diff options
| author | Luke Duncalfe <lduncalfe@eml.cc> | 2019-03-20 07:08:51 +0300 |
|---|---|---|
| committer | Luke Duncalfe <lduncalfe@eml.cc> | 2019-03-26 03:05:40 +0300 |
| commit | f82380b9df9693e7976b7474233840a469635429 (patch) | |
| tree | 0b692684c7b5933d3df6076ec5b9c9e772dd6a50 /lib | |
| parent | a3b3da72775fd37f7533ddd88fe47600079b4ed9 (diff) | |
Allow custom hooks errors to appear in GitLab UI
Error messages from custom pre-receive hooks now appear in the GitLab
UI.
This is re-enabling a feature that had been disabled in merge request
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/18646
The feature had been disabled due to security concerns that information
which was not intended to be public (like stack traces) would leak into
public view.
PreReceiveErrors (from pre-receive, post-receive and update custom
hooks) are now filtered for messages that have been prefixed in a
particular way.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/48132
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/gitlab/git/pre_receive_error.rb | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/lib/gitlab/git/pre_receive_error.rb b/lib/gitlab/git/pre_receive_error.rb index 03caace6fce..b46d4ba0b02 100644 --- a/lib/gitlab/git/pre_receive_error.rb +++ b/lib/gitlab/git/pre_receive_error.rb @@ -4,19 +4,38 @@ module Gitlab module Git # # PreReceiveError is special because its message gets displayed to users - # in the web UI. To prevent XSS we sanitize the message on - # initialization. + # in the web UI. Because of this, we: + # - Only display errors that have been marked as safe with a prefix. + # This is to prevent leaking of stacktraces, or other sensitive info. + # - Sanitize the string of any XSS class PreReceiveError < StandardError - def initialize(msg = '') - super(nlbr(msg)) + SAFE_MESSAGE_PREFIXES = [ + 'GitLab:', # Messages from gitlab-shell + 'GL-HOOK-ERR:' # Messages marked as safe by user + ].freeze + + SAFE_MESSAGE_REGEX = /^(#{SAFE_MESSAGE_PREFIXES.join('|')})\s*(?<safe_message>.+)/ + + def initialize(message = '') + super(sanitize(message)) end private # In gitaly-ruby we override this method to do nothing, so that # sanitization happens in gitlab-rails only. - def nlbr(str) - Gitlab::Utils.nlbr(str) + def sanitize(message) + return message if message.blank? + + safe_messages = message.split("\n").map do |msg| + if (match = msg.match(SAFE_MESSAGE_REGEX)) + match[:safe_message].presence + end + end + + safe_messages = safe_messages.compact.join("\n") + + Gitlab::Utils.nlbr(safe_messages) end end end |