diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-29 01:03:06 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-09-29 01:03:28 +0300 |
| commit | 6ed97cad88c8518155867b9a6a7896d7085a2f4e (patch) | |
| tree | 48e63792d3ca6f832099e38163ed7b6388d88218 | |
| parent | cda92b051261cb820ed3ea9683865aeb85890411 (diff) | |
Add latest changes from gitlab-org/security/gitlab@15-4-stable-ee
| -rw-r--r-- | app/models/hooks/web_hook_log.rb | 10 | ||||
| -rw-r--r-- | lib/gitlab/ci/ansi2json/line.rb | 3 | ||||
| -rw-r--r-- | spec/lib/gitlab/ci/ansi2json/line_spec.rb | 2 | ||||
| -rw-r--r-- | spec/models/hooks/web_hook_log_spec.rb | 47 |
4 files changed, 44 insertions, 18 deletions
diff --git a/app/models/hooks/web_hook_log.rb b/app/models/hooks/web_hook_log.rb index 3fc3f193f19..c32957fbef9 100644 --- a/app/models/hooks/web_hook_log.rb +++ b/app/models/hooks/web_hook_log.rb @@ -22,7 +22,7 @@ class WebHookLog < ApplicationRecord validates :web_hook, presence: true before_save :obfuscate_basic_auth - before_save :redact_author_email + before_save :redact_user_emails def self.recent where(created_at: 2.days.ago.beginning_of_day..Time.zone.now) @@ -54,9 +54,9 @@ class WebHookLog < ApplicationRecord self.url = safe_url end - def redact_author_email - return unless self.request_data.dig('commit', 'author', 'email').present? - - self.request_data['commit']['author']['email'] = _('[REDACTED]') + def redact_user_emails + self.request_data.deep_transform_values! do |value| + value =~ URI::MailTo::EMAIL_REGEXP ? _('[REDACTED]') : value + end end end diff --git a/lib/gitlab/ci/ansi2json/line.rb b/lib/gitlab/ci/ansi2json/line.rb index e48080993ab..abe2f272ca7 100644 --- a/lib/gitlab/ci/ansi2json/line.rb +++ b/lib/gitlab/ci/ansi2json/line.rb @@ -80,7 +80,8 @@ module Gitlab end def set_section_duration(duration_in_seconds) - duration = ActiveSupport::Duration.build(duration_in_seconds.to_i) + normalized_duration_in_seconds = duration_in_seconds.to_i.clamp(0, 1.year) + duration = ActiveSupport::Duration.build(normalized_duration_in_seconds) hours = duration.in_hours.floor hours = hours > 0 ? "%02d" % hours : nil minutes = "%02d" % duration.parts[:minutes].to_i diff --git a/spec/lib/gitlab/ci/ansi2json/line_spec.rb b/spec/lib/gitlab/ci/ansi2json/line_spec.rb index d16750d19f1..b8563bb1d1c 100644 --- a/spec/lib/gitlab/ci/ansi2json/line_spec.rb +++ b/spec/lib/gitlab/ci/ansi2json/line_spec.rb @@ -87,6 +87,8 @@ RSpec.describe Gitlab::Ci::Ansi2json::Line do 1.minute + 15.seconds | '01:15' 13.hours + 14.minutes + 15.seconds | '13:14:15' 1.day + 13.hours + 14.minutes + 15.seconds | '37:14:15' + Float::MAX | '8765:00:00' + 10**10000 | '8765:00:00' end with_them do diff --git a/spec/models/hooks/web_hook_log_spec.rb b/spec/models/hooks/web_hook_log_spec.rb index 8ff8a1c3865..3441dfda7d6 100644 --- a/spec/models/hooks/web_hook_log_spec.rb +++ b/spec/models/hooks/web_hook_log_spec.rb @@ -44,26 +44,49 @@ RSpec.describe WebHookLog do end end - context 'with author email' do + context "with users' emails" do let(:author) { create(:user) } + let(:user) { create(:user) } let(:web_hook_log) { create(:web_hook_log, request_data: data) } let(:data) do { - commit: { - author: { - name: author.name, - email: author.email + user: { + name: user.name, + email: user.email + }, + commits: [ + { + user: { + name: author.name, + email: author.email + } + }, + { + user: { + name: user.name, + email: user.email + } } - } + ] }.deep_stringify_keys end - it "redacts author's email" do - expect(web_hook_log.request_data['commit']).to match a_hash_including( - 'author' => { - 'name' => author.name, - 'email' => _('[REDACTED]') - } + it "redacts users' emails" do + expect(web_hook_log.request_data['user']).to match a_hash_including( + 'name' => user.name, + 'email' => _('[REDACTED]') + ) + expect(web_hook_log.request_data['commits'].pluck('user')).to match_array( + [ + { + 'name' => author.name, + 'email' => _('[REDACTED]') + }, + { + 'name' => user.name, + 'email' => _('[REDACTED]') + } + ] ) end end |