From 33e4d44c11427a31ada41e7a0757d35f03d62ce7 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 30 Jun 2021 11:42:13 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

---
 app/models/audit_event.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'app/models')

diff --git a/app/models/audit_event.rb b/app/models/audit_event.rb
index aff7eef4622..11036b76fc1 100644
--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
@@ -32,6 +32,9 @@ class AuditEvent < ApplicationRecord
   scope :by_author_id, -> (author_id) { where(author_id: author_id) }
 
   after_initialize :initialize_details
+
+  before_validation :sanitize_message
+
   # Note: The intention is to remove this once refactoring of AuditEvent
   # has proceeded further.
   #
@@ -83,6 +86,14 @@ class AuditEvent < ApplicationRecord
 
   private
 
+  def sanitize_message
+    message = details[:custom_message]
+
+    return unless message
+
+    self.details = details.merge(custom_message: Sanitize.clean(message))
+  end
+
   def default_author_value
     ::Gitlab::Audit::NullAuthor.for(author_id, (self[:author_name] || details[:author_name]))
   end
-- 
cgit v1.2.1