Merge branch 'rd-26044-new-option-to-prevent-too-big-git-pushes' into 'master'

Add new setting to Application Settings: receive_max_input_size Closes #26044 See merge request gitlab-org/gitlab-ce!20758

Merge branch 'rd-26044-new-option-to-prevent-too-big-git-pushes' into 'master'
Add new setting to Application Settings: receive_max_input_size Closes #26044 See merge request gitlab-org/gitlab-ce!20758
c155ddd7 · Robert Speicher · 148f054e · 007b81b8 · c155ddd7 · c155ddd7
Commit c155ddd7 authored Sep 07, 2018 by Robert Speicher
10 changed files
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -220,6 +220,7 @@ module ApplicationSettingsHelper
      :recaptcha_enabled,
      :recaptcha_private_key,
      :recaptcha_site_key,
+      :receive_max_input_size,
      :repository_checks_enabled,
      :repository_storages,
      :require_two_factor_authentication,

--- a/app/views/admin/application_settings/_account_and_limit.html.haml
+++ b/app/views/admin/application_settings/_account_and_limit.html.haml
@@ -14,7 +14,10 @@
      = f.label :max_attachment_size, 'Maximum attachment size (MB)', class: 'label-bold'
      = f.number_field :max_attachment_size, class: 'form-control'
    .form-group
-      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-bold'
+      = f.label :receive_max_input_size, 'Maximum push size (MB)', class: 'label-light'
+      = f.number_field :receive_max_input_size, class: 'form-control'
+    .form-group
+      = f.label :session_expire_delay, 'Session duration (minutes)', class: 'label-light'
      = f.number_field :session_expire_delay, class: 'form-control'
      %span.form-text.text-muted#session_expire_delay_help_block GitLab restart is required to apply changes
    .form-group

--- a/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
+++ b/changelogs/unreleased/rd-26044-new-option-to-prevent-too-big-git-pushes.yml
+---
+title: Allow admins to configure the maximum Git push size
+merge_request: 20758
+author:
+type: added
--- a/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
+++ b/db/migrate/20180720023512_add_receive_max_input_size_to_application_settings.rb
+# frozen_string_literal: true
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+class AddReceiveMaxInputSizeToApplicationSettings < ActiveRecord::Migration
+  DOWNTIME = false
+  def change
+    add_column :application_settings, :receive_max_input_size, :integer
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -173,6 +173,7 @@ ActiveRecord::Schema.define(version: 20180906101639) do
    t.boolean "web_ide_clientside_preview_enabled", default: false, null: false
    t.boolean "user_show_add_ssh_key_message", default: true, null: false
    t.integer "usage_stats_set_by_user_id"
+    t.integer "receive_max_input_size"
  end
  create_table "audit_events", force: :cascade do |t|

--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -74,6 +74,7 @@ module API
            gl_repository: gl_repository,
            gl_id: Gitlab::GlId.gl_id(user),
            gl_username: user&.username,
+            git_config_options: [],
            # This repository_path is a bogus value but gitlab-shell still requires
            # its presence. https://gitlab.com/gitlab-org/gitlab-shell/issues/135
@@ -81,6 +82,13 @@ module API
            gitaly: gitaly_payload(params[:action])
          }
+          # Custom option for git-receive-pack command
+          receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+          if receive_max_input_size > 0
+            payload[:git_config_options] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+          end
          response_with_status(**payload)
        when ::Gitlab::GitAccessResult::CustomAction
          response_with_status(code: 300, message: check_result.message, payload: check_result.payload)

--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -22,18 +22,27 @@ module Gitlab
        project = repository.project
-        {
+        attrs = {
          GL_ID: Gitlab::GlId.gl_id(user),
          GL_REPOSITORY: Gitlab::GlRepository.gl_repository(project, is_wiki),
          GL_USERNAME: user&.username,
          ShowAllRefs: show_all_refs,
          Repository: repository.gitaly_repository.to_h,
          RepoPath: 'ignored but not allowed to be empty in gitlab-workhorse',
+          GitConfigOptions: [],
          GitalyServer: {
            address: Gitlab::GitalyClient.address(project.repository_storage),
            token: Gitlab::GitalyClient.token(project.repository_storage)
          }
        }
+        # Custom option for git-receive-pack command
+        receive_max_input_size = Gitlab::CurrentSettings.receive_max_input_size.to_i
+        if receive_max_input_size > 0
+          attrs[:GitConfigOptions] << "receive.maxInputSize=#{receive_max_input_size.megabytes}"
+        end
+        attrs
      end
      def send_git_blob(repository, blob)

--- a/spec/controllers/admin/application_settings_controller_spec.rb
+++ b/spec/controllers/admin/application_settings_controller_spec.rb
@@ -78,5 +78,12 @@ describe Admin::ApplicationSettingsController do
      expect(response).to redirect_to(admin_application_settings_path)
      expect(ApplicationSetting.current.restricted_visibility_levels).to be_empty
    end
+    it 'updates the receive_max_input_size setting' do
+      put :update, application_setting: { receive_max_input_size: "1024" }
+      expect(response).to redirect_to(admin_application_settings_path)
+      expect(ApplicationSetting.current.receive_max_input_size).to eq(1024)
+    end
  end
 end
--- a/spec/lib/gitlab/workhorse_spec.rb
+++ b/spec/lib/gitlab/workhorse_spec.rb
@@ -336,6 +336,22 @@ describe Gitlab::Workhorse do
        it { expect { subject }.to raise_exception('Unsupported action: download') }
      end
    end
+    context 'when receive_max_input_size has been updated' do
+      it 'returns custom git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+        expect(subject[:GitConfigOptions]).to be_present
+      end
+    end
+    context 'when receive_max_input_size is empty' do
+      it 'returns an empty git config' do
+        allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+        expect(subject[:GitConfigOptions]).to be_empty
+      end
+    end
  end
  describe '.set_key_and_notify' do

--- a/spec/requests/api/internal_spec.rb
+++ b/spec/requests/api/internal_spec.rb
@@ -369,6 +369,26 @@ describe API::Internal do
            expect(user.reload.last_activity_on).to be_nil
          end
        end
+        context 'when receive_max_input_size has been updated' do
+          it 'returns custom git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { 1 }
+            push(key, project)
+            expect(json_response["git_config_options"]).to be_present
+          end
+        end
+        context 'when receive_max_input_size is empty' do
+          it 'returns an empty git config' do
+            allow(Gitlab::CurrentSettings).to receive(:receive_max_input_size) { nil }
+            push(key, project)
+            expect(json_response["git_config_options"]).to be_empty
+          end
+        end
      end
    end