gitlab-org--gitlab-foss/app/services/audit_event_service.rb

# frozen_string_literal: true

class AuditEventService
  # Instantiates a new service
  #
  # @param [User] author the user who authors the change
  # @param [User, Project, Group] entity the scope which audit event belongs to
  #   This param is also used to determine the visibility of the audit event.
  #   - Project: events are visible at Project and Instance level
  #   - Group: events are visible at Group and Instance level
  #   - User: events are visible at Instance level
  # @param [Hash] details extra data of audit event
  #
  # @return [AuditEventService]
  def initialize(author, entity, details = {})
    @author = build_author(author)
    @entity = entity
    @details = details
    @ip_address = resolve_ip_address(@author)
  end

  # Builds the @details attribute for authentication
  #
  # This uses the @author as the target object being audited
  #
  # @return [AuditEventService]
  def for_authentication
    mark_as_authentication_event!

    @details = {
      with: @details[:with],
      target_id: @author.id,
      target_type: 'User',
      target_details: @author.name
    }

    self
  end

  # Writes event to a file and creates an event record in DB
  #
  # @return [AuditEvent] persited if saves and non-persisted if fails
  def security_event
    log_security_event_to_file
    log_authentication_event_to_database
    log_security_event_to_database
  end

  # Writes event to a file
  def log_security_event_to_file
    file_logger.info(base_payload.merge(formatted_details))
  end

  private

  attr_reader :ip_address

  def build_author(author)
    case author
    when User
      author.impersonated? ? Gitlab::Audit::ImpersonatedAuthor.new(author) : author
    else
      Gitlab::Audit::UnauthenticatedAuthor.new(name: author)
    end
  end

  def resolve_ip_address(author)
    Gitlab::RequestContext.instance.client_ip ||
      author.current_sign_in_ip
  end

  def base_payload
    {
      author_id: @author.id,
      author_name: @author.name,
      entity_id: @entity.id,
      entity_type: @entity.class.name
    }
  end

  def authentication_event_payload
    {
      # @author can be a User or various Gitlab::Audit authors.
      # Only capture real users for successful authentication events.
      user: author_if_user,
      user_name: @author.name,
      ip_address: ip_address,
      result: AuthenticationEvent.results[:success],
      provider: @details[:with]
    }
  end

  def author_if_user
    @author if @author.is_a?(User)
  end

  def file_logger
    @file_logger ||= Gitlab::AuditJsonLogger.build
  end

  def formatted_details
    @details.merge(@details.slice(:from, :to).transform_values(&:to_s))
  end

  def mark_as_authentication_event!
    @authentication_event = true
  end

  def authentication_event?
    @authentication_event
  end

  def log_security_event_to_database
    return if Gitlab::Database.read_only?

    event = AuditEvent.new(base_payload.merge(details: @details))
    save_or_track event

    event
  end

  def log_authentication_event_to_database
    return unless Gitlab::Database.read_write? && authentication_event?

    event = AuthenticationEvent.new(authentication_event_payload)
    save_or_track event

    event
  end

  def save_or_track(event)
    event.save!
  rescue StandardError => e
    Gitlab::ErrorTracking.track_exception(e, audit_event_type: event.class.to_s)
  end
end

AuditEventService.prepend_mod_with('AuditEventService')
Enable frozen string in apps/uploaders/*.rb Partially addresses #47424. 2018-07-05 06:18:17 -04:00			`# frozen_string_literal: true`

Audit log for user authentication 2015-07-03 07:54:50 -04:00			`class AuditEventService`
Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`# Instantiates a new service`
			`#`
Add latest changes from gitlab-org/gitlab@master 2020-02-25 04:09:10 -05:00			`# @param [User] author the user who authors the change`
			`# @param [User, Project, Group] entity the scope which audit event belongs to`
			`# This param is also used to determine the visibility of the audit event.`
			`# - Project: events are visible at Project and Instance level`
			`# - Group: events are visible at Group and Instance level`
Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`# - User: events are visible at Instance level`
Add latest changes from gitlab-org/gitlab@master 2020-02-25 04:09:10 -05:00			`# @param [Hash] details extra data of audit event`
Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`#`
			`# @return [AuditEventService]`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`def initialize(author, entity, details = {})`
Add latest changes from gitlab-org/gitlab@master 2020-04-03 08:09:52 -04:00			`@author = build_author(author)`
Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`@entity = entity`
			`@details = details`
Add latest changes from gitlab-org/gitlab@master 2021-06-29 08:08:48 -04:00			`@ip_address = resolve_ip_address(@author)`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`# Builds the @details attribute for authentication`
			`#`
Add latest changes from gitlab-org/gitlab@master 2020-02-25 04:09:10 -05:00			`# This uses the @author as the target object being audited`
Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`#`
			`# @return [AuditEventService]`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`def for_authentication`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`mark_as_authentication_event!`

Audit log for user authentication 2015-07-03 07:54:50 -04:00			`@details = {`
			`with: @details[:with],`
			`target_id: @author.id,`
Services: code style fixes, minor refactoring 2016-07-06 09:26:59 -04:00			`target_type: 'User',`
Enable the Style/TrailingCommaInLiteral cop Use the EnforcedStyleForMultiline: no_comma option. Signed-off-by: Rémy Coutable <remy@rymai.me> 2017-05-03 07:22:03 -04:00			`target_details: @author.name`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`}`

