diff options
author | Jacob Vosmaer <jacob@gitlab.com> | 2019-04-29 16:04:24 +0300 |
---|---|---|
committer | Jacob Vosmaer <jacob@gitlab.com> | 2019-04-29 16:04:24 +0300 |
commit | 4a89628158bec9255ee9b53777a7a7420104e22e (patch) | |
tree | 265f95011b1b97da668934a6208a4ae2c899aee5 | |
parent | a974771ae6dbd175100c5425218b72b6f7a96782 (diff) | |
parent | fdf1ce8bf5f1d5917bd9ec3237ef06c6a8a3499c (diff) |
Merge remote-tracking branch 'dev/master'
-rw-r--r-- | CHANGELOG.md | 16 | ||||
-rw-r--r-- | VERSION | 2 | ||||
-rw-r--r-- | changelogs/unreleased/jc-geo-fetch.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/jc-praefect-proto-registry.yml | 5 | ||||
-rw-r--r-- | changelogs/unreleased/sh-bump-bundler-version.yml | 5 | ||||
-rw-r--r-- | internal/logsanitizer/url.go | 2 | ||||
-rw-r--r-- | internal/logsanitizer/url_test.go | 10 | ||||
-rw-r--r-- | ruby/lib/gitaly_server/utils.rb | 2 | ||||
-rw-r--r-- | ruby/lib/gitlab/git/gitlab_projects.rb | 9 | ||||
-rw-r--r-- | ruby/spec/lib/gitaly_server/exception_sanitizer_interceptor_spec.rb | 9 |
10 files changed, 38 insertions, 27 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ecd5bd21..086bdc5a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,21 @@ # Gitaly changelog +## v1.35.1 + +#### Added +- adding ProtoRegistry + https://gitlab.com/gitlab-org/gitaly/merge_requests/1188 + +#### Other +- Bump Ruby bundler version to 1.17.3 + https://gitlab.com/gitlab-org/gitaly/merge_requests/1215 +- Update FetchRemote ruby to write http auth as well as add remote + https://gitlab.com/gitlab-org/gitaly/merge_requests/1126 + +#### Security +- Loosen regex for exception sanitization + https://gitlab.com/gitlab-org/gitaly/merge_requests/25 + ## v1.35.0 @@ -1 +1 @@ -1.35.0 +1.35.1 diff --git a/changelogs/unreleased/jc-geo-fetch.yml b/changelogs/unreleased/jc-geo-fetch.yml deleted file mode 100644 index 6b9aad103..000000000 --- a/changelogs/unreleased/jc-geo-fetch.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Update FetchRemote ruby to write http auth as well as add remote -merge_request: 1126 -author: -type: other diff --git a/changelogs/unreleased/jc-praefect-proto-registry.yml b/changelogs/unreleased/jc-praefect-proto-registry.yml deleted file mode 100644 index 118c041fd..000000000 --- a/changelogs/unreleased/jc-praefect-proto-registry.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: adding ProtoRegistry -merge_request: 1188 -author: -type: added diff --git a/changelogs/unreleased/sh-bump-bundler-version.yml b/changelogs/unreleased/sh-bump-bundler-version.yml deleted file mode 100644 index 41a684195..000000000 --- a/changelogs/unreleased/sh-bump-bundler-version.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Bump Ruby bundler version to 1.17.3 -merge_request: 1215 -author: -type: other diff --git a/internal/logsanitizer/url.go b/internal/logsanitizer/url.go index ae56ddd83..8640570f5 100644 --- a/internal/logsanitizer/url.go +++ b/internal/logsanitizer/url.go @@ -8,7 +8,7 @@ import ( // Pattern taken from Regular Expressions Cookbook, slightly modified though // |Scheme |User |Named/IPv4 host|IPv6+ host -var hostPattern = regexp.MustCompile(`(?i)([a-z][a-z0-9+\-.]*://)([a-z0-9\-._~%!$&'()*+,;=:]+@)([a-z0-9\-._~%]+|\[[a-z0-9\-._~%!$&'()*+,;=:]+\])`) +var hostPattern = regexp.MustCompile(`(?i)([a-z][a-z0-9+\-.]