Per mw:PhpStorm project security, there is a security risk to opening unreviewed directories in PhpStorm if they contain PhpStorm or VCS configuration files.

I suggest adding a global push rule (Premium edition feature) to our GitLab configuration which prevents such files from being uploaded by default.

Suggested regexes:

(^|\/)\.(idea|git|svn|hg)\/
\.(ipr|iws|iml|gdsl)$

Apparently slashes have to be escaped for some reason.

The GitLab documentation states that projects may override global rules, which I think is fine. If a team really wants to share their .idea directory, they can do that as long as they have appropriate checks and access controls. The point is to prevent a surprise compromise on projects that don't normally share configuration.

Gerrit search for affected files:

• https://gerrit.wikimedia.org/r/q/path:%2522%255E.*%255C.(ipr%257Ciws%257Ciml%257Cgdsl)%2522
• https://gerrit.wikimedia.org/r/q/path:%2522%255E.*%255C.(idea%257Cgit%257Csvn%257Chg)/.*%2522

Not sure how to do that search in GitLab.