diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 17:41:31 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 17:41:34 +0300 |
commit | 0270de55ca6d4ddb0d0d67f98309d0f1ba2b9cef (patch) | |
tree | 148eff29145e65f7c5b7eeff45f6f7fd237a2b3f /lib | |
parent | eb9d835f5935926572ba1b69af3b980e41a86b32 (diff) |
Merge branch 'security-import-path-logging-11-6' into 'security-11-6'
[11.6] Fix error disclosure on Project Import
See merge request gitlab/gitlabhq!2733
(cherry picked from commit b4797537a586bce6a96580a0257f59f9c6a92c14)
f470ad2f Fix path disclosure on Project Import
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/import_export/shared.rb | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/lib/gitlab/import_export/shared.rb b/lib/gitlab/import_export/shared.rb index c13e6c1d83b..947caaaefee 100644 --- a/lib/gitlab/import_export/shared.rb +++ b/lib/gitlab/import_export/shared.rb @@ -8,6 +8,7 @@ module Gitlab def initialize(project) @project = project @errors = [] + @logger = Gitlab::Import::Logger.build end def active_export_count @@ -23,19 +24,16 @@ module Gitlab end def error(error) - error_out(error.message, caller[0].dup) - add_error_message(error.message) + log_error(message: error.message, caller: caller[0].dup) + log_debug(backtrace: error.backtrace&.join("\n")) + + Gitlab::Sentry.track_acceptable_exception(error, extra: log_base_data) - # Debug: - if error.backtrace - Rails.logger.error("Import/Export backtrace: #{error.backtrace.join("\n")}") - else - Rails.logger.error("No backtrace found") - end + add_error_message(error.message) end - def add_error_message(error_message) - @errors << error_message + def add_error_message(message) + @errors << filtered_error_message(message) end def after_export_in_progress? @@ -52,8 +50,25 @@ module Gitlab @project.disk_path end - def error_out(message, caller) - Rails.logger.error("Import/Export error raised on #{caller}: #{message}") + def log_error(details) + @logger.error(log_base_data.merge(details)) + end + + def log_debug(details) + @logger.debug(log_base_data.merge(details)) + end + + def log_base_data + { + importer: 'Import/Export', + import_jid: @project&.import_state&.import_jid, + project_id: @project&.id, + project_path: @project&.full_path + } + end + + def filtered_error_message(message) + Projects::ImportErrorFilter.filter_message(message) end def after_export_lock_file |