*://)?([a-z0-9\-._~%!$&'()*+,;=:]+@)([a-z0-9\-._~%]+|\[[a-z0-9\-._~%!$&'()*+,;=:]+\])`) // URLSanitizerHook stores which gRPC methods to perform sanitization for. type URLSanitizerHook struct { diff --git a/internal/logsanitizer/url_test.go b/internal/logsanitizer/url_test.go index b3fc116fd..5b21d36f0 100644 --- a/internal/logsanitizer/url_test.go +++ b/internal/logsanitizer/url_test.go @@ -17,6 +17,7 @@ func TestUrlSanitizerHook(t *testing.T) { urlSanitizer.AddPossibleGrpcMethod( "UpdateRemoteMirror", "CreateRepositoryFromURL", + "FetchRemote", ) logger := log.New() @@ -58,6 +59,15 @@ func TestUrlSanitizerHook(t *testing.T) { expectedString: "asked for: https://[FILTERED]@gitlab.com/foo/bar", }, { + desc: "with URL without scheme output", + logFunc: func() { + logger.WithFields(log.Fields{ + "grpc.method": "FetchRemote", + }).Info("fatal: unable to look up foo:bar@non-existent.org (port 9418) (nodename nor servname provided, or not known") + }, + expectedString: "unable to look up [FILTERED]@non-existent.org (port 9418) (nodename nor servname provided, or not known", + }, + { desc: "with gRPC method not added to the list", logFunc: func() { logger.WithFields(log.Fields{ diff --git a/ruby/lib/gitaly_server/utils.rb b/ruby/lib/gitaly_server/utils.rb index 968bb17ca..9748522bc 100644 --- a/ruby/lib/gitaly_server/utils.rb +++ b/ruby/lib/gitaly_server/utils.rb @@ -1,7 +1,7 @@ module GitalyServer module Utils # See internal/logsanitizer/url.go for credits and explanation. - URL_HOST_PATTERN = %r{([a-z][a-z0-9+\-.]*://)([a-z0-9\-._~%!$&'()*+,;=:]+@)([a-z0-9\-._~%]+|\[[a-z0-9\-._~%!$&'()*+,;=:]+\])}i + URL_HOST_PATTERN = %r{([a-z][a-z0-9+\-.]*://)?([a-z0-9\-._~%!$&'()*+,;=:]+@)([a-z0-9\-._~%]+|\[[a-z0-9\-._~%!$&'()*+,;=:]+\])}i def gitaly_commit_from_rugged(rugged_commit) message_split = rugged_commit.message.b.split("\n", 2) diff --git a/ruby/lib/gitlab/git/gitlab_projects.rb b/ruby/lib/gitlab/git/gitlab_projects.rb index 3c7453961..b02cdc5ec 100644 --- a/ruby/lib/gitlab/git/gitlab_projects.rb +++ b/ruby/lib/gitlab/git/gitlab_projects.rb @@ -112,15 +112,6 @@ module Gitlab false end - def mask_password_in_url(url) - result = URI(url) - result.password = "*****" unless result.password.nil? - result.user = "*****" unless result.user.nil? # it's needed for oauth access_token - result - rescue - url - end - def remove_origin_in_repo cmd = %W(#{Gitlab.config.git.bin_path} remote rm origin) run(cmd, repository_absolute_path) diff --git a/ruby/spec/lib/gitaly_server/exception_sanitizer_interceptor_spec.rb b/ruby/spec/lib/gitaly_server/exception_sanitizer_interceptor_spec.rb index 06fabffc8..2e5516173 100644 --- a/ruby/spec/lib/gitaly_server/exception_sanitizer_interceptor_spec.rb +++ b/ruby/spec/lib/gitaly_server/exception_sanitizer_interceptor_spec.rb @@ -17,6 +17,15 @@ describe GitalyServer::ExceptionSanitizerInterceptor do end end + context 'with incomplete url in exception' do + let(:ex) { "unable to look up user:pass@non-existent.org (port 9418)" } + let(:ex_sanitized_message) { "unable to look up [FILTERED]@non-existent.org (port 9418)" } + + it 'sanitizes exception message' do + expect { subject }.to raise_error(ex_sanitized_message) + end + end + context 'GRPC::BadStatus exception' do let(:ex) { GRPC::Unknown.new(super().message) } |