From 3cf1e9a2bbecb43eb80d4f00c962dd39f244c3f5 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Sat, 17 Apr 2021 23:33:27 +0530 Subject: [PATCH 1/6] New upstream version 13.10.3+ds2 --- .../getsentry/raven-go/Dockerfile.test | 13 - .../github.com/getsentry/raven-go/LICENSE | 28 - .../github.com/getsentry/raven-go/README.md | 17 - .../github.com/getsentry/raven-go/client.go | 977 ------------------ .../github.com/getsentry/raven-go/errors.go | 60 -- .../getsentry/raven-go/exception.go | 50 - .../github.com/getsentry/raven-go/http.go | 99 -- .../getsentry/raven-go/interfaces.go | 49 - .../github.com/getsentry/raven-go/runtests.sh | 4 - .../getsentry/raven-go/stacktrace.go | 276 ----- .../github.com/getsentry/raven-go/writer.go | 20 - 11 files changed, 1593 deletions(-) delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/Dockerfile.test delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/LICENSE delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/README.md delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/client.go delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/errors.go delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/exception.go delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/http.go delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/interfaces.go delete mode 100755 workhorse-vendor/github.com/getsentry/raven-go/runtests.sh delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/stacktrace.go delete mode 100644 workhorse-vendor/github.com/getsentry/raven-go/writer.go diff --git a/workhorse-vendor/github.com/getsentry/raven-go/Dockerfile.test b/workhorse-vendor/github.com/getsentry/raven-go/Dockerfile.test deleted file mode 100644 index 5089c13c9a..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/Dockerfile.test +++ /dev/null @@ -1,13 +0,0 @@ -FROM golang:1.7 - -RUN mkdir -p /go/src/github.com/getsentry/raven-go -WORKDIR /go/src/github.com/getsentry/raven-go -ENV GOPATH /go - -RUN go install -race std && go get golang.org/x/tools/cmd/cover - -COPY . /go/src/github.com/getsentry/raven-go - -RUN go get -v ./... - -CMD ["./runtests.sh"] diff --git a/workhorse-vendor/github.com/getsentry/raven-go/LICENSE b/workhorse-vendor/github.com/getsentry/raven-go/LICENSE deleted file mode 100644 index b0301b57e8..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/LICENSE +++ /dev/null @@ -1,28 +0,0 @@ -Copyright (c) 2013 Apollic Software, LLC. All rights reserved. -Copyright (c) 2015 Functional Software, Inc. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Apollic Software, LLC nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/workhorse-vendor/github.com/getsentry/raven-go/README.md b/workhorse-vendor/github.com/getsentry/raven-go/README.md deleted file mode 100644 index 2357ec7dce..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# raven - -[![Build Status](https://api.travis-ci.org/getsentry/raven-go.svg?branch=master)](https://travis-ci.org/getsentry/raven-go) -[![Go Report Card](https://goreportcard.com/badge/github.com/getsentry/raven-go)](https://goreportcard.com/report/github.com/getsentry/raven-go) -[![GoDoc](https://godoc.org/github.com/getsentry/raven-go?status.svg)](https://godoc.org/github.com/getsentry/raven-go) - -raven is a Go client for the [Sentry](https://github.com/getsentry/sentry) -event/error logging system. - -- [**API Documentation**](https://godoc.org/github.com/getsentry/raven-go) -- [**Usage and Examples**](https://docs.sentry.io/clients/go/) - -## Installation - -```text -go get github.com/getsentry/raven-go -``` diff --git a/workhorse-vendor/github.com/getsentry/raven-go/client.go b/workhorse-vendor/github.com/getsentry/raven-go/client.go deleted file mode 100644 index a2c9a6c35d..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/client.go +++ /dev/null @@ -1,977 +0,0 @@ -// Package raven implements a client for the Sentry error logging service. -package raven - -import ( - "bytes" - "compress/zlib" - "crypto/rand" - "crypto/tls" - "encoding/base64" - "encoding/hex" - "encoding/json" - "errors" - "fmt" - "io" - "io/ioutil" - "log" - mrand "math/rand" - "net/http" - "net/url" - "os" - "regexp" - "runtime" - "strings" - "sync" - "time" - - "github.com/certifi/gocertifi" - pkgErrors "github.com/pkg/errors" -) - -const ( - userAgent = "raven-go/1.0" - timestampFormat = `"2006-01-02T15:04:05.00"` -) - -var ( - ErrPacketDropped = errors.New("raven: packet dropped") - ErrUnableToUnmarshalJSON = errors.New("raven: unable to unmarshal JSON") - ErrMissingUser = errors.New("raven: dsn missing public key and/or password") - ErrMissingProjectID = errors.New("raven: dsn missing project id") - ErrInvalidSampleRate = errors.New("raven: sample rate should be between 0 and 1") -) - -type Severity string - -// http://docs.python.org/2/howto/logging.html#logging-levels -const ( - DEBUG = Severity("debug") - INFO = Severity("info") - WARNING = Severity("warning") - ERROR = Severity("error") - FATAL = Severity("fatal") -) - -type Timestamp time.Time - -func (t Timestamp) MarshalJSON() ([]byte, error) { - return []byte(time.Time(t).UTC().Format(timestampFormat)), nil -} - -func (timestamp *Timestamp) UnmarshalJSON(data []byte) error { - t, err := time.Parse(timestampFormat, string(data)) - if err != nil { - return err - } - - *timestamp = Timestamp(t) - return nil -} - -func (timestamp Timestamp) Format(format string) string { - t := time.Time(timestamp) - return t.Format(format) -} - -// An Interface is a Sentry interface that will be serialized as JSON. -// It must implement json.Marshaler or use json struct tags. -type Interface interface { - // The Sentry class name. Example: sentry.interfaces.Stacktrace - Class() string -} - -type Culpriter interface { - Culprit() string -} - -type Transport interface { - Send(url, authHeader string, packet *Packet) error -} - -type Extra map[string]interface{} - -type outgoingPacket struct { - packet *Packet - ch chan error -} - -type Tag struct { - Key string - Value string -} - -type Tags []Tag - -func (tag *Tag) MarshalJSON() ([]byte, error) { - return json.Marshal([2]string{tag.Key, tag.Value}) -} - -func (t *Tag) UnmarshalJSON(data []byte) error { - var tag [2]string - if err := json.Unmarshal(data, &tag); err != nil { - return err - } - *t = Tag{tag[0], tag[1]} - return nil -} - -func (t *Tags) UnmarshalJSON(data []byte) error { - var tags []Tag - - switch data[0] { - case '[': - // Unmarshal into []Tag - if err := json.Unmarshal(data, &tags); err != nil { - return err - } - case '{': - // Unmarshal into map[string]string - tagMap := make(map[string]string) - if err := json.Unmarshal(data, &tagMap); err != nil { - return err - } - - // Convert to []Tag - for k, v := range tagMap { - tags = append(tags, Tag{k, v}) - } - default: - return ErrUnableToUnmarshalJSON - } - - *t = tags - return nil -} - -// https://docs.getsentry.com/hosted/clientdev/#building-the-json-packet -type Packet struct { - // Required - Message string `json:"message"` - - // Required, set automatically by Client.Send/Report via Packet.Init if blank - EventID string `json:"event_id"` - Project string `json:"project"` - Timestamp Timestamp `json:"timestamp"` - Level Severity `json:"level"` - Logger string `json:"logger"` - - // Optional - Platform string `json:"platform,omitempty"` - Culprit string `json:"culprit,omitempty"` - ServerName string `json:"server_name,omitempty"` - Release string `json:"release,omitempty"` - Environment string `json:"environment,omitempty"` - Tags Tags `json:"tags,omitempty"` - Modules map[string]string `json:"modules,omitempty"` - Fingerprint []string `json:"fingerprint,omitempty"` - Extra Extra `json:"extra,omitempty"` - - Interfaces []Interface `json:"-"` -} - -// NewPacket constructs a packet with the specified message and interfaces. -func NewPacket(message string, interfaces ...Interface) *Packet { - extra := Extra{} - setExtraDefaults(extra) - return &Packet{ - Message: message, - Interfaces: interfaces, - Extra: extra, - } -} - -// NewPacketWithExtra constructs a packet with the specified message, extra information, and interfaces. -func NewPacketWithExtra(message string, extra Extra, interfaces ...Interface) *Packet { - if extra == nil { - extra = Extra{} - } - setExtraDefaults(extra) - - return &Packet{ - Message: message, - Interfaces: interfaces, - Extra: extra, - } -} - -func setExtraDefaults(extra Extra) Extra { - extra["runtime.Version"] = runtime.Version() - extra["runtime.NumCPU"] = runtime.NumCPU() - extra["runtime.GOMAXPROCS"] = runtime.GOMAXPROCS(0) // 0 just returns the current value - extra["runtime.NumGoroutine"] = runtime.NumGoroutine() - return extra -} - -// Init initializes required fields in a packet. It is typically called by -// Client.Send/Report automatically. -func (packet *Packet) Init(project string) error { - if packet.Project == "" { - packet.Project = project - } - if packet.EventID == "" { - var err error - packet.EventID, err = uuid() - if err != nil { - return err - } - } - if time.Time(packet.Timestamp).IsZero() { - packet.Timestamp = Timestamp(time.Now()) - } - if packet.Level == "" { - packet.Level = ERROR - } - if packet.Logger == "" { - packet.Logger = "root" - } - if packet.ServerName == "" { - packet.ServerName = hostname - } - if packet.Platform == "" { - packet.Platform = "go" - } - - if packet.Culprit == "" { - for _, inter := range packet.Interfaces { - if c, ok := inter.(Culpriter); ok { - packet.Culprit = c.Culprit() - if packet.Culprit != "" { - break - } - } - } - } - - return nil -} - -func (packet *Packet) AddTags(tags map[string]string) { - for k, v := range tags { - packet.Tags = append(packet.Tags, Tag{k, v}) - } -} - -func uuid() (string, error) { - id := make([]byte, 16) - _, err := io.ReadFull(rand.Reader, id) - if err != nil { - return "", err - } - id[6] &= 0x0F // clear version - id[6] |= 0x40 // set version to 4 (random uuid) - id[8] &= 0x3F // clear variant - id[8] |= 0x80 // set to IETF variant - return hex.EncodeToString(id), nil -} - -func (packet *Packet) JSON() ([]byte, error) { - packetJSON, err := json.Marshal(packet) - if err != nil { - return nil, err - } - - interfaces := make(map[string]Interface, len(packet.Interfaces)) - for _, inter := range packet.Interfaces { - if inter != nil { - interfaces[inter.Class()] = inter - } - } - - if len(interfaces) > 0 { - interfaceJSON, err := json.Marshal(interfaces) - if err != nil { - return nil, err - } - packetJSON[len(packetJSON)-1] = ',' - packetJSON = append(packetJSON, interfaceJSON[1:]...) - } - - return packetJSON, nil -} - -type context struct { - user *User - http *Http - tags map[string]string -} - -func (c *context) setUser(u *User) { c.user = u } -func (c *context) setHttp(h *Http) { c.http = h } -func (c *context) setTags(t map[string]string) { - if c.tags == nil { - c.tags = make(map[string]string) - } - for k, v := range t { - c.tags[k] = v - } -} -func (c *context) clear() { - c.user = nil - c.http = nil - c.tags = nil -} - -// Return a list of interfaces to be used in appending with the rest -func (c *context) interfaces() []Interface { - len, i := 0, 0 - if c.user != nil { - len++ - } - if c.http != nil { - len++ - } - interfaces := make([]Interface, len) - if c.user != nil { - interfaces[i] = c.user - i++ - } - if c.http != nil { - interfaces[i] = c.http - i++ - } - return interfaces -} - -// The maximum number of packets that will be buffered waiting to be delivered. -// Packets will be dropped if the buffer is full. Used by NewClient. -var MaxQueueBuffer = 100 - -func newTransport() Transport { - t := &HTTPTransport{} - rootCAs, err := gocertifi.CACerts() - if err != nil { - log.Println("raven: failed to load root TLS certificates:", err) - } else { - t.Client = &http.Client{ - Transport: &http.Transport{ - Proxy: http.ProxyFromEnvironment, - TLSClientConfig: &tls.Config{RootCAs: rootCAs}, - }, - } - } - return t -} - -func newClient(tags map[string]string) *Client { - client := &Client{ - Transport: newTransport(), - Tags: tags, - context: &context{}, - sampleRate: 1.0, - queue: make(chan *outgoingPacket, MaxQueueBuffer), - } - client.SetDSN(os.Getenv("SENTRY_DSN")) - client.SetRelease(os.Getenv("SENTRY_RELEASE")) - client.SetEnvironment(os.Getenv("SENTRY_ENVIRONMENT")) - return client -} - -// New constructs a new Sentry client instance -func New(dsn string) (*Client, error) { - client := newClient(nil) - return client, client.SetDSN(dsn) -} - -// NewWithTags constructs a new Sentry client instance with default tags. -func NewWithTags(dsn string, tags map[string]string) (*Client, error) { - client := newClient(tags) - return client, client.SetDSN(dsn) -} - -// NewClient constructs a Sentry client and spawns a background goroutine to -// handle packets sent by Client.Report. -// -// Deprecated: use New and NewWithTags instead -func NewClient(dsn string, tags map[string]string) (*Client, error) { - client := newClient(tags) - return client, client.SetDSN(dsn) -} - -// Client encapsulates a connection to a Sentry server. It must be initialized -// by calling NewClient. Modification of fields concurrently with Send or after -// calling Report for the first time is not thread-safe. -type Client struct { - Tags map[string]string - - Transport Transport - - // DropHandler is called when a packet is dropped because the buffer is full. - DropHandler func(*Packet) - - // Context that will get appending to all packets - context *context - - mu sync.RWMutex - url string - projectID string - authHeader string - release string - environment string - sampleRate float32 - - // default logger name (leave empty for 'root') - defaultLoggerName string - - includePaths []string - ignoreErrorsRegexp *regexp.Regexp - queue chan *outgoingPacket - - // A WaitGroup to keep track of all currently in-progress captures - // This is intended to be used with Client.Wait() to assure that - // all messages have been transported before exiting the process. - wg sync.WaitGroup - - // A Once to track only starting up the background worker once - start sync.Once -} - -// Initialize a default *Client instance -var DefaultClient = newClient(nil) - -func (c *Client) SetIgnoreErrors(errs []string) error { - joinedRegexp := strings.Join(errs, "|") - r, err := regexp.Compile(joinedRegexp) - if err != nil { - return fmt.Errorf("failed to compile regexp %q for %q: %v", joinedRegexp, errs, err) - } - - c.mu.Lock() - c.ignoreErrorsRegexp = r - c.mu.Unlock() - return nil -} - -func (c *Client) shouldExcludeErr(errStr string) bool { - c.mu.RLock() - defer c.mu.RUnlock() - return c.ignoreErrorsRegexp != nil && c.ignoreErrorsRegexp.MatchString(errStr) -} - -func SetIgnoreErrors(errs ...string) error { - return DefaultClient.SetIgnoreErrors(errs) -} - -// SetDSN updates a client with a new DSN. It safe to call after and -// concurrently with calls to Report and Send. -func (client *Client) SetDSN(dsn string) error { - if dsn == "" { - return nil - } - - client.mu.Lock() - defer client.mu.Unlock() - - uri, err := url.Parse(dsn) - if err != nil { - return err - } - - if uri.User == nil { - return ErrMissingUser - } - publicKey := uri.User.Username() - secretKey, hasSecretKey := uri.User.Password() - uri.User = nil - - if idx := strings.LastIndex(uri.Path, "/"); idx != -1 { - client.projectID = uri.Path[idx+1:] - uri.Path = uri.Path[:idx+1] + "api/" + client.projectID + "/store/" - } - if client.projectID == "" { - return ErrMissingProjectID - } - - client.url = uri.String() - - if hasSecretKey { - client.authHeader = fmt.Sprintf("Sentry sentry_version=4, sentry_key=%s, sentry_secret=%s", publicKey, secretKey) - } else { - client.authHeader = fmt.Sprintf("Sentry sentry_version=4, sentry_key=%s", publicKey) - } - - return nil -} - -// Sets the DSN for the default *Client instance -func SetDSN(dsn string) error { return DefaultClient.SetDSN(dsn) } - -// SetRelease sets the "release" tag. -func (client *Client) SetRelease(release string) { - client.mu.Lock() - defer client.mu.Unlock() - client.release = release -} - -// SetEnvironment sets the "environment" tag. -func (client *Client) SetEnvironment(environment string) { - client.mu.Lock() - defer client.mu.Unlock() - client.environment = environment -} - -// SetDefaultLoggerName sets the default logger name. -func (client *Client) SetDefaultLoggerName(name string) { - client.mu.Lock() - defer client.mu.Unlock() - client.defaultLoggerName = name -} - -// SetSampleRate sets how much sampling we want on client side -func (client *Client) SetSampleRate(rate float32) error { - client.mu.Lock() - defer client.mu.Unlock() - - if rate < 0 || rate > 1 { - return ErrInvalidSampleRate - } - client.sampleRate = rate - return nil -} - -// SetRelease sets the "release" tag on the default *Client -func SetRelease(release string) { DefaultClient.SetRelease(release) } - -// SetEnvironment sets the "environment" tag on the default *Client -func SetEnvironment(environment string) { DefaultClient.SetEnvironment(environment) } - -// SetDefaultLoggerName sets the "defaultLoggerName" on the default *Client -func SetDefaultLoggerName(name string) { - DefaultClient.SetDefaultLoggerName(name) -} - -// SetSampleRate sets the "sample rate" on the degault *Client -func SetSampleRate(rate float32) error { return DefaultClient.SetSampleRate(rate) } - -func (client *Client) worker() { - for outgoingPacket := range client.queue { - - client.mu.RLock() - url, authHeader := client.url, client.authHeader - client.mu.RUnlock() - - outgoingPacket.ch <- client.Transport.Send(url, authHeader, outgoingPacket.packet) - client.wg.Done() - } -} - -// Capture asynchronously delivers a packet to the Sentry server. It is a no-op -// when client is nil. A channel is provided if it is important to check for a -// send's success. -func (client *Client) Capture(packet *Packet, captureTags map[string]string) (eventID string, ch chan error) { - ch = make(chan error, 1) - - if client == nil { - // return a chan that always returns nil when the caller receives from it - close(ch) - return - } - - if client.sampleRate < 1.0 && mrand.Float32() > client.sampleRate { - return - } - - if packet == nil { - close(ch) - return - } - - if client.shouldExcludeErr(packet.Message) { - return - } - - // Keep track of all running Captures so that we can wait for them all to finish - // *Must* call client.wg.Done() on any path that indicates that an event was - // finished being acted upon, whether success or failure - client.wg.Add(1) - - // Merge capture tags and client tags - packet.AddTags(captureTags) - packet.AddTags(client.Tags) - - // Initialize any required packet fields - client.mu.RLock() - packet.AddTags(client.context.tags) - projectID := client.projectID - release := client.release - environment := client.environment - defaultLoggerName := client.defaultLoggerName - client.mu.RUnlock() - - // set the global logger name on the packet if we must - if packet.Logger == "" && defaultLoggerName != "" { - packet.Logger = defaultLoggerName - } - - err := packet.Init(projectID) - if err != nil { - ch <- err - client.wg.Done() - return - } - - if packet.Release == "" { - packet.Release = release - } - - if packet.Environment == "" { - packet.Environment = environment - } - - outgoingPacket := &outgoingPacket{packet, ch} - - // Lazily start background worker until we - // do our first write into the queue. - client.start.Do(func() { - go client.worker() - }) - - select { - case client.queue <- outgoingPacket: - default: - // Send would block, drop the packet - if client.DropHandler != nil { - client.DropHandler(packet) - } - ch <- ErrPacketDropped - client.wg.Done() - } - - return packet.EventID, ch -} - -// Capture asynchronously delivers a packet to the Sentry server with the default *Client. -// It is a no-op when client is nil. A channel is provided if it is important to check for a -// send's success. -func Capture(packet *Packet, captureTags map[string]string) (eventID string, ch chan error) { - return DefaultClient.Capture(packet, captureTags) -} - -// CaptureMessage formats and delivers a string message to the Sentry server. -func (client *Client) CaptureMessage(message string, tags map[string]string, interfaces ...Interface) string { - if client == nil { - return "" - } - - if client.shouldExcludeErr(message) { - return "" - } - - packet := NewPacket(message, append(append(interfaces, client.context.interfaces()...), &Message{message, nil})...) - eventID, _ := client.Capture(packet, tags) - - return eventID -} - -// CaptureMessage formats and delivers a string message to the Sentry server with the default *Client -func CaptureMessage(message string, tags map[string]string, interfaces ...Interface) string { - return DefaultClient.CaptureMessage(message, tags, interfaces...) -} - -// CaptureMessageAndWait is identical to CaptureMessage except it blocks and waits for the message to be sent. -func (client *Client) CaptureMessageAndWait(message string, tags map[string]string, interfaces ...Interface) string { - if client == nil { - return "" - } - - if client.shouldExcludeErr(message) { - return "" - } - - packet := NewPacket(message, append(append(interfaces, client.context.interfaces()...), &Message{message, nil})...) - eventID, ch := client.Capture(packet, tags) - if eventID != "" { - <-ch - } - - return eventID -} - -// CaptureMessageAndWait is identical to CaptureMessage except it blocks and waits for the message to be sent. -func CaptureMessageAndWait(message string, tags map[string]string, interfaces ...Interface) string { - return DefaultClient.CaptureMessageAndWait(message, tags, interfaces...) -} - -// CaptureErrors formats and delivers an error to the Sentry server. -// Adds a stacktrace to the packet, excluding the call to this method. -func (client *Client) CaptureError(err error, tags map[string]string, interfaces ...Interface) string { - if client == nil { - return "" - } - - if err == nil { - return "" - } - - if client.shouldExcludeErr(err.Error()) { - return "" - } - - extra := extractExtra(err) - cause := pkgErrors.Cause(err) - - packet := NewPacketWithExtra(err.Error(), extra, append(append(interfaces, client.context.interfaces()...), NewException(cause, GetOrNewStacktrace(cause, 1, 3, client.includePaths)))...) - eventID, _ := client.Capture(packet, tags) - - return eventID -} - -// CaptureErrors formats and delivers an error to the Sentry server using the default *Client. -// Adds a stacktrace to the packet, excluding the call to this method. -func CaptureError(err error, tags map[string]string, interfaces ...Interface) string { - return DefaultClient.CaptureError(err, tags, interfaces...) -} - -// CaptureErrorAndWait is identical to CaptureError, except it blocks and assures that the event was sent -func (client *Client) CaptureErrorAndWait(err error, tags map[string]string, interfaces ...Interface) string { - if client == nil { - return "" - } - - if client.shouldExcludeErr(err.Error()) { - return "" - } - - extra := extractExtra(err) - cause := pkgErrors.Cause(err) - - packet := NewPacketWithExtra(err.Error(), extra, append(append(interfaces, client.context.interfaces()...), NewException(cause, GetOrNewStacktrace(cause, 1, 3, client.includePaths)))...) - eventID, ch := client.Capture(packet, tags) - if eventID != "" { - <-ch - } - - return eventID -} - -// CaptureErrorAndWait is identical to CaptureError, except it blocks and assures that the event was sent -func CaptureErrorAndWait(err error, tags map[string]string, interfaces ...Interface) string { - return DefaultClient.CaptureErrorAndWait(err, tags, interfaces...) -} - -// CapturePanic calls f and then recovers and reports a panic to the Sentry server if it occurs. -// If an error is captured, both the error and the reported Sentry error ID are returned. -func (client *Client) CapturePanic(f func(), tags map[string]string, interfaces ...Interface) (err interface{}, errorID string) { - // Note: This doesn't need to check for client, because we still want to go through the defer/recover path - // Down the line, Capture will be noop'd, so while this does a _tiny_ bit of overhead constructing the - // *Packet just to be thrown away, this should not be the normal case. Could be refactored to - // be completely noop though if we cared. - defer func() { - var packet *Packet - err = recover() - switch rval := err.(type) { - case nil: - return - case error: - if client.shouldExcludeErr(rval.Error()) { - return - } - packet = NewPacket(rval.Error(), append(append(interfaces, client.context.interfaces()...), NewException(rval, NewStacktrace(2, 3, client.includePaths)))...) - default: - rvalStr := fmt.Sprint(rval) - if client.shouldExcludeErr(rvalStr) { - return - } - packet = NewPacket(rvalStr, append(append(interfaces, client.context.interfaces()...), NewException(errors.New(rvalStr), NewStacktrace(2, 3, client.includePaths)))...) - } - - errorID, _ = client.Capture(packet, tags) - }() - - f() - return -} - -// CapturePanic calls f and then recovers and reports a panic to the Sentry server if it occurs. -// If an error is captured, both the error and the reported Sentry error ID are returned. -func CapturePanic(f func(), tags map[string]string, interfaces ...Interface) (interface{}, string) { - return DefaultClient.CapturePanic(f, tags, interfaces...) -} - -// CapturePanicAndWait is identical to CaptureError, except it blocks and assures that the event was sent -func (client *Client) CapturePanicAndWait(f func(), tags map[string]string, interfaces ...Interface) (err interface{}, errorID string) { - // Note: This doesn't need to check for client, because we still want to go through the defer/recover path - // Down the line, Capture will be noop'd, so while this does a _tiny_ bit of overhead constructing the - // *Packet just to be thrown away, this should not be the normal case. Could be refactored to - // be completely noop though if we cared. - defer func() { - var packet *Packet - err = recover() - switch rval := err.(type) { - case nil: - return - case error: - if client.shouldExcludeErr(rval.Error()) { - return - } - packet = NewPacket(rval.Error(), append(append(interfaces, client.context.interfaces()...), NewException(rval, NewStacktrace(2, 3, client.includePaths)))...) - default: - rvalStr := fmt.Sprint(rval) - if client.shouldExcludeErr(rvalStr) { - return - } - packet = NewPacket(rvalStr, append(append(interfaces, client.context.interfaces()...), NewException(errors.New(rvalStr), NewStacktrace(2, 3, client.includePaths)))...) - } - - var ch chan error - errorID, ch = client.Capture(packet, tags) - if errorID != "" { - <-ch - } - }() - - f() - return -} - -// CapturePanicAndWait is identical to CaptureError, except it blocks and assures that the event was sent -func CapturePanicAndWait(f func(), tags map[string]string, interfaces ...Interface) (interface{}, string) { - return DefaultClient.CapturePanicAndWait(f, tags, interfaces...) -} - -func (client *Client) Close() { - close(client.queue) -} - -func Close() { DefaultClient.Close() } - -// Wait blocks and waits for all events to finish being sent to Sentry server -func (client *Client) Wait() { - client.wg.Wait() -} - -// Wait blocks and waits for all events to finish being sent to Sentry server -func Wait() { DefaultClient.Wait() } - -func (client *Client) URL() string { - client.mu.RLock() - defer client.mu.RUnlock() - - return client.url -} - -func URL() string { return DefaultClient.URL() } - -func (client *Client) ProjectID() string { - client.mu.RLock() - defer client.mu.RUnlock() - - return client.projectID -} - -func ProjectID() string { return DefaultClient.ProjectID() } - -func (client *Client) Release() string { - client.mu.RLock() - defer client.mu.RUnlock() - - return client.release -} - -func Release() string { return DefaultClient.Release() } - -func IncludePaths() []string { return DefaultClient.IncludePaths() } - -func (client *Client) IncludePaths() []string { - client.mu.RLock() - defer client.mu.RUnlock() - - return client.includePaths -} - -func SetIncludePaths(p []string) { DefaultClient.SetIncludePaths(p) } - -func (client *Client) SetIncludePaths(p []string) { - client.mu.Lock() - defer client.mu.Unlock() - - client.includePaths = p -} - -func (c *Client) SetUserContext(u *User) { - c.mu.Lock() - defer c.mu.Unlock() - c.context.setUser(u) -} - -func (c *Client) SetHttpContext(h *Http) { - c.mu.Lock() - defer c.mu.Unlock() - c.context.setHttp(h) -} - -func (c *Client) SetTagsContext(t map[string]string) { - c.mu.Lock() - defer c.mu.Unlock() - c.context.setTags(t) -} - -func (c *Client) ClearContext() { - c.mu.Lock() - defer c.mu.Unlock() - c.context.clear() -} - -func SetUserContext(u *User) { DefaultClient.SetUserContext(u) } -func SetHttpContext(h *Http) { DefaultClient.SetHttpContext(h) } -func SetTagsContext(t map[string]string) { DefaultClient.SetTagsContext(t) } -func ClearContext() { DefaultClient.ClearContext() } - -// HTTPTransport is the default transport, delivering packets to Sentry via the -// HTTP API. -type HTTPTransport struct { - *http.Client -} - -func (t *HTTPTransport) Send(url, authHeader string, packet *Packet) error { - if url == "" { - return nil - } - - body, contentType, err := serializedPacket(packet) - if err != nil { - return fmt.Errorf("error serializing packet: %v", err) - } - req, err := http.NewRequest("POST", url, body) - if err != nil { - return fmt.Errorf("can't create new request: %v", err) - } - req.Header.Set("X-Sentry-Auth", authHeader) - req.Header.Set("User-Agent", userAgent) - req.Header.Set("Content-Type", contentType) - res, err := t.Do(req) - if err != nil { - return err - } - io.Copy(ioutil.Discard, res.Body) - res.Body.Close() - if res.StatusCode != 200 { - return fmt.Errorf("raven: got http status %d - x-sentry-error: %s", res.StatusCode, res.Header.Get("X-Sentry-Error")) - } - return nil -} - -func serializedPacket(packet *Packet) (io.Reader, string, error) { - packetJSON, err := packet.JSON() - if err != nil { - return nil, "", fmt.Errorf("error marshaling packet %+v to JSON: %v", packet, err) - } - - // Only deflate/base64 the packet if it is bigger than 1KB, as there is - // overhead. - if len(packetJSON) > 1000 { - buf := &bytes.Buffer{} - b64 := base64.NewEncoder(base64.StdEncoding, buf) - deflate, _ := zlib.NewWriterLevel(b64, zlib.BestCompression) - deflate.Write(packetJSON) - deflate.Close() - b64.Close() - return buf, "application/octet-stream", nil - } - return bytes.NewReader(packetJSON), "application/json", nil -} - -var hostname string - -func init() { - hostname, _ = os.Hostname() -} diff --git a/workhorse-vendor/github.com/getsentry/raven-go/errors.go b/workhorse-vendor/github.com/getsentry/raven-go/errors.go deleted file mode 100644 index 5e57270436..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/errors.go +++ /dev/null @@ -1,60 +0,0 @@ -package raven - -type causer interface { - Cause() error -} - -type errWrappedWithExtra struct { - err error - extraInfo map[string]interface{} -} - -func (ewx *errWrappedWithExtra) Error() string { - return ewx.err.Error() -} - -func (ewx *errWrappedWithExtra) Cause() error { - return ewx.err -} - -func (ewx *errWrappedWithExtra) ExtraInfo() Extra { - return ewx.extraInfo -} - -// Adds extra data to an error before reporting to Sentry -func WrapWithExtra(err error, extraInfo map[string]interface{}) error { - return &errWrappedWithExtra{ - err: err, - extraInfo: extraInfo, - } -} - -type ErrWithExtra interface { - Error() string - Cause() error - ExtraInfo() Extra -} - -// Iteratively fetches all the Extra data added to an error, -// and it's underlying errors. Extra data defined first is -// respected, and is not overridden when extracting. -func extractExtra(err error) Extra { - extra := Extra{} - - currentErr := err - for currentErr != nil { - if errWithExtra, ok := currentErr.(ErrWithExtra); ok { - for k, v := range errWithExtra.ExtraInfo() { - extra[k] = v - } - } - - if errWithCause, ok := currentErr.(causer); ok { - currentErr = errWithCause.Cause() - } else { - currentErr = nil - } - } - - return extra -} diff --git a/workhorse-vendor/github.com/getsentry/raven-go/exception.go b/workhorse-vendor/github.com/getsentry/raven-go/exception.go deleted file mode 100644 index 552eaad128..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/exception.go +++ /dev/null @@ -1,50 +0,0 @@ -package raven - -import ( - "reflect" - "regexp" -) - -var errorMsgPattern = regexp.MustCompile(`\A(\w+): (.+)\z`) - -func NewException(err error, stacktrace *Stacktrace) *Exception { - msg := err.Error() - ex := &Exception{ - Stacktrace: stacktrace, - Value: msg, - Type: reflect.TypeOf(err).String(), - } - if m := errorMsgPattern.FindStringSubmatch(msg); m != nil { - ex.Module, ex.Value = m[1], m[2] - } - return ex -} - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#failure-interfaces -type Exception struct { - // Required - Value string `json:"value"` - - // Optional - Type string `json:"type,omitempty"` - Module string `json:"module,omitempty"` - Stacktrace *Stacktrace `json:"stacktrace,omitempty"` -} - -func (e *Exception) Class() string { return "exception" } - -func (e *Exception) Culprit() string { - if e.Stacktrace == nil { - return "" - } - return e.Stacktrace.Culprit() -} - -// Exceptions allows for chained errors -// https://docs.sentry.io/clientdev/interfaces/exception/ -type Exceptions struct { - // Required - Values []*Exception `json:"values"` -} - -func (es Exceptions) Class() string { return "exception" } diff --git a/workhorse-vendor/github.com/getsentry/raven-go/http.go b/workhorse-vendor/github.com/getsentry/raven-go/http.go deleted file mode 100644 index ae8f47234c..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/http.go +++ /dev/null @@ -1,99 +0,0 @@ -package raven - -import ( - "errors" - "fmt" - "net" - "net/http" - "net/url" - "runtime/debug" - "strings" -) - -func NewHttp(req *http.Request) *Http { - proto := "http" - if req.TLS != nil || req.Header.Get("X-Forwarded-Proto") == "https" { - proto = "https" - } - h := &Http{ - Method: req.Method, - Cookies: req.Header.Get("Cookie"), - Query: sanitizeQuery(req.URL.Query()).Encode(), - URL: proto + "://" + req.Host + req.URL.Path, - Headers: make(map[string]string, len(req.Header)), - } - if addr, port, err := net.SplitHostPort(req.RemoteAddr); err == nil { - h.Env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port} - } - for k, v := range req.Header { - h.Headers[k] = strings.Join(v, ",") - } - h.Headers["Host"] = req.Host - return h -} - -var querySecretFields = []string{"password", "passphrase", "passwd", "secret"} - -func sanitizeQuery(query url.Values) url.Values { - for _, keyword := range querySecretFields { - for field := range query { - if strings.Contains(field, keyword) { - query[field] = []string{"********"} - } - } - } - return query -} - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#context-interfaces -type Http struct { - // Required - URL string `json:"url"` - Method string `json:"method"` - Query string `json:"query_string,omitempty"` - - // Optional - Cookies string `json:"cookies,omitempty"` - Headers map[string]string `json:"headers,omitempty"` - Env map[string]string `json:"env,omitempty"` - - // Must be either a string or map[string]string - Data interface{} `json:"data,omitempty"` -} - -func (h *Http) Class() string { return "request" } - -// Recovery handler to wrap the stdlib net/http Mux. -// Example: -// http.HandleFunc("/", raven.RecoveryHandler(func(w http.ResponseWriter, r *http.Request) { -// ... -// })) -func RecoveryHandler(handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { - return Recoverer(http.HandlerFunc(handler)).ServeHTTP -} - -// Recovery handler to wrap the stdlib net/http Mux. -// Example: -// mux := http.NewServeMux -// ... -// http.Handle("/", raven.Recoverer(mux)) -func Recoverer(handler http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - defer func() { - if rval := recover(); rval != nil { - debug.PrintStack() - rvalStr := fmt.Sprint(rval) - var packet *Packet - if err, ok := rval.(error); ok { - packet = NewPacket(rvalStr, NewException(errors.New(rvalStr), GetOrNewStacktrace(err, 2, 3, nil)), NewHttp(r)) - } else { - packet = NewPacket(rvalStr, NewException(errors.New(rvalStr), NewStacktrace(2, 3, nil)), NewHttp(r)) - } - Capture(packet, nil) - w.WriteHeader(http.StatusInternalServerError) - } - }() - - handler.ServeHTTP(w, r) - }) -} diff --git a/workhorse-vendor/github.com/getsentry/raven-go/interfaces.go b/workhorse-vendor/github.com/getsentry/raven-go/interfaces.go deleted file mode 100644 index a05dc3de47..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/interfaces.go +++ /dev/null @@ -1,49 +0,0 @@ -package raven - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#message-interface -type Message struct { - // Required - Message string `json:"message"` - - // Optional - Params []interface{} `json:"params,omitempty"` -} - -func (m *Message) Class() string { return "logentry" } - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#template-interface -type Template struct { - // Required - Filename string `json:"filename"` - Lineno int `json:"lineno"` - ContextLine string `json:"context_line"` - - // Optional - PreContext []string `json:"pre_context,omitempty"` - PostContext []string `json:"post_context,omitempty"` - AbsolutePath string `json:"abs_path,omitempty"` -} - -func (t *Template) Class() string { return "template" } - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#context-interfaces -type User struct { - // All fields are optional - ID string `json:"id,omitempty"` - Username string `json:"username,omitempty"` - Email string `json:"email,omitempty"` - IP string `json:"ip_address,omitempty"` -} - -func (h *User) Class() string { return "user" } - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#context-interfaces -type Query struct { - // Required - Query string `json:"query"` - - // Optional - Engine string `json:"engine,omitempty"` -} - -func (q *Query) Class() string { return "query" } diff --git a/workhorse-vendor/github.com/getsentry/raven-go/runtests.sh b/workhorse-vendor/github.com/getsentry/raven-go/runtests.sh deleted file mode 100755 index 9ed279c966..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/runtests.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash -go test -race ./... -go test -cover ./... -go test -v ./... diff --git a/workhorse-vendor/github.com/getsentry/raven-go/stacktrace.go b/workhorse-vendor/github.com/getsentry/raven-go/stacktrace.go deleted file mode 100644 index 4db79b42f1..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/stacktrace.go +++ /dev/null @@ -1,276 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. -// Some code from the runtime/debug package of the Go standard library. - -package raven - -import ( - "bytes" - "go/build" - "io/ioutil" - "net/url" - "path/filepath" - "runtime" - "strings" - "sync" - - "github.com/pkg/errors" -) - -// https://docs.getsentry.com/hosted/clientdev/interfaces/#failure-interfaces -type Stacktrace struct { - // Required - Frames []*StacktraceFrame `json:"frames"` -} - -func (s *Stacktrace) Class() string { return "stacktrace" } - -func (s *Stacktrace) Culprit() string { - for i := len(s.Frames) - 1; i >= 0; i-- { - frame := s.Frames[i] - if frame.InApp == true && frame.Module != "" && frame.Function != "" { - return frame.Module + "." + frame.Function - } - } - return "" -} - -type StacktraceFrame struct { - // At least one required - Filename string `json:"filename,omitempty"` - Function string `json:"function,omitempty"` - Module string `json:"module,omitempty"` - - // Optional - Lineno int `json:"lineno,omitempty"` - Colno int `json:"colno,omitempty"` - AbsolutePath string `json:"abs_path,omitempty"` - ContextLine string `json:"context_line,omitempty"` - PreContext []string `json:"pre_context,omitempty"` - PostContext []string `json:"post_context,omitempty"` - InApp bool `json:"in_app"` -} - -// Try to get stacktrace from err as an interface of github.com/pkg/errors, or else NewStacktrace() -func GetOrNewStacktrace(err error, skip int, context int, appPackagePrefixes []string) *Stacktrace { - stacktracer, errHasStacktrace := err.(interface { - StackTrace() errors.StackTrace - }) - if errHasStacktrace { - var frames []*StacktraceFrame - for _, f := range stacktracer.StackTrace() { - pc := uintptr(f) - 1 - fn := runtime.FuncForPC(pc) - var file string - var line int - if fn != nil { - file, line = fn.FileLine(pc) - } else { - file = "unknown" - } - frame := NewStacktraceFrame(pc, file, line, context, appPackagePrefixes) - if frame != nil { - frames = append([]*StacktraceFrame{frame}, frames...) - } - } - return &Stacktrace{Frames: frames} - } else { - return NewStacktrace(skip+1, context, appPackagePrefixes