gitlab-exporter 11.18.1 → 11.18.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb +35 -0
  4. data/lib/gitlab_exporter/version.rb +1 -1
  5. data/lib/gitlab_exporter/web_exporter.rb +1 -0
  6. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7fe7c2d285f8033326b10311872bafcf80283f300337350c89102d612321dbcc
4
- data.tar.gz: be8c7d380b690312df25f396769e179ea9e4679bdf2637463ce35fd4c1cc17e2
3
+ metadata.gz: 5bb85649c03d72472315136401ebb234618c2350a5e75e5f426619aed2c97286
4
+ data.tar.gz: f0f0f46b1cbfea992e7b171ed7a1877af7c232a5e0e1a549666d5086d8e72087
5
5
  SHA512:
6
- metadata.gz: 25e35175c9d62b39eebd55f8db1d09ad602a8762e12fea42abe88859a899f02c2245e18928a8fc94393316949752e83f04034da3665ec975edfe8e414a9c17d0
7
- data.tar.gz: c20b4d64ef88f945dbf468914e1dcfce05800aa033b24bd88a22df2ef4417a53f82bad2edc3e76065d93fecf2fdddece560d65851ca8be3ee40ef6671534bc9f
6
+ metadata.gz: ed4f5b1dfa84d713c4c2246fa3e77ca604fe49d616d11f0ddc6cf80d1a5d87bc79f62115e4abec9e7d18ef1f50b5f6a654a329d9477464c83f3884cbb06d960f
7
+ data.tar.gz: c10bb0f6452deff8a9f7615a8d7379d30e1c9cc428b50b8092f5f007db87b97ac12c6567b8db75f321a0c749686329931b6fa49ab2e1e63ae335b85341b5ee7b
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.18.1)
4
+ gitlab-exporter (11.18.2)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
data/lib/gitlab_exporter/rack_vulndb_255039_patch.rb ADDED
@@ -0,0 +1,35 @@
1
+ # frozen_string_literal: true
2
+
3
+ if Gem.loaded_specs["rack"].version >= Gem::Version.new("3.0.0")
4
+ fail <<~ERR
5
+ This patch is unnecessary in Rack versions 3.0.0 or newer.
6
+ Please remove this file and the associated spec.
7
+
8
+ See https://github.com/rack/rack/blob/main/CHANGELOG.md#security (issue #1733)
9
+ ERR
10
+ end
11
+
12
+ # Patches a cache poisoning attack vector in Rack by not allowing semicolons
13
+ # to delimit query parameters.
14
+ # See https://github.com/rack/rack/issues/1732.
15
+ #
16
+ # Solution is taken from the same issue.
17
+ #
18
+ # The actual patch is due for release in Rack 3.0.0.
19
+ module Rack
20
+ class Request # rubocop:disable Style/Documentation
21
+ Helpers.module_eval do
22
+ # rubocop: disable Naming/MethodName
23
+ def GET
24
+ if get_header(RACK_REQUEST_QUERY_STRING) == query_string
25
+ get_header(RACK_REQUEST_QUERY_HASH)
26
+ else
27
+ query_hash = parse_query(query_string, "&") # only allow ampersand here
28
+ set_header(RACK_REQUEST_QUERY_STRING, query_string)
29
+ set_header(RACK_REQUEST_QUERY_HASH, query_hash)
30
+ end
31
+ end
32
+ # rubocop: enable Naming/MethodName
33
+ end
34
+ end
35
+ end
data/lib/gitlab_exporter/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.18.1".freeze
3
+ VERSION = "11.18.2".freeze
4
4
  end
5
5
  end
data/lib/gitlab_exporter/web_exporter.rb CHANGED
@@ -2,6 +2,7 @@ require "sinatra/base"
2
2
  require "English"
3
3
  require "cgi"
4
4
 
5
+ require_relative "rack_vulndb_255039_patch"
5
6
  require_relative "tls_helper"
6
7
 
7
8
  module GitLab
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.18.1
4
+ version: 11.18.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
@@ -202,6 +202,7 @@ files:
202
202
  - lib/gitlab_exporter/prober.rb
203
203
  - lib/gitlab_exporter/process.rb
204
204
  - lib/gitlab_exporter/prometheus.rb
205
+ - lib/gitlab_exporter/rack_vulndb_255039_patch.rb
205
206
  - lib/gitlab_exporter/ruby.rb
206
207
  - lib/gitlab_exporter/sidekiq.rb
207
208
  - lib/gitlab_exporter/tls_helper.rb