Add warning about downloading and executing user file uploads
What does this MR do and why?
What?
This MR enhances the user file uploads documentation in two ways:
- Notes that files uploaded to GitLab issues, merge requests, and epics will have a specific URL pattern containing /uploads/<32-character-id> in the path.
- It adds a security warning to advise users against downloading and executing files uploaded by unknown or untrusted sources.
Why?
- URL Pattern Clarification:
- Highlighting the specific URL pattern for user-uploaded files helps users distinguish between files that are a legitimate part of a GitLab project repository and files that were uploaded as attachments to (a comment on) an issue, merge request, or epic.
- This information helps users to make informed decisions about the trustworthiness and origin of the files they encounter.
- By providing this level of transparency, we empower users to assess the legitimacy and security of the files they interact with.
- Security Best Practice Warning:
- Prominently including a warning in the documentation emphasizes the importance of following security best practices when handling user-uploaded files.
- Executing files from unknown or untrusted sources poses significant security risks, such as malware infections, data breaches, or system compromises.
- This proactive approach aligns with GitLab's commitment to user security and raises awareness about potential dangers.
Edited by Greg Myers