Enforce UTF-8 encoding on user input in LogrageWithTimestamp formatter and filter out file content from logs
This commit is contained in:
Imre Farkas
parent
d8eea0c4ba
commit
854c9636ec
4 changed files with 47 additions and 0 deletions
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
title: Enforce UTF-8 encoding on user input in LogrageWithTimestamp formatter and
|
||||||
|
filter out file content from logs
|
||||||
|
merge_request:
|
||||||
|
author:
|
||||||
|
type: fixed
|
||||||
|
|
@ -70,6 +70,7 @@ module Gitlab
|
||||||
# - Webhook URLs (:hook)
|
# - Webhook URLs (:hook)
|
||||||
# - Sentry DSN (:sentry_dsn)
|
# - Sentry DSN (:sentry_dsn)
|
||||||
# - Deploy keys (:key)
|
# - Deploy keys (:key)
|
||||||
|
# - File content from Web Editor (:content)
|
||||||
config.filter_parameters += [/token$/, /password/, /secret/]
|
config.filter_parameters += [/token$/, /password/, /secret/]
|
||||||
config.filter_parameters += %i(
|
config.filter_parameters += %i(
|
||||||
certificate
|
certificate
|
||||||
|
|
@ -81,6 +82,7 @@ module Gitlab
|
||||||
sentry_dsn
|
sentry_dsn
|
||||||
trace
|
trace
|
||||||
variables
|
variables
|
||||||
|
content
|
||||||
)
|
)
|
||||||
|
|
||||||
# Enable escaping HTML in JSON.
|
# Enable escaping HTML in JSON.
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,12 @@ module Gitlab
|
||||||
module GrapeLogging
|
module GrapeLogging
|
||||||
module Formatters
|
module Formatters
|
||||||
class LogrageWithTimestamp
|
class LogrageWithTimestamp
|
||||||
|
include Gitlab::EncodingHelper
|
||||||
|
|
||||||
def call(severity, datetime, _, data)
|
def call(severity, datetime, _, data)
|
||||||
time = data.delete :time
|
time = data.delete :time
|
||||||
|
data[:params] = utf8_encode_values(data[:params]) if data.has_key?(:params)
|
||||||
|
|
||||||
attributes = {
|
attributes = {
|
||||||
time: datetime.utc.iso8601(3),
|
time: datetime.utc.iso8601(3),
|
||||||
severity: severity,
|
severity: severity,
|
||||||
|
|
@ -13,6 +17,19 @@ module Gitlab
|
||||||
}.merge(data)
|
}.merge(data)
|
||||||
::Lograge.formatter.call(attributes) + "\n"
|
::Lograge.formatter.call(attributes) + "\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def utf8_encode_values(data)
|
||||||
|
case data
|
||||||
|
when Hash
|
||||||
|
data.merge(data) { |k, v| utf8_encode_values(v) }
|
||||||
|
when Array
|
||||||
|
data.map { |v| utf8_encode_values(v) }
|
||||||
|
when String
|
||||||
|
encode_utf8(data)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -247,6 +247,19 @@ describe API::Commits do
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
let!(:valid_utf8_c_params) do
|
||||||
|
{
|
||||||
|
branch: 'master',
|
||||||
|
commit_message: message,
|
||||||
|
actions: [
|
||||||
|
{
|
||||||
|
action: 'create',
|
||||||
|
file_path: 'foo/bar/baz.txt',
|
||||||
|
content: 'puts 🦊'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
it 'a new file in project repo' do
|
it 'a new file in project repo' do
|
||||||
post api(url, user), valid_c_params
|
post api(url, user), valid_c_params
|
||||||
|
|
@ -257,6 +270,15 @@ describe API::Commits do
|
||||||
expect(json_response['committer_email']).to eq(user.email)
|
expect(json_response['committer_email']).to eq(user.email)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'a new file with utf8 chars in project repo' do
|
||||||
|
post api(url, user), valid_utf8_c_params
|
||||||
|
|
||||||
|
expect(response).to have_gitlab_http_status(201)
|
||||||
|
expect(json_response['title']).to eq(message)
|
||||||
|
expect(json_response['committer_name']).to eq(user.name)
|
||||||
|
expect(json_response['committer_email']).to eq(user.email)
|
||||||
|
end
|
||||||
|
|
||||||
it 'returns a 400 bad request if file exists' do
|
it 'returns a 400 bad request if file exists' do
|
||||||
post api(url, user), invalid_c_params
|
post api(url, user), invalid_c_params
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue