Per mw:PhpStorm project security, there is a security risk to opening unreviewed directories in PhpStorm if they contain PhpStorm or VCS configuration files.
I suggest adding a global push rule (Premium edition feature) to our GitLab configuration which prevents such files from being uploaded by default.
Suggested regexes:
(^|\/)\.(idea|git|svn|hg)\/ \.(ipr|iws|iml|gdsl)$
Apparently slashes have to be escaped for some reason.
The GitLab documentation states that projects may override global rules, which I think is fine. If a team really wants to share their .idea directory, they can do that as long as they have appropriate checks and access controls. The point is to prevent a surprise compromise on projects that don't normally share configuration.
Gerrit search for affected files:
- https://gerrit.wikimedia.org/r/q/path:%2522%255E.*%255C.(ipr%257Ciws%257Ciml%257Cgdsl)%2522
- https://gerrit.wikimedia.org/r/q/path:%2522%255E.*%255C.(idea%257Cgit%257Csvn%257Chg)/.*%2522
Not sure how to do that search in GitLab.