debian-mirror-gitlab/app/models/abuse_report.rb

# frozen_string_literal: true

class AbuseReport < ApplicationRecord
  include CacheMarkdownField
  include Sortable
  include Gitlab::FileTypeDetection
  include WithUploads

  MAX_CHAR_LIMIT_URL = 512
  MAX_FILE_SIZE = 1.megabyte

  cache_markdown_field :message, pipeline: :single_line

  belongs_to :reporter, class_name: 'User'
  belongs_to :user

  validates :reporter, presence: true
  validates :user, presence: true
  validates :message, presence: true
  validates :category, presence: true
  validates :user_id,
    uniqueness: {
      scope: [:reporter_id, :category],
      message: ->(object, data) do
        _('You have already reported this user')
      end
    }

  validates :reported_from_url,
            allow_blank: true,
            length: { maximum: MAX_CHAR_LIMIT_URL },
            addressable_url: {
              dns_rebind_protection: true,
              blocked_message: 'is an invalid URL. You can try reporting the abuse again, ' \
                               'or contact a GitLab administrator for help.'
            }

  validates :links_to_spam,
            allow_blank: true,
            length: {
              maximum: 20,
              message: N_("exceeds the limit of %{count} links")
            }

  before_validation :filter_empty_strings_from_links_to_spam
  validate :links_to_spam_contains_valid_urls

  mount_uploader :screenshot, AttachmentUploader
  validates :screenshot, file_size: { maximum: MAX_FILE_SIZE }
  validate :validate_screenshot_is_image

  scope :by_user_id, ->(id) { where(user_id: id) }
  scope :by_reporter_id, ->(id) { where(reporter_id: id) }
  scope :by_category, ->(category) { where(category: category) }
  scope :with_users, -> { includes(:reporter, :user) }

  enum category: {
    spam: 1,
    offensive: 2,
    phishing: 3,
    crypto: 4,
    credentials: 5,
    copyright: 6,
    malware: 7,
    other: 8
  }

  enum status: {
    open: 1,
    closed: 2
  }

  # For CacheMarkdownField
  alias_method :author, :reporter

  HUMANIZED_ATTRIBUTES = {
    reported_from_url: "Reported from"
  }.freeze

  def self.human_attribute_name(attr, options = {})
    HUMANIZED_ATTRIBUTES[attr.to_sym] || super
  end

  def remove_user(deleted_by:)
    user.delete_async(deleted_by: deleted_by, params: { hard_delete: true })
  end

  def notify
    return unless persisted?

    AbuseReportMailer.notify(id).deliver_later
  end

  def screenshot_path
    return unless screenshot
    return screenshot.url unless screenshot.upload

    asset_host = ActionController::Base.asset_host || Gitlab.config.gitlab.base_url
    local_path = Gitlab::Routing.url_helpers.abuse_report_upload_path(
      filename: screenshot.filename,
      id: screenshot.upload.model_id,
      model: 'abuse_report',
      mounted_as: 'screenshot')

    Gitlab::Utils.append_path(asset_host, local_path)
  end

  private

  def filter_empty_strings_from_links_to_spam
    return if links_to_spam.blank?

    links_to_spam.reject!(&:empty?)
  end

  def links_to_spam_contains_valid_urls
    return if links_to_spam.blank?

    links_to_spam.each do |link|
      Gitlab::UrlBlocker.validate!(
        link,
          schemes: %w[http https],
          allow_localhost: true,
          dns_rebind_protection: true
      )

      next unless link.length > MAX_CHAR_LIMIT_URL

      errors.add(
        :links_to_spam,
        format(_('contains URLs that exceed the %{limit} character limit'), limit: MAX_CHAR_LIMIT_URL)
      )
    end
  rescue ::Gitlab::UrlBlocker::BlockedUrlError
    errors.add(:links_to_spam, _('only supports valid HTTP(S) URLs'))
  end

  def filename
    screenshot&.filename
  end

  def valid_image_extensions
    Gitlab::FileTypeDetection::SAFE_IMAGE_EXT
  end

  def validate_screenshot_is_image
    return if screenshot.blank?
    return if image?

    errors.add(
      :screenshot,
      format(
        _('must match one of the following file types: %{extension_list}'),
        extension_list: valid_image_extensions.to_sentence(last_word_connector: ' or '))
    )
  end
end
New upstream version 11.2.8+dfsg 2018-11-18 11:00:15 +05:30			`# frozen_string_literal: true`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`class AbuseReport < ApplicationRecord`
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30			`include CacheMarkdownField`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`include Sortable`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`include Gitlab::FileTypeDetection`
			`include WithUploads`
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`MAX_CHAR_LIMIT_URL = 512`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`MAX_FILE_SIZE = 1.megabyte`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30
New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30			`cache_markdown_field :message, pipeline: :single_line`

Imported Upstream version 8.1.0 2015-10-24 18:46:33 +05:30			`belongs_to :reporter, class_name: 'User'`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`belongs_to :user`

			`validates :reporter, presence: true`
			`validates :user, presence: true`
			`validates :message, presence: true`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`validates :category, presence: true`
			`validates :user_id,`
			`uniqueness: {`
			`scope: [:reporter_id, :category],`
			`message: ->(object, data) do`
			`_('You have already reported this user')`
			`end`
			`}`

			`validates :reported_from_url,`
			`allow_blank: true,`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`length: { maximum: MAX_CHAR_LIMIT_URL },`
New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`addressable_url: {`
			`dns_rebind_protection: true,`
			`blocked_message: 'is an invalid URL. You can try reporting the abuse again, ' \`
			`'or contact a GitLab administrator for help.'`
			`}`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`validates :links_to_spam,`
			`allow_blank: true,`
			`length: {`
			`maximum: 20,`
			`message: N_("exceeds the limit of %{count} links")`
			`}`

			`before_validation :filter_empty_strings_from_links_to_spam`
			`validate :links_to_spam_contains_valid_urls`

New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`mount_uploader :screenshot, AttachmentUploader`
			`validates :screenshot, file_size: { maximum: MAX_FILE_SIZE }`
			`validate :validate_screenshot_is_image`

New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`scope :by_user_id, ->(id) { where(user_id: id) }`
			`scope :by_reporter_id, ->(id) { where(reporter_id: id) }`
			`scope :by_category, ->(category) { where(category: category) }`
New upstream version 12.5.4 2019-12-26 22:10:19 +05:30			`scope :with_users, -> { includes(:reporter, :user) }`

New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`enum category: {`
			`spam: 1,`
			`offensive: 2,`
			`phishing: 3,`
			`crypto: 4,`
			`credentials: 5,`
			`copyright: 6,`
			`malware: 7,`
			`other: 8`
			`}`

New upstream version 15.10.7+ds1 2023-05-27 22:25:52 +05:30			`enum status: {`
			`open: 1,`
			`closed: 2`
			`}`

New upstream version 8.13.3+dfsg1 2016-11-03 12:29:30 +05:30			`# For CacheMarkdownField`
			`alias_method :author, :reporter`

New upstream version 15.8.4+ds1 2023-03-17 16:20:25 +05:30			`HUMANIZED_ATTRIBUTES = {`
			`reported_from_url: "Reported from"`
			`}.freeze`

			`def self.human_attribute_name(attr, options = {})`
			`HUMANIZED_ATTRIBUTES[attr.to_sym] \|\| super`
			`end`

Imported Upstream version 8.8.2+dfsg 2016-06-02 11:05:42 +05:30			`def remove_user(deleted_by:)`
New upstream version 9.5.4+dfsg 2017-09-10 17:25:29 +05:30			`user.delete_async(deleted_by: deleted_by, params: { hard_delete: true })`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`

			`def notify`
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`return unless persisted?`

			`AbuseReportMailer.notify(id).deliver_later`
			`end`

New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30			`def screenshot_path`
			`return unless screenshot`
			`return screenshot.url unless screenshot.upload`

			`asset_host = ActionController::Base.asset_host \|\| Gitlab.config.gitlab.base_url`
			`local_path = Gitlab::Routing.url_helpers.abuse_report_upload_path(`
			`filename: screenshot.filename,`
			`id: screenshot.upload.model_id,`
			`model: 'abuse_report',`
			`mounted_as: 'screenshot')`

			`Gitlab::Utils.append_path(asset_host, local_path)`
			`end`

New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`private`

			`def filter_empty_strings_from_links_to_spam`
			`return if links_to_spam.blank?`

			`links_to_spam.reject!(&:empty?)`
			`end`

			`def links_to_spam_contains_valid_urls`
			`return if links_to_spam.blank?`

			`links_to_spam.each do \|link\|`
			`Gitlab::UrlBlocker.validate!(`
			`link,`
			`schemes: %w[http https],`
			`allow_localhost: true,`
			`dns_rebind_protection: true`
			`)`

			`next unless link.length > MAX_CHAR_LIMIT_URL`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30
New upstream version 15.9.2+ds1 2023-04-23 21:23:45 +05:30			`errors.add(`
			`:links_to_spam,`
			`format(_('contains URLs that exceed the %{limit} character limit'), limit: MAX_CHAR_LIMIT_URL)`
			`)`
			`end`
			`rescue ::Gitlab::UrlBlocker::BlockedUrlError`
			`errors.add(:links_to_spam, _('only supports valid HTTP(S) URLs'))`
Imported Upstream version 8.4.0+dfsg~rc1 2016-01-14 18:37:52 +05:30			`end`
New upstream version 15.11.6+ds1 2023-06-20 00:43:36 +05:30
			`def filename`
			`screenshot&.filename`
			`end`

			`def valid_image_extensions`
			`Gitlab::FileTypeDetection::SAFE_IMAGE_EXT`
			`end`

			`def validate_screenshot_is_image`
			`return if screenshot.blank?`
			`return if image?`

			`errors.add(`
			`:screenshot,`
			`format(`
			`_('must match one of the following file types: %{extension_list}'),`
			`extension_list: valid_image_extensions.to_sentence(last_word_connector: ' or '))`
			`)`
			`end`
Imported Upstream version 7.14.3 2015-09-11 14:41:01 +05:30			`end`