Merge branch 'main' into patch-1

sarahs · web-flow · commit a22b3cfedab0 · 2021-02-25T09:19:05.000-05:00
diff --git a/content/github/site-policy/dmca-takedown-policy.md b/content/github/site-policy/dmca-takedown-policy.md
@@ -63,6 +63,8 @@ One of the best features of GitHub is the ability for users to "fork" one anothe
 
 GitHub *will not* automatically disable forks when disabling a parent repository. This is because forks belong to different users, may have been altered in significant ways, and may be licensed or used in a different way that is protected by the fair-use doctrine. GitHub does not conduct any independent investigation into forks. We expect copyright owners to conduct that investigation and, if they believe that the forks are also infringing, expressly include forks in their takedown notice.
 
+In rare cases, you may be alleging copyright infringement in a full repository that is actively being forked. If at the time that you submitted your notice, you identified all existing forks of that repository as allegedly infringing, we would process a valid claim against all forks in that network at the time we process the notice. We would do this given the likelihood that all newly created forks would contain the same content. In addition, if the reported network that contains the allegedly infringing content is larger than one hundred (100) repositories and thus would be difficult to review in its entirety, we may consider disabling the entire network if you state in your notice that, "Based on the representative number of forks you have reviewed, I believe that all or most of the forks are infringing to the same extent as the parent repository." Your sworn statement would apply to this statement.
+
 ### C. What If I Inadvertently Missed the Window to Make Changes?
 
 We recognize that there are many valid reasons that you may not be able to make changes within the window of approximately 1 business day we provide before your repository gets disabled. Maybe our message got flagged as spam, maybe you were on vacation, maybe you don't check that email account regularly, or maybe you were just busy. We get it. If you respond to let us know that you would have liked to make the changes, but somehow missed the first opportunity, we will re-enable the repository one additional time for approximately 1 business day to allow you to make the changes. Again, you must notify us that you have made the changes in order to keep the repository enabled after that window of approximately 1 business day, as noted above in [Step A.4](#a-how-does-this-actually-work). Please note that we will only provide this one additional chance.
diff --git a/content/github/site-policy/guide-to-submitting-a-dmca-takedown-notice.md b/content/github/site-policy/guide-to-submitting-a-dmca-takedown-notice.md
@@ -53,7 +53,8 @@ GitHub exercises little discretion in the process other than determining whether
 
 2. **Identify the copyrighted work you believe has been infringed.** This information is important because it helps the affected user evaluate your claim and give them the ability to compare your work to theirs. The specificity of your identification will depend on the nature of the work you believe has been infringed. If you have published your work, you might be able to just link back to a web page where it lives. If it is proprietary and not published, you might describe it and explain that it is proprietary. If you have registered it with the Copyright Office, you should include the registration number. If you are alleging that the hosted content is a direct, literal copy of your work, you can also just explain that fact.
 
-3. **Identify the material that you allege is infringing the copyrighted work listed in item #2, above.** It is important to be as specific as possible in your identification. This identification needs to be reasonably sufficient to permit GitHub to locate the material. At a minimum, this means that you should include the URL to the material allegedly infringing your copyright. If you allege that less than a whole repository infringes, identify the specific file(s) or line numbers within a file that you allege infringe. If you allege that all of the content at a URL infringes, please be explicit about that as well. Finally, please note that GitHub will *not* automatically disable [forks](/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork) when disabling a parent repository. If you have investigated and analyzed the forks of a repository and believe that they are also infringing, please explicitly identify each allegedly infringing fork. Please also confirm that you have investigated each individual case and that your sworn statements apply to each identified fork.
+3. **Identify the material that you allege is infringing the copyrighted work listed in item #2, above.** It is important to be as specific as possible in your identification. This identification needs to be reasonably sufficient to permit GitHub to locate the material. At a minimum, this means that you should include the URL to the material allegedly infringing your copyright. If you allege that less than a whole repository infringes, identify the specific file(s) or line numbers within a file that you allege infringe. If you allege that all of the content at a URL infringes, please be explicit about that as well. 
+   - Please note that GitHub will *not* automatically disable [forks](/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork) when disabling a parent repository. If you have investigated and analyzed the forks of a repository and believe that they are also infringing, please explicitly identify each allegedly infringing fork. Please also confirm that you have investigated each individual case and that your sworn statements apply to each identified fork. In rare cases, you may be alleging copyright infringement in a full repository that is actively being forked. If at the time that you submitted your notice, you identified all existing forks of that repository as allegedly infringing, we would process a valid claim against all forks in that network at the time we process the notice. We would do this given the likelihood that all newly created forks would contain the same content. In addition, if the reported network that contains the allegedly infringing content is larger than one hundred (100) repositories and thus would be difficult to review in its entirety, we may consider disabling the entire network if you state in your notice that, "Based on the representative number of forks you have reviewed, I believe that all or most of the forks are infringing to the same extent as the parent repository." Your sworn statement would apply to this statement.
 
 4. **Explain what the affected user would need to do in order to remedy the infringement.** Again, specificity is important. When we pass your complaint along to the user, this will tell them what they need to do in order to avoid having the rest of their content disabled. Does the user just need to add a statement of attribution? Do they need to delete certain lines within their code, or entire files? Of course, we understand that in some cases, all of a user's content may be alleged to infringe and there's nothing they could do short of deleting it all. If that's the case, please make that clear as well.
 
diff --git a/lib/enterprise-server-releases.js b/lib/enterprise-server-releases.js
@@ -47,8 +47,8 @@ const nextDeprecationDate = dates[oldestSupported].deprecationDate
 const isOldestReleaseDeprecated = new Date() > new Date(nextDeprecationDate)
 const deprecatedOnNewSite = deprecated.filter(version => versionSatisfiesRange(version, '>=2.13'))
 const firstVersionDeprecatedOnNewSite = '2.13'
-// starting from 2.18, we updated the archival script to create stubbed HTML redirect files
-const lastVersionWithoutStubbedRedirectFiles = '2.17'
+// starting from 2.18, we updated the archival script to create a redirects.json top-level file in the archived repo
+const lastVersionWithoutArchivedRedirectsFile = '2.17'
 // last version using paths like /enterprise/<release>/<user>/<product>/<category>/<article>
 // instead of /enterprise-server@<release>/<product>/<category>/<article>
 const lastReleaseWithLegacyFormat = '2.18'
@@ -68,7 +68,7 @@ module.exports = {
   deprecatedOnNewSite,
   dates,
   firstVersionDeprecatedOnNewSite,
-  lastVersionWithoutStubbedRedirectFiles,
+  lastVersionWithoutArchivedRedirectsFile,
   lastReleaseWithLegacyFormat,
   deprecatedReleasesWithLegacyFormat,
   deprecatedReleasesWithNewFormat,
diff --git a/lib/redis-accessor.js b/lib/redis-accessor.js
@@ -26,9 +26,14 @@ class RedisAccessor {
       ? new Redis(REDIS_URL, {
           ...redisBaseOptions,
           db: databaseNumber,
-          tls: {
-            // Required for production Heroku Redis
-            rejectUnauthorized: false
+
+          // Only add this configuration for TLS-enabled REDIS_URL values.
+          // Otherwise, it breaks for local Redis instances without TLS enabled.
+          ...REDIS_URL.startsWith('rediss://') && {
+            tls: {
+              // Required for production Heroku Redis
+              rejectUnauthorized: false
+            }
           }
         })
       : new InMemoryRedis()
diff --git a/lib/webhooks/static/dotcom/code_scanning_alert.reopened.payload.json b/lib/webhooks/static/dotcom/code_scanning_alert.reopened.payload.json
@@ -141,31 +141,20 @@
     "login": "github",
     "id": 9919,
     "node_id": "MDEyOk9yZ2FuaXphdGlvbjk5MTk=",
-    "url": "https://api.github.com/orgs/github",
-    "repos_url": "https://api.github.com/orgs/github/repos",
-    "events_url": "https://api.github.com/orgs/github/events",
-    "hooks_url": "https://api.github.com/orgs/github/hooks",
-    "issues_url": "https://api.github.com/orgs/github/issues",
-    "members_url": "https://api.github.com/orgs/github/members{/member}",
-    "public_members_url": "https://api.github.com/orgs/github/public_members{/member}",
     "avatar_url": "https://avatars.githubusercontent.com/u/9919?v=4",
-    "description": "How people build software.",
-    "name": "GitHub",
-    "company": null,
-    "blog": "https://github.com/about",
-    "location": "San Francisco, CA",
-    "email": null,
-    "twitter_username": null,
-    "is_verified": true,
-    "has_organization_projects": true,
-    "has_repository_projects": true,
-    "public_repos": 371,
-    "public_gists": 0,
-    "followers": 0,
-    "following": 0,
+    "gravatar_id": "",
+    "url": "https://api.github.com/users/github",
     "html_url": "https://github.com/github",
-    "created_at": "2008-05-11T04:37:31Z",
-    "updated_at": "2020-09-28T06:15:10Z",
-    "type": "Organization"
+    "followers_url": "https://api.github.com/users/github/followers",
+    "following_url": "https://api.github.com/users/github/following{/other_user}",
+    "gists_url": "https://api.github.com/users/github/gists{/gist_id}",
+    "starred_url": "https://api.github.com/users/github/starred{/owner}{/repo}",
+    "subscriptions_url": "https://api.github.com/users/github/subscriptions",
+    "organizations_url": "https://api.github.com/users/github/orgs",
+    "repos_url": "https://api.github.com/users/github/repos",
+    "events_url": "https://api.github.com/users/github/events{/privacy}",
+    "received_events_url": "https://api.github.com/users/github/received_events",
+    "type": "Organization",
+    "site_admin": false
  }	  
 }
diff --git a/middleware/archived-enterprise-versions.js b/middleware/archived-enterprise-versions.js
@@ -1,6 +1,6 @@
 const path = require('path')
 const slash = require('slash')
-const { firstVersionDeprecatedOnNewSite, lastVersionWithoutStubbedRedirectFiles } = require('../lib/enterprise-server-releases')
+const { firstVersionDeprecatedOnNewSite, lastVersionWithoutArchivedRedirectsFile } = require('../lib/enterprise-server-releases')
 const patterns = require('../lib/patterns')
 const versionSatisfiesRange = require('../lib/version-satisfies-range')
 const isArchivedVersion = require('../lib/is-archived-version')
@@ -25,21 +25,43 @@ module.exports = async (req, res, next) => {
   }
 
