File-specific exclusions for CI templates

Splitting by category isn't sufficient anymore since Verify/Acccessbility is Core and Verify/Browser-Performance is Premium. We brought the Verify/ category as a whole out of EE, and specifically excluded BrowserPerformance for the time being.

File-specific exclusions for CI templates
Splitting by category isn't sufficient anymore since Verify/Acccessbility is Core and Verify/Browser-Performance is Premium. We brought the Verify/ category as a whole out of EE, and specifically excluded BrowserPerformance for the time being.
f6324606 · drew cimino · 74fa9819 · f6324606 · f6324606 · f6324606
Commit f6324606 authored Feb 14, 2020 by drew cimino
5 changed files
--- a/ee/lib/ee/gitlab/template/gitlab_ci_yml_template.rb
+++ b/ee/lib/ee/gitlab/template/gitlab_ci_yml_template.rb
@@ -14,12 +14,16 @@ module EE
            super.merge(categories_ee)
          end

+          override :disabled_templates
+          def disabled_templates
+            []
+          end
+
          private

          def categories_ee
            {
-              'Security' => 'Security',
-              'Verify' => 'Verify'
+              'Security' => 'Security'
            }
          end
        end

--- a/ee/spec/lib/ee/gitlab/template/gitlab_ci_yml_template_spec.rb
+++ b/ee/spec/lib/ee/gitlab/template/gitlab_ci_yml_template_spec.rb
@@ -14,7 +14,7 @@ describe Gitlab::Template::GitlabCiYmlTemplate do
      expect(templates).to include('SAST')
    end

-    it 'finds the Verify templates' do
+    it 'finds all the Verify templates' do
      expect(templates).to include('Browser-Performance')
      expect(templates).to include('Accessibility')
    end

--- a/lib/gitlab/template/finders/global_template_finder.rb
+++ b/lib/gitlab/template/finders/global_template_finder.rb
@@ -5,9 +5,11 @@ module Gitlab
  module Template
    module Finders
      class GlobalTemplateFinder < BaseTemplateFinder
-        def initialize(base_dir, extension, categories = {})
+        def initialize(base_dir, extension, categories = {}, exclusions = [])
          @categories = categories
          @extension  = extension
+          @exclusions = exclusions
+
          super(base_dir)
        end

@@ -16,6 +18,8 @@ module Gitlab
        end

        def find(key)
+          return if excluded?(key)
+
          file_name = "#{key}#{@extension}"

          # The key is untrusted input, so ensure we can't be directed outside
@@ -28,11 +32,20 @@ module Gitlab

        def list_files_for(dir)
          dir = "#{dir}/" unless dir.end_with?('/')
-          Dir.glob(File.join(dir, "*#{@extension}")).select { |f| f =~ self.class.filter_regex(@extension) }
+
+          Dir.glob(File.join(dir, "*#{@extension}")).select do |f|
+            next if excluded?(f)
+
+            f =~ self.class.filter_regex(@extension)
+          end
        end

        private

+        def excluded?(file_name)
+          @exclusions.include?(file_name)
+        end
+
        def select_directory(file_name)
          @categories.keys.find do |category|
            File.exist?(File.join(category_directory(category), file_name))

--- a/lib/gitlab/template/gitlab_ci_yml_template.rb
+++ b/lib/gitlab/template/gitlab_ci_yml_template.rb
@@ -17,16 +17,25 @@ module Gitlab
          {
            'General' => '',
            'Pages' => 'Pages',
+            'Verify' => 'Verify',
            'Auto deploy' => 'autodeploy'
          }
        end

+        def disabled_templates
+          %w[
+            Verify/Browser-Performance
+          ]
+        end
+
        def base_dir
          Rails.root.join('lib/gitlab/ci/templates')
        end

        def finder(project = nil)
-          Gitlab::Template::Finders::GlobalTemplateFinder.new(self.base_dir, self.extension, self.categories)
+          Gitlab::Template::Finders::GlobalTemplateFinder.new(
+            self.base_dir, self.extension, self.categories, self.disabled_templates
+          )
        end
      end
    end

--- a/spec/lib/gitlab/template/finders/global_template_finder_spec.rb
+++ b/spec/lib/gitlab/template/finders/global_template_finder_spec.rb
@@ -15,23 +15,85 @@ describe Gitlab::Template::Finders::GlobalTemplateFinder do
    FileUtils.rm_rf(base_dir)
  end

-  subject(:finder) { described_class.new(base_dir, '', 'Foo' => '', 'Bar' => 'bar') }
+  subject(:finder) { described_class.new(base_dir, '', { 'General' => '', 'Bar' => 'Bar' }, exclusions) }
+
+  let(:exclusions) { [] }

  describe '.find' do
-    it 'finds a template in the Foo category' do
-      create_template!('test-template')
+    context 'with a non-prefixed General template' do
+      before do
+        create_template!('test-template')
+      end

-      expect(finder.find('test-template')).to be_present
-    end
+      it 'finds the template with no prefix' do
+        expect(finder.find('test-template')).to be_present
+      end
+
+      it 'it does not find a prefixed template' do
+        expect(finder.find('Bar/test-template')).to be_nil
+      end
+
+      it 'does not permit path traversal requests' do
+        expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+      end

-    it 'finds a template in the Bar category' do
-      create_template!('bar/test-template')
+      context 'while listed as an exclusion' do
+        let(:exclusions) { %w[test-template] }

-      expect(finder.find('test-template')).to be_present
+        it 'does not find the template without a prefix' do
+          expect(finder.find('test-template')).to be_nil
+        end
+
+        it 'does not find the template with a prefix' do
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+
+        it 'finds another prefixed template with the same name' do
+          create_template!('Bar/test-template')
+
+          expect(finder.find('test-template')).to be_nil
+          expect(finder.find('Bar/test-template')).to be_present
+        end
+      end
    end

-    it 'does not permit path traversal requests' do
-      expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+    context 'with a prefixed template' do
+      before do
+        create_template!('Bar/test-template')
+      end
+
+      it 'finds the template with a prefix' do
+        expect(finder.find('Bar/test-template')).to be_present
+      end
+
+      # NOTE: This spec fails, the template Bar/test-template is found
+      xit 'it does not find the template without a prefix' do
+        expect(finder.find('test-template')).to be_nil
+      end
+
+      it 'does not permit path traversal requests' do
+        expect { finder.find('../foo') }.to raise_error(/Invalid path/)
+      end
+
+      context 'while listed as an exclusion' do
+        let(:exclusions) { %w[Bar/test-template] }
+
+        it 'does not find the template with a prefix' do
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+
+        # NOTE: This spec fails, the template Bar/test-template is found
+        xit 'does not find the template without a prefix' do
+          expect(finder.find('test-template')).to be_nil
+        end
+
+        it 'finds another non-prefixed template with the same name' do
+          create_template!('Bar/test-template')
+
+          expect(finder.find('test-template')).to be_present
+          expect(finder.find('Bar/test-template')).to be_nil
+        end
+      end
    end
  end
 end