Allow custom hooks errors to appear in GitLab UI

Error messages from custom pre-receive hooks now appear in the GitLab
UI.

This is re-enabling a feature that had been disabled in merge request
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18646

The feature had been disabled due to security concerns that information
which was not intended to be public (like stack traces) would leak into
public view.

PreReceiveErrors (from pre-receive, post-receive and update custom
hooks) are now filtered for messages that have been prefixed in a
particular way.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/48132

1 files changed, 13 insertions, 3 deletions

diff --git a/spec/lib/gitlab/git/pre_receive_error_spec.rb b/spec/lib/gitlab/git/pre_receive_error_spec.rb
index 1b8be62dec6..cb030e38032 100644
--- a/spec/lib/gitlab/git/pre_receive_error_spec.rb
+++ b/spec/lib/gitlab/git/pre_receive_error_spec.rb
@@ -1,9 +1,19 @@
 require 'spec_helper'
 
 describe Gitlab::Git::PreReceiveError do
-  it 'makes its message HTML-friendly' do
-    ex = described_class.new("hello\nworld\n")
+  Gitlab::Git::PreReceiveError::SAFE_MESSAGE_PREFIXES.each do |prefix|
+    context "error messages prefixed with #{prefix}" do
+      it 'accepts only errors lines with the prefix' do
+        ex = described_class.new("#{prefix} Hello,\nworld!")
 
-    expect(ex.message).to eq('hello<br>world<br>')
+        expect(ex.message).to eq('Hello,')
+      end
+
+      it 'makes its message HTML-friendly' do
+        ex = described_class.new("#{prefix} Hello,\n#{prefix} world!\n")
+
+        expect(ex.message).to eq('Hello,<br>world!')
+      end
+    end
   end
 end