			`self`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`# Writes event to a file and creates an event record in DB`
			`#`
Add latest changes from gitlab-org/gitlab@master 2020-08-21 05:10:08 -04:00			`# @return [AuditEvent] persited if saves and non-persisted if fails`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`def security_event`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`log_security_event_to_file`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`log_authentication_event_to_database`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`log_security_event_to_database`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-19 04:08:59 -05:00			`# Writes event to a file`
Backport "Track repository pushes as audit events" 2019-08-27 17:50:17 -04:00			`def log_security_event_to_file`
			`file_logger.info(base_payload.merge(formatted_details))`
			`end`

Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`private`

Add latest changes from gitlab-org/gitlab@master 2020-07-15 11:09:21 -04:00			`attr_reader :ip_address`

Add latest changes from gitlab-org/gitlab@master 2020-04-03 08:09:52 -04:00			`def build_author(author)`
Add latest changes from gitlab-org/gitlab@master 2020-05-15 11:08:04 -04:00			`case author`
			`when User`
			`author.impersonated? ? Gitlab::Audit::ImpersonatedAuthor.new(author) : author`
Add latest changes from gitlab-org/gitlab@master 2020-04-03 08:09:52 -04:00			`else`
			`Gitlab::Audit::UnauthenticatedAuthor.new(name: author)`
			`end`
			`end`

Add latest changes from gitlab-org/gitlab@master 2021-06-29 08:08:48 -04:00			`def resolve_ip_address(author)`
			`Gitlab::RequestContext.instance.client_ip \|\|`
Add latest changes from gitlab-org/gitlab@master 2020-10-27 02:08:27 -04:00			`author.current_sign_in_ip`
			`end`

Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`def base_payload`
			`{`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`author_id: @author.id,`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 08:09:16 -04:00			`author_name: @author.name,`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`entity_id: @entity.id,`
Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`entity_type: @entity.class.name`
			`}`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`def authentication_event_payload`
			`{`
			`# @author can be a User or various Gitlab::Audit authors.`
			`# Only capture real users for successful authentication events.`
			`user: author_if_user,`
			`user_name: @author.name,`
			`ip_address: ip_address,`
			`result: AuthenticationEvent.results[:success],`
			`provider: @details[:with]`
			`}`
			`end`

			`def author_if_user`
			`@author if @author.is_a?(User)`
			`end`

Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`def file_logger`
			`@file_logger \|\|= Gitlab::AuditJsonLogger.build`
			`end`

Format `from` and `to` fields in JSON audit log To make it possible to index the `from` and `to` fields with Elasticsearch and other tools, we need the types to be the same. Currently they are a mix of boolean and string values. Part of https://gitlab.com/gitlab-org/gitlab-ee/issues/12599 2019-07-03 18:58:05 -04:00			`def formatted_details`
			`@details.merge(@details.slice(:from, :to).transform_values(&:to_s))`
			`end`

Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`def mark_as_authentication_event!`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 17:10:11 -04:00			`@authentication_event = true`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`end`

			`def authentication_event?`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 17:10:11 -04:00			`@authentication_event`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`end`

Add support for JSON logging for audit events This will add audit_json.log that writes one line per audit event. For example: { "severity":"INFO", "time":"2018-10-17T17:38:22.523Z", "author_id":3, "entity_id":2, "entity_type":"Project", "change":"visibility", "from":"Private", "to":"Public", "author_name":"John Doe4", "target_id":2, "target_type":"Project", "target_details":"namespace2/project2" } 2018-10-18 15:50:21 -04:00			`def log_security_event_to_database`
Add latest changes from gitlab-org/gitlab@master 2021-08-02 05:10:09 -04:00			`return if Gitlab::Database.read_only?`
Add latest changes from gitlab-org/gitlab@master 2020-02-05 22:08:47 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-09-24 11:09:51 -04:00			`event = AuditEvent.new(base_payload.merge(details: @details))`
			`save_or_track event`

			`event`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00
			`def log_authentication_event_to_database`
Add latest changes from gitlab-org/gitlab@master 2021-08-02 05:10:09 -04:00			`return unless Gitlab::Database.read_write? && authentication_event?`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-09-24 11:09:51 -04:00			`event = AuthenticationEvent.new(authentication_event_payload)`
			`save_or_track event`

			`event`
			`end`

			`def save_or_track(event)`
			`event.save!`
Add latest changes from gitlab-org/gitlab@master 2021-04-26 08:09:44 -04:00			`rescue StandardError => e`
Add latest changes from gitlab-org/gitlab@master 2020-09-24 11:09:51 -04:00			`Gitlab::ErrorTracking.track_exception(e, audit_event_type: event.class.to_s)`
Add latest changes from gitlab-org/gitlab@master 2020-09-18 02:09:31 -04:00			`end`
Audit log for user authentication 2015-07-03 07:54:50 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-05-11 17:10:21 -04:00			`AuditEventService.prepend_mod_with('AuditEventService')`