   // find redirects for versions between 2.13 and 2.17
-  // starting with 2.18, we updated the archival script to create stubbed HTML redirect files
+  // starting with 2.18, we updated the archival script to create a redirects.json file
   if (versionSatisfiesRange(requestedVersion, `>=${firstVersionDeprecatedOnNewSite}`) &&
-    versionSatisfiesRange(requestedVersion, `<=${lastVersionWithoutStubbedRedirectFiles}`)) {
+    versionSatisfiesRange(requestedVersion, `<=${lastVersionWithoutArchivedRedirectsFile}`)) {
     const redirect = archvivedRedirects[req.path]
     if (redirect && redirect !== req.path) {
       return res.redirect(301, redirect)
     }
   }
 
+  let reqPath = req.path
+  let isRedirect = false
+  if (versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`)) {
+    try {
+      const res = await got(getProxyPath('redirects.json', requestedVersion))
+      const redirectJson = JSON.parse(res.body)
+
+      if (redirectJson[req.path]) {
+        isRedirect = true
+      }
+      reqPath = redirectJson[req.path] || req.path
+    } catch (err) {
+      // nooop
+    }
+  }
+
   try {
-    const r = await got(getProxyPath(req.path, requestedVersion))
+    const r = await got(getProxyPath(reqPath, requestedVersion))
     res.set('content-type', r.headers['content-type'])
     res.set('x-robots-tag', 'noindex')
 
-    // make the stubbed redirect files added in >=2.18 return 301 instead of 200
+    // make redirects found via redirects.json return 301 instead of 200
+    if (isRedirect) {
+      res.status(301)
+      res.set('location', reqPath)
+    }
+
+    // make stubbed redirect files (which exist in versions <2.13) return 301 instead of 200
     const staticRedirect = r.body.match(patterns.staticRedirect)
     if (staticRedirect) {
       res.status(301)
@@ -73,7 +95,7 @@ function getProxyPath (reqPath, requestedVersion) {
 // this workaround finds potentially relevant frontmatter redirects in currently supported pages
 function getFallbackRedirects (req, requestedVersion) {
   if (versionSatisfiesRange(requestedVersion, `<${firstVersionDeprecatedOnNewSite}`)) return
-  if (versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutStubbedRedirectFiles}`)) return
+  if (versionSatisfiesRange(requestedVersion, `>${lastVersionWithoutArchivedRedirectsFile}`)) return
 
   return archivedFrontmatterFallbacks.find(arrayOfFallbacks => arrayOfFallbacks.includes(req.path))
 }
diff --git a/middleware/rate-limit.js b/middleware/rate-limit.js
@@ -19,9 +19,14 @@ module.exports = rateLimit({
   store: REDIS_URL && new RedisStore({
     client: new Redis(REDIS_URL, {
       db: rateLimitDatabaseNumber,
-      tls: {
-        // Required for production Heroku Redis
-        rejectUnauthorized: false
+
+      // Only add this configuration for TLS-enabled REDIS_URL values.
+      // Otherwise, it breaks for local Redis instances without TLS enabled.
+      ...REDIS_URL.startsWith('rediss://') && {
+        tls: {
+          // Required for production Heroku Redis
+          rejectUnauthorized: false
+        }
       }
     }),
     // 1 minute (or practically unlimited outside of production)
diff --git a/script/enterprise-server-deprecations/archive-version.js b/script/enterprise-server-deprecations/archive-version.js
@@ -9,7 +9,6 @@ const host = `http://localhost:${port}`
 const scrape = require('website-scraper')
 const program = require('commander')
 const rimraf = require('rimraf').sync
-const mkdirp = require('mkdirp').sync
 const version = require('../../lib/enterprise-server-releases').oldestSupported
 const archivalRepoName = 'help-docs-archived-enterprise-versions'
 const archivalRepoUrl = `https://github.com/github/${archivalRepoName}`
@@ -173,18 +172,20 @@ async function main () {
     console.log(`\n\ndone scraping! added files to ${path.relative(process.cwd(), finalDirectory)}\n`)
 
     // create redirect html files to preserve frontmatter redirects
-    await createRedirectPages(permalinksPerVersion, pageMap, finalDirectory)
+    await createRedirectsFile(permalinksPerVersion, pageMap, finalDirectory)
 
     console.log(`next step: deprecate ${version} in lib/enterprise-server-releases.js`)
 
     process.exit()
   })
 }
 
-async function createRedirectPages (permalinks, pageMap, finalDirectory) {
+async function createRedirectsFile (permalinks, pageMap, finalDirectory) {
   const pagesPerVersion = permalinks.map(permalink => pageMap[permalink])
   const redirects = await loadRedirects(pagesPerVersion, pageMap)
 
+  const redirectsPerVersion = {}
+
   Object.entries(redirects).forEach(([oldPath, newPath]) => {
     // remove any liquid variables that sneak in
     oldPath = oldPath
@@ -193,31 +194,8 @@ async function createRedirectPages (permalinks, pageMap, finalDirectory) {
     // ignore any old paths that are not in this version
     if (!(oldPath.includes(`/enterprise-server@${version}`) || oldPath.includes(`/enterprise/${version}`))) return
 
-    const fullPath = path.join(finalDirectory, oldPath)
-    const filename = `${fullPath}/index.html`
-    const html = getRedirectHtml(newPath)
-
-    mkdirp(fullPath)
-    fs.writeFileSync(filename, html)
+    redirectsPerVersion[oldPath] = newPath
   })
 
-  console.log('done creating redirect files!\n')
-}
-
-// redirect html files already exist in <=2.12 because these versions were deprecated on the old static site
-function getRedirectHtml (newPath) {
-  return `<!DOCTYPE html>
-<html>
-<head>
-<meta charset="utf-8">
-<title>Redirecting...</title>
-<link rel="canonical" href="${newPath}">
-<meta http-equiv="refresh" content="0; url=${newPath}">
-</head>
-<body>
-<h1>Redirecting...</h1>
-<a href="${newPath}">Click here if you are not redirected.</a>
-<script>location='${newPath}'</script>
-</body>
-</html>`
+  fs.writeFileSync(path.posix.join(finalDirectory, 'redirects.json'), JSON.stringify(redirectsPerVersion, null, 2))
 }
diff --git a/script/purge-redis-pages.js b/script/purge-redis-pages.js
@@ -44,9 +44,14 @@ purgeRenderedPageCache()
 function purgeRenderedPageCache () {
   const redisClient = new Redis(REDIS_URL, {
     db: pageCacheDatabaseNumber,
-    tls: {
-      // Required for production Heroku Redis
-      rejectUnauthorized: false
+
+    // Only add this configuration for TLS-enabled REDIS_URL values.
+    // Otherwise, it breaks for local Redis instances without TLS enabled.
+    ...REDIS_URL.startsWith('rediss://') && {
+      tls: {
+        // Required for production Heroku Redis
+        rejectUnauthorized: false
+      }
     }
   })
   let totalKeyCount = 0
diff --git a/tests/routing/deprecated-enterprise-versions.js b/tests/routing/deprecated-enterprise-versions.js
@@ -30,6 +30,12 @@ describe('enterprise deprecation', () => {
     expect(res.headers.location).toBe('/en/enterprise/2.15/user/articles/viewing-contributions-on-your-profile')
   })
 
+  test('can access redirects from redirects.json in deprecated enterprise content >2.17', async () => {
+    const res = await get('/enterprise/2.19/admin/categories/time')
+    expect(res.statusCode).toBe(301)
+    expect(res.headers.location).toBe('/en/enterprise-server@2.19/admin/configuration/configuring-time-synchronization')
+  })
+
   test('handles requests for deprecated Enterprise pages ( >=2.13 )', async () => {
     expect(enterpriseServerReleases.deprecated.includes('2.13')).toBe(true)
     const $ = await getDOM('/en/enterprise/2.13/user/articles/about-branches')
