Add latest changes from gitlab-org/security/gitlab@14-1-stable-ee

4 files changed, 50 insertions, 1 deletions

diff --git a/Gemfile.lock b/Gemfile.lock
index e3bb0584149..190435b796f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -805,7 +805,7 @@ GEM
       nenv (~> 0.1)
       shellany (~> 0.0)
     numerizer (0.2.0)
-    oauth (0.5.4)
+    oauth (0.5.6)
     oauth2 (1.4.7)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb
index bf66a33a7b2..5e0a86fdeee 100644
--- a/app/services/issues/base_service.rb
+++ b/app/services/issues/base_service.rb
@@ -48,6 +48,9 @@ module Issues
       params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project)
       params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project)
 
+      # Only users with permission to handle error data can add it to issues
+      params.delete(:sentry_issue_attributes) unless current_user.can?(:update_sentry_issue, project)
+
       issue.system_note_timestamp = params[:created_at] || params[:updated_at]
     end
 
diff --git a/spec/services/issues/create_service_spec.rb b/spec/services/issues/create_service_spec.rb
index b073ffd291f..0e2b3b957a5 100644
--- a/spec/services/issues/create_service_spec.rb
+++ b/spec/services/issues/create_service_spec.rb
@@ -226,6 +226,27 @@ RSpec.describe Issues::CreateService do
         end
       end
 
+      context 'when sentry identifier is given' do
+        before do
+          sentry_attributes = { sentry_issue_attributes: { sentry_issue_identifier: 42 } }
+          opts.merge!(sentry_attributes)
+        end
+
+        it 'does not assign the sentry error' do
+          expect(issue.sentry_issue).to eq(nil)
+        end
+
+        context 'user is reporter or above' do
+          before do
+            project.add_reporter(user)
+          end
+
+          it 'assigns the sentry error' do
+            expect(issue.sentry_issue).to be_kind_of(SentryIssue)
+          end
+        end
+      end
+
       it 'executes issue hooks when issue is not confidential' do
         opts = { title: 'Title', description: 'Description', confidential: false }
 
diff --git a/spec/services/issues/update_service_spec.rb b/spec/services/issues/update_service_spec.rb
index 70c3c2a0f5d..1e922401028 100644
--- a/spec/services/issues/update_service_spec.rb
+++ b/spec/services/issues/update_service_spec.rb
@@ -82,6 +82,31 @@ RSpec.describe Issues::UpdateService, :mailer do
         expect(issue.milestone).to eq milestone
       end
 
+      context 'when sentry identifier is given' do
+        before do
+          sentry_attributes = { sentry_issue_attributes: { sentry_issue_identifier: 42 } }
+          opts.merge!(sentry_attributes)
+        end
+
+        it 'assigns the sentry error' do
+          update_issue(opts)
+
+          expect(issue.sentry_issue).to be_kind_of(SentryIssue)
+        end
+
+        context 'user is a guest' do
+          before do
+            project.add_guest(user)
+          end
+
+          it 'does not assign the sentry error' do
+            update_issue(opts)
+
+            expect(issue.sentry_issue).to eq(nil)
+          end
+        end
+      end
+
       context 'when issue type is not incident' do
         before do
           update_issue(opts)