2025-07-25 16:03:48 +00:00 · 2025-07-14 03:12:27 +00:00
parent cf693337ca
commit 227ef21f94
3 changed files with 7 additions and 12 deletions
--- a/.rubocop_todo/database/prevent_wildcard_injection.yml
+++ b/.rubocop_todo/database/prevent_wildcard_injection.yml
@ -1,8 +0,0 @@
---
-Database/PreventWildcardInjection:
-  Details: grace period
-  Exclude:
-    - 'ee/app/models/ee/note.rb'
-    - 'ee/app/models/geo_node.rb'
-    - 'ee/app/models/vulnerabilities/read.rb'
-    - 'lib/gitlab/seeder.rb'
--- a/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml
+++ b/config/feature_flags/beta/optimistic_locking_for_namespace_descendants_cache.yml
@ -7,4 +7,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/551832
 milestone: '18.2'
 group: group::optimize
 type: beta
-default_enabled: false
+default_enabled: true
--- a/lib/gitlab/seeder.rb
+++ b/lib/gitlab/seeder.rb
@ -17,7 +17,7 @@ module Gitlab

      included do
        scope :not_mass_generated, -> do
-          where.not("path LIKE '#{MASS_INSERT_GROUP_START}%'")
+          where.not("path LIKE '#{sanitize_sql_like(MASS_INSERT_GROUP_START)}%'")
        end
      end
    end
@ -27,7 +27,7 @@ module Gitlab

      included do
        scope :not_mass_generated, -> do
-          where.not("path LIKE '#{MASS_INSERT_PROJECT_START}%'")
+          where.not("path LIKE '#{sanitize_sql_like(MASS_INSERT_PROJECT_START)}%'")
        end
      end
    end
@ -37,7 +37,10 @@ module Gitlab

      included do
        scope :not_mass_generated, -> do
-          where.not("username LIKE '#{MASS_INSERT_USER_START}%' OR username LIKE '#{REPORTED_USER_START}%'")
+          where.not(
+            "username LIKE '#{sanitize_sql_like(MASS_INSERT_USER_START)}%' OR " \
+              "username LIKE '#{sanitize_sql_like(REPORTED_USER_START)}%'"
+          )
        end
      end
    end