GitLab wurde erfolgreich aktualisiert. Dank regelmäßiger Updates bleibt das THM GitLab sicher und Sie profitieren von den neuesten Funktionen. Danke für Ihre Geduld.

Commit bc5fd641 authored by Kamil Trzciński's avatar Kamil Trzciński

Merge branch '45505-lograge_formatter_encoding' into 'master'

Enforce UTF-8 encoding on user input in LogrageWithTimestamp formatter

Closes #45505

See merge request gitlab-org/gitlab-ce!19244
parents a9155ab0 854c9636
---
title: Enforce UTF-8 encoding on user input in LogrageWithTimestamp formatter and
filter out file content from logs
merge_request:
author:
type: fixed
......@@ -70,6 +70,7 @@ class Application < Rails::Application
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
# - File content from Web Editor (:content)
config.filter_parameters += [/token$/, /password/, /secret/]
config.filter_parameters += %i(
certificate
......@@ -81,6 +82,7 @@ class Application < Rails::Application
sentry_dsn
trace
variables
content
)
# Enable escaping HTML in JSON.
......
......@@ -2,8 +2,12 @@ module Gitlab
module GrapeLogging
module Formatters
class LogrageWithTimestamp
include Gitlab::EncodingHelper
def call(severity, datetime, _, data)
time = data.delete :time
data[:params] = utf8_encode_values(data[:params]) if data.has_key?(:params)
attributes = {
time: datetime.utc.iso8601(3),
severity: severity,
......@@ -13,6 +17,19 @@ def call(severity, datetime, _, data)
}.merge(data)
::Lograge.formatter.call(attributes) + "\n"
end
private
def utf8_encode_values(data)
case data
when Hash
data.merge(data) { |k, v| utf8_encode_values(v) }
when Array
data.map { |v| utf8_encode_values(v) }
when String
encode_utf8(data)
end
end
end
end
end
......
......@@ -247,6 +247,19 @@
]
}
end
let!(:valid_utf8_c_params) do
{
branch: 'master',
commit_message: message,
actions: [
{
action: 'create',
file_path: 'foo/bar/baz.txt',
content: 'puts 🦊'
}
]
}
end
it 'a new file in project repo' do
post api(url, user), valid_c_params
......@@ -257,6 +270,15 @@
expect(json_response['committer_email']).to eq(user.email)
end
it 'a new file with utf8 chars in project repo' do
post api(url, user), valid_utf8_c_params
expect(response).to have_gitlab_http_status(201)
expect(json_response['title']).to eq(message)
expect(json_response['committer_name']).to eq(user.name)
expect(json_response['committer_email']).to eq(user.email)
end
it 'returns a 400 bad request if file exists' do
post api(url, user), invalid_c_params
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment