gitlab-exporter 11.19.0 → 12.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca354fcfa5a8bde34e45a37610546ed70135c1a9208e92f2986c1811ddf9bf26
|
|
4
|
+
data.tar.gz: fc584b756b3032c31d758271d603df84104821be727b4fce50b23f7cf5488185
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f199b0d85a71d607023bb39e2d16d8aec6fff0506ea151b5358c1ce374d34e0ae91ad1eb70079da22ca8ba726b3f4d758517623a00bfa5bef8b72e97b5c2f2d
|
|
7
|
+
data.tar.gz: 76bcce5399be29898662aa0cb067d1285bf41c1a2286380b835924aeac0b8d3577b874ad943f080c6a93076715e1e32a7172d28e8c06e7b929766faf561cd7d6
|
data/Gemfile.lock
CHANGED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
|
|
4
|
+
fail <<~ERR
|
|
5
|
+
This patch is unnecessary in Rack versions 3.0.0 or newer.
|
|
6
|
+
Please remove this file and the associated spec.
|
|
7
|
+
|
|
8
|
+
See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
|
|
9
|
+
ERR
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# Patches a cache poisoning attack vector in Rack by not allowing semicolons
|
|
13
|
+
# to delimit query parameters.
|
|
14
|
+
# See https://github.com/rack/rack/issues/1732.
|
|
15
|
+
#
|
|
16
|
+
# Solution is taken from the same issue.
|
|
17
|
+
#
|
|
18
|
+
# The actual patch is due for release in Rack 3.0.0.
|
|
19
|
+
module Rack
|
|
20
|
+
class Request # rubocop:disable Style/Documentation
|
|
21
|
+
Helpers.module_eval do
|
|
22
|
+
# rubocop: disable Naming/MethodName
|
|
23
|
+
def GET
|
|
24
|
+
if get_header(RACK_REQUEST_QUERY_STRING) == query_string
|
|
25
|
+
get_header(RACK_REQUEST_QUERY_HASH)
|
|
26
|
+
else
|
|
27
|
+
query_hash = parse_query(query_string, "&") # only allow ampersand here
|
|
28
|
+
set_header(RACK_REQUEST_QUERY_STRING, query_string)
|
|
29
|
+
set_header(RACK_REQUEST_QUERY_HASH, query_hash)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
# rubocop: enable Naming/MethodName
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-exporter
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 12.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Pablo Carranza
|
|
@@ -202,6 +202,7 @@ files:
|
|
|
202
202
|
- lib/gitlab_exporter/prober.rb
|
|
203
203
|
- lib/gitlab_exporter/process.rb
|
|
204
204
|
- lib/gitlab_exporter/prometheus.rb
|
|
205
|
+
- lib/gitlab_exporter/rack_vulndb_255039_patch.rb
|
|
205
206
|
- lib/gitlab_exporter/ruby.rb
|
|
206
207
|
- lib/gitlab_exporter/sidekiq.rb
|
|
207
208
|
- lib/gitlab_exporter/tls_helper.rb
|