diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:05:12 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-28 22:05:22 +0000 |
commit | 10d9a3bf50cca85dd857c5306a34d7a6032580e6 (patch) | |
tree | 9ecd7fbf59c0e43c143c1d46fd437a9810aa6067 /lib | |
parent | 6ed97cad88c8518155867b9a6a7896d7085a2f4e (diff) | |
download | gitlab-ce-10d9a3bf50cca85dd857c5306a34d7a6032580e6.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee
Diffstat (limited to 'lib')
-rw-r--r-- | lib/error_tracking/sentry_client.rb | 11 | ||||
-rw-r--r-- | lib/error_tracking/sentry_client/event.rb | 2 | ||||
-rw-r--r-- | lib/error_tracking/sentry_client/issue.rb | 12 | ||||
-rw-r--r-- | lib/gitlab/checks/tag_check.rb | 13 |
4 files changed, 32 insertions, 6 deletions
diff --git a/lib/error_tracking/sentry_client.rb b/lib/error_tracking/sentry_client.rb index 029389ab5d6..713cec7a7d6 100644 --- a/lib/error_tracking/sentry_client.rb +++ b/lib/error_tracking/sentry_client.rb @@ -10,6 +10,7 @@ module ErrorTracking Error = Class.new(StandardError) MissingKeysError = Class.new(StandardError) + InvalidFieldValueError = Class.new(StandardError) ResponseInvalidSizeError = Class.new(StandardError) RESPONSE_SIZE_LIMIT = 1.megabyte @@ -110,5 +111,15 @@ module ErrorTracking def raise_error(message) raise SentryClient::Error, message end + + def ensure_numeric!(field, value) + return value if /\A\d+\z/.match?(value) + + raise_invalid_field_value!(field, "#{value.inspect} is not numeric") + end + + def raise_invalid_field_value!(field, message) + raise InvalidFieldValueError, %(Sentry API response contains invalid value for field "#{field}": #{message}) + end end end diff --git a/lib/error_tracking/sentry_client/event.rb b/lib/error_tracking/sentry_client/event.rb index 1db31abeeb2..d8ae81f5411 100644 --- a/lib/error_tracking/sentry_client/event.rb +++ b/lib/error_tracking/sentry_client/event.rb @@ -16,7 +16,7 @@ module ErrorTracking Gitlab::ErrorTracking::ErrorEvent.new( project_id: event['projectID'], - issue_id: event['groupID'], + issue_id: ensure_numeric!('issue_id', event['groupID']), date_received: event['dateReceived'], stack_trace_entries: stack_trace ) diff --git a/lib/error_tracking/sentry_client/issue.rb b/lib/error_tracking/sentry_client/issue.rb index 3c846eb0635..5e2e0787a3f 100644 --- a/lib/error_tracking/sentry_client/issue.rb +++ b/lib/error_tracking/sentry_client/issue.rb @@ -114,8 +114,10 @@ module ErrorTracking end def map_to_error(issue) + id = ensure_numeric!('id', issue.fetch('id')) + Gitlab::ErrorTracking::Error.new( - id: issue.fetch('id'), + id: id, first_seen: issue.fetch('firstSeen', nil), last_seen: issue.fetch('lastSeen', nil), title: issue.fetch('title', nil), @@ -124,7 +126,7 @@ module ErrorTracking count: issue.fetch('count', nil), message: issue.dig('metadata', 'value'), culprit: issue.fetch('culprit', nil), - external_url: issue_url(issue.fetch('id')), + external_url: issue_url(id), short_id: issue.fetch('shortId', nil), status: issue.fetch('status', nil), frequency: issue.dig('stats', '24h'), @@ -135,8 +137,10 @@ module ErrorTracking end def map_to_detailed_error(issue) + id = ensure_numeric!('id', issue.fetch('id')) + Gitlab::ErrorTracking::DetailedError.new( - id: issue.fetch('id'), + id: id, first_seen: issue.fetch('firstSeen', nil), last_seen: issue.fetch('lastSeen', nil), tags: extract_tags(issue), @@ -146,7 +150,7 @@ module ErrorTracking count: issue.fetch('count', nil), message: issue.dig('metadata', 'value'), culprit: issue.fetch('culprit', nil), - external_url: issue_url(issue.fetch('id')), + external_url: issue_url(id), external_base_url: project_url, short_id: issue.fetch('shortId', nil), status: issue.fetch('status', nil), diff --git a/lib/gitlab/checks/tag_check.rb b/lib/gitlab/checks/tag_check.rb index 5dd7720b67d..007a775eaf5 100644 --- a/lib/gitlab/checks/tag_check.rb +++ b/lib/gitlab/checks/tag_check.rb @@ -9,11 +9,13 @@ module Gitlab delete_protected_tag: 'You are not allowed to delete protected tags from this project. '\ 'Only a project maintainer or owner can delete a protected tag.', delete_protected_tag_non_web: 'You can only delete protected tags using the web interface.', - create_protected_tag: 'You are not allowed to create this tag as it is protected.' + create_protected_tag: 'You are not allowed to create this tag as it is protected.', + default_branch_collision: 'You cannot use default branch name to create a tag' }.freeze LOG_MESSAGES = { tag_checks: "Checking if you are allowed to change existing tags...", + default_branch_collision_check: "Checking if you are providing a valid tag name...", protected_tag_checks: "Checking if you are creating, updating or deleting a protected tag..." }.freeze @@ -26,6 +28,7 @@ module Gitlab end end + default_branch_collision_check protected_tag_checks end @@ -52,6 +55,14 @@ module Gitlab end end end + + def default_branch_collision_check + logger.log_timed(LOG_MESSAGES[:default_branch_collision_check]) do + if creation? && tag_name == project.default_branch + raise GitAccess::ForbiddenError, ERROR_MESSAGES[:default_branch_collision] + end + end + end end end end |