debian-mirror-gitlab/app/models/abuse_report.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

213 lines
5.3 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2019-07-07 11:18:12 +05:30
class AbuseReport < ApplicationRecord
2016-11-03 12:29:30 +05:30
include CacheMarkdownField
2019-12-26 22:10:19 +05:30
include Sortable
2023-06-20 00:43:36 +05:30
include Gitlab::FileTypeDetection
include WithUploads
2023-07-09 08:55:56 +05:30
include Gitlab::Utils::StrongMemoize
2016-11-03 12:29:30 +05:30
2023-04-23 21:23:45 +05:30
MAX_CHAR_LIMIT_URL = 512
2023-06-20 00:43:36 +05:30
MAX_FILE_SIZE = 1.megabyte
2023-04-23 21:23:45 +05:30
2016-11-03 12:29:30 +05:30
cache_markdown_field :message, pipeline: :single_line
2015-10-24 18:46:33 +05:30
belongs_to :reporter, class_name: 'User'
2015-09-11 14:41:01 +05:30
belongs_to :user
2023-07-09 08:55:56 +05:30
has_many :events, class_name: 'ResourceEvents::AbuseReportEvent', inverse_of: :abuse_report
2015-09-11 14:41:01 +05:30
validates :reporter, presence: true
validates :user, presence: true
validates :message, presence: true
2023-03-17 16:20:25 +05:30
validates :category, presence: true
validates :user_id,
uniqueness: {
scope: [:reporter_id, :category],
message: ->(object, data) do
_('You have already reported this user')
end
}
validates :reported_from_url,
2023-07-09 08:55:56 +05:30
allow_blank: true,
length: { maximum: MAX_CHAR_LIMIT_URL },
addressable_url: {
dns_rebind_protection: true,
blocked_message: 'is an invalid URL. You can try reporting the abuse again, ' \
'or contact a GitLab administrator for help.'
}
2023-04-23 21:23:45 +05:30
validates :links_to_spam,
2023-07-09 08:55:56 +05:30
allow_blank: true,
length: {
maximum: 20,
message: N_("exceeds the limit of %{count} links")
}
2023-04-23 21:23:45 +05:30
before_validation :filter_empty_strings_from_links_to_spam
validate :links_to_spam_contains_valid_urls
2023-06-20 00:43:36 +05:30
mount_uploader :screenshot, AttachmentUploader
validates :screenshot, file_size: { maximum: MAX_FILE_SIZE }
validate :validate_screenshot_is_image
2023-05-27 22:25:52 +05:30
scope :by_user_id, ->(id) { where(user_id: id) }
scope :by_reporter_id, ->(id) { where(reporter_id: id) }
scope :by_category, ->(category) { where(category: category) }
2019-12-26 22:10:19 +05:30
scope :with_users, -> { includes(:reporter, :user) }
2023-03-17 16:20:25 +05:30
enum category: {
spam: 1,
offensive: 2,
phishing: 3,
crypto: 4,
credentials: 5,
copyright: 6,
malware: 7,
other: 8
}
2023-05-27 22:25:52 +05:30
enum status: {
open: 1,
closed: 2
}
2016-11-03 12:29:30 +05:30
# For CacheMarkdownField
alias_method :author, :reporter
2023-03-17 16:20:25 +05:30
HUMANIZED_ATTRIBUTES = {
reported_from_url: "Reported from"
}.freeze
2023-07-09 08:55:56 +05:30
CONTROLLER_TO_REPORT_TYPE = {
'users' => :profile,
'projects/issues' => :issue,
'projects/merge_requests' => :merge_request
}.freeze
2023-03-17 16:20:25 +05:30
def self.human_attribute_name(attr, options = {})
HUMANIZED_ATTRIBUTES[attr.to_sym] || super
end
2016-06-02 11:05:42 +05:30
def remove_user(deleted_by:)
2017-09-10 17:25:29 +05:30
user.delete_async(deleted_by: deleted_by, params: { hard_delete: true })
end
def notify
2023-04-23 21:23:45 +05:30
return unless persisted?
AbuseReportMailer.notify(id).deliver_later
end
2023-06-20 00:43:36 +05:30
def screenshot_path
return unless screenshot
return screenshot.url unless screenshot.upload
asset_host = ActionController::Base.asset_host || Gitlab.config.gitlab.base_url
local_path = Gitlab::Routing.url_helpers.abuse_report_upload_path(
filename: screenshot.filename,
id: screenshot.upload.model_id,
model: 'abuse_report',
mounted_as: 'screenshot')
Gitlab::Utils.append_path(asset_host, local_path)
end
2023-07-09 08:55:56 +05:30
def report_type
type = CONTROLLER_TO_REPORT_TYPE[route_hash[:controller]]
type = :comment if type.in?([:issue, :merge_request]) && note_id_from_url.present?
type
end
def reported_content
case report_type
when :issue
project.issues.iid_in(route_hash[:id]).pick(:description_html)
when :merge_request
project.merge_requests.iid_in(route_hash[:id]).pick(:description_html)
when :comment
project.notes.id_in(note_id_from_url).pick(:note_html)
end
end
def other_reports_for_user
user.abuse_reports.id_not_in(id)
end
2023-04-23 21:23:45 +05:30
private
2023-07-09 08:55:56 +05:30
def project
Project.find_by_full_path(route_hash.values_at(:namespace_id, :project_id).join('/'))
end
def route_hash
match = Rails.application.routes.recognize_path(reported_from_url)
return {} if match[:unmatched_route].present?
match
rescue ActionController::RoutingError
{}
end
strong_memoize_attr :route_hash
def note_id_from_url
fragment = URI(reported_from_url).fragment
Gitlab::UntrustedRegexp.new('^note_(\d+)$').match(fragment).to_a.second if fragment
rescue URI::InvalidURIError
nil
end
strong_memoize_attr :note_id_from_url
2023-04-23 21:23:45 +05:30
def filter_empty_strings_from_links_to_spam
return if links_to_spam.blank?
links_to_spam.reject!(&:empty?)
end
def links_to_spam_contains_valid_urls
return if links_to_spam.blank?
links_to_spam.each do |link|
Gitlab::UrlBlocker.validate!(
link,
2023-07-09 08:55:56 +05:30
schemes: %w[http https],
allow_localhost: true,
dns_rebind_protection: true
2023-04-23 21:23:45 +05:30
)
next unless link.length > MAX_CHAR_LIMIT_URL
2023-04-23 21:23:45 +05:30
errors.add(
:links_to_spam,
format(_('contains URLs that exceed the %{limit} character limit'), limit: MAX_CHAR_LIMIT_URL)
)
end
rescue ::Gitlab::UrlBlocker::BlockedUrlError
errors.add(:links_to_spam, _('only supports valid HTTP(S) URLs'))
end
2023-06-20 00:43:36 +05:30
def filename
screenshot&.filename
end
def valid_image_extensions
Gitlab::FileTypeDetection::SAFE_IMAGE_EXT
end
def validate_screenshot_is_image
return if screenshot.blank?
return if image?
errors.add(
:screenshot,
format(
_('must match one of the following file types: %{extension_list}'),
extension_list: valid_image_extensions.to_sentence(last_word_connector: ' or '))
)
end
2015-09-11 14:41:01 +05:30
end
2023-07-09 08:55:56 +05:30
AbuseReport.prepend_mod