From f82380b9df9693e7976b7474233840a469635429 Mon Sep 17 00:00:00 2001 From: Luke Duncalfe Date: Wed, 20 Mar 2019 17:08:51 +1300 Subject: Allow custom hooks errors to appear in GitLab UI Error messages from custom pre-receive hooks now appear in the GitLab UI. This is re-enabling a feature that had been disabled in merge request https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18646 The feature had been disabled due to security concerns that information which was not intended to be public (like stack traces) would leak into public view. PreReceiveErrors (from pre-receive, post-receive and update custom hooks) are now filtered for messages that have been prefixed in a particular way. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/48132 --- spec/lib/gitlab/git/pre_receive_error_spec.rb | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'spec/lib/gitlab/git') diff --git a/spec/lib/gitlab/git/pre_receive_error_spec.rb b/spec/lib/gitlab/git/pre_receive_error_spec.rb index 1b8be62dec6..cb030e38032 100644 --- a/spec/lib/gitlab/git/pre_receive_error_spec.rb +++ b/spec/lib/gitlab/git/pre_receive_error_spec.rb @@ -1,9 +1,19 @@ require 'spec_helper' describe Gitlab::Git::PreReceiveError do - it 'makes its message HTML-friendly' do - ex = described_class.new("hello\nworld\n") + Gitlab::Git::PreReceiveError::SAFE_MESSAGE_PREFIXES.each do |prefix| + context "error messages prefixed with #{prefix}" do + it 'accepts only errors lines with the prefix' do + ex = described_class.new("#{prefix} Hello,\nworld!") - expect(ex.message).to eq('hello
world
') + expect(ex.message).to eq('Hello,') + end + + it 'makes its message HTML-friendly' do + ex = described_class.new("#{prefix} Hello,\n#{prefix} world!\n") + + expect(ex.message).to eq('Hello,
world!') + end + end end end -- cgit v1.2.1