{"id":56001347,"iid":29739,"description":"## What does this MR do? ### Description The GitLab Conan registry does not have the same validation in the package recipe that the Conan client is checking as reported in #214471. This can lead to problems when working with the GitLab registry. ### Proposed solution All four parts of the recipe: `/@/` are validated by modifying the current regex `Gitlab::Regex.conan_recipe_component_regex` to use the one in [Conan.io](https://docs.conan.io/en/latest/reference/conanfile/attributes.html) - (`^[a-zA-Z0-9_][a-zA-Z0-9_\+\.-]{1,50}$`). Which is used in the following files: - Validates all four of the component parameters in the incoming request on https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/api/conan_packages.rb#L86 as `PACKAGE_COMPONENT_REGEX` - Validates both `:name` and `version:` in the `Packages::Package` model as `` and `` resp. - Validates both `:package_username` and `:package_channel` in the `Packages::ConanMetadatum` model as `` and `` resp. ### TODO I am not sure if the `:name` should be validated again with `format: { with: Gitlab::Regex.package_name_regex }` as in https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/models/packages/package.rb#L26. I am thinking of adding `unless: :conan?` Also, am not sure if tests should be added to [`ee/spec/models/packages/package_spec.rb`](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/models/packages/package_spec.rb), [`ee/spec/requests/api/conan_packages_spec.rb`](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/requests/api/conan_packages_spec.rb) and [`ee/spec/services/packages/conan`](https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/services/packages/conan) #### Update - [x] Separate `:name` format validations for all other packages from Conan package using `:unless conan?` - [x] Add test for `Gitlab::Regex.conan_recipe_component_regex` to check for the format rules as follows: - minimum of two characters - maximum of fifty characters - starts with only alphanumeric or underscore - includes only alphanumeric, `_`, `+`, `.` and `-` ## Screenshots ### Regex format from [conan.io](https://docs.conan.io/en/latest/reference/conanfile/attributes.html) ![image](/uploads/e9f6c082ad16db807c200bf86cbdfd41/image.png) ## Does this MR meet the acceptance criteria? ### Conformity - [x] [Changelog entry](https://docs.gitlab.com/ee/development/changelog.html) - [ ] [Documentation](https://docs.gitlab.com/ee/development/documentation/workflow.html) ([if required](https://docs.gitlab.com/ee/development/documentation/workflow.html#when-documentation-is-required)) - [ ] [Code review guidelines](https://docs.gitlab.com/ee/development/code_review.html) - [ ] [Merge request performance guidelines](https://docs.gitlab.com/ee/development/merge_request_performance_guidelines.html) - [ ] [Style guides](https://gitlab.com/gitlab-org/gitlab-ee/blob/master/doc/development/contributing/style_guides.md) - [ ] [Database guides](https://docs.gitlab.com/ee/development/README.html#database-guides) - [ ] [Separation of EE specific content](https://docs.gitlab.com/ee/development/ee_features.html#separation-of-ee-code) ### Availability and Testing - [ ] [Review and add/update tests for this feature/bug](https://docs.gitlab.com/ee/development/testing_guide/index.html). Consider [all test levels](https://docs.gitlab.com/ee/development/testing_guide/testing_levels.html). See the [Test Planning Process](https://about.gitlab.com/handbook/engineering/quality/test-engineering). - [ ] [Tested in all supported browsers](https://docs.gitlab.com/ee/install/requirements.html#supported-web-browsers) - [ ] Informed Infrastructure department of a default or new setting change, if applicable per [definition of done](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#definition-of-done) ### Security If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in [the security review guidelines](https://about.gitlab.com/handbook/engineering/security/#when-to-request-a-security-review): - [ ] Label as ~security and @ mention `@gitlab-com/gl-security/appsec` - [ ] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods - [ ] Security reports checked/validated by a reviewer from the AppSec team Closes #214471","title":"Add validation to Conan recipe that conforms with Conan.io","merge_params":{"force_remove_source_branch":"1"},"state":"merged","source_branch":"214471-add-validation-to-conan-recipe","target_branch":"master","source_branch_path":"/bolah2009/gitlab/-/tree/214471-add-validation-to-conan-recipe","target_branch_path":"/gitlab-org/gitlab/-/tree/master","diff_head_sha":"7703ca97723f6dc901fb34d52475e09e65363072","create_note_path":"/gitlab-org/gitlab/notes?target_id=56001347&target_type=merge_request","preview_note_path":"/gitlab-org/gitlab/-/preview_markdown?target_id=29739&target_type=MergeRequest","can_receive_suggestion":true,"create_issue_to_resolve_discussions_path":null,"new_blob_path":null,"current_user":{"can_create_note":false,"can_update":false,"can_create_confidential_note":false},"is_project_archived":false,"project_id":278964,"require_password_to_approve":false}

Add validation to Conan recipe that conforms with Conan.io

What does this MR do?

Description

Proposed solution

TODO

Update

Screenshots

Regex format from conan.io

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Merge request reports