From f78cd68ddf4513716b4f006428693756e04a6729 Mon Sep 17 00:00:00 2001
From: Andrew Newdigate <andrew@gitlab.com>
Date: Fri, 22 Feb 2019 14:47:37 +0200
Subject: Switch back to using regexps in `tracing_url_template`

This approach is able to cope with `%` characters in the URL template,
which is important since `%` is a valid URL character. Additionally
this approach is less likely to fail on an invalid string. This is
important since the distributed tracing infrastructure is designed to
degrade gracefully when not properly configured, and a small mistake
in the configuration of the URL template could have led to a production
outage.
---
 lib/gitlab/tracing.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/gitlab/tracing.rb b/lib/gitlab/tracing.rb
index 0d9b0be1c8e..29517591c51 100644
--- a/lib/gitlab/tracing.rb
+++ b/lib/gitlab/tracing.rb
@@ -27,10 +27,11 @@ module Gitlab
     def self.tracing_url
       return unless tracing_url_enabled?
 
-      tracing_url_template % {
-        correlation_id: Gitlab::CorrelationId.current_id.to_s,
-        service: Gitlab.process_name
-      }
+      # Avoid using `format` since it can throw TypeErrors
+      # which we want to avoid on unsanitised env var input
+      tracing_url_template.to_s
+        .gsub(/\{\{\s*correlation_id\s*\}\}/, Gitlab::CorrelationId.current_id.to_s)
+        .gsub(/\{\{\s*service\s*\}\}/, Gitlab.process_name)
     end
   end
 end
-- 
cgit v1.2.3