EE: Allow to use untrusted ruby syntax
What does this MR do?
Brings an optional administratively controlled backward compatibility to use unsafe Ruby Regexp with only:
and refs:
.
This also brings back the compatibility for: // =~ 'aa'
which become broken due to PATTERN
.
Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/59703.
The CE version: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26905
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Style guides
Performance and testing
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
Security reports checked/validated by a reviewer from the AppSec team
Edited by Kamil Trzciński (Back 2025-01-01)