @arguments.shift
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-exporter
 version: !ruby/object:Gem::Version
-  version: 11.18.0
+  version: 12.1.0
 platform: ruby
 authors:
 - Pablo Carranza
@@ -58,14 +58,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.6.2
+        version: 5.6.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.6.2
+        version: 5.6.5
 - !ruby/object:Gem::Dependency
   name: quantile
   requirement: !ruby/object:Gem::Requirement
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.9.0
 - !ruby/object:Gem::Dependency
   name: sidekiq
   requirement: !ruby/object:Gem::Requirement
@@ -202,6 +202,7 @@ files:
 - lib/gitlab_exporter/prober.rb
 - lib/gitlab_exporter/process.rb
 - lib/gitlab_exporter/prometheus.rb
+- lib/gitlab_exporter/rack_vulndb_255039_patch.rb
 - lib/gitlab_exporter/ruby.rb
 - lib/gitlab_exporter/sidekiq.rb
 - lib/gitlab_exporter/tls_helper.rb
@@ -216,6 +217,7 @@ files:
 - spec/fixtures/smaps/sample.txt
 - spec/git_process_proper_spec.rb
 - spec/git_spec.rb
+- spec/integration/cli_spec.rb
 - spec/memstats_spec.rb
 - spec/prometheus_metrics_spec.rb
 - spec/ruby_spec.rb
@@ -253,6 +255,7 @@ test_files:
 - spec/fixtures/smaps/sample.txt
 - spec/git_process_proper_spec.rb
 - spec/git_spec.rb
+- spec/integration/cli_spec.rb
 - spec/memstats_spec.rb
 - spec/prometheus_metrics_spec.rb
 - spec/ruby_spec.rb