lib/gitlab/git/pre_receive_error.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# frozen_string_literal: true

module Gitlab
  module Git
    #
    # PreReceiveError is special because its message gets displayed to users
    # in the web UI. Because of this, we:
    # - Only display errors that have been marked as safe with a prefix.
    #   This is to prevent leaking of stacktraces, or other sensitive info.
    # - Sanitize the string of any XSS
    class PreReceiveError < StandardError
      SAFE_MESSAGE_PREFIXES = [
        'GitLab:', # Messages from gitlab-shell
        'GL-HOOK-ERR:' # Messages marked as safe by user
      ].freeze

      SAFE_MESSAGE_REGEX = /^(#{SAFE_MESSAGE_PREFIXES.join('|')})\s*(?<safe_message>.+)/.freeze

      attr_reader :raw_message

      def initialize(message = '', user_message = '')
        @raw_message = message

        if user_message.present?
          super(sanitize(user_message))
        else
          super(sanitize(message))
        end
      end

      private

      # In gitaly-ruby we override this method to do nothing, so that
      # sanitization happens in gitlab-rails only.
      def sanitize(message)
        return message if message.blank?

        safe_messages = message.split("\n").map do |msg|
          if (match = msg.match(SAFE_MESSAGE_REGEX))
            match[:safe_message].presence
          end
        end

        safe_messages = safe_messages.compact.join("\n")

        Gitlab::Utils.nlbr(safe_messages)
      end
    end
  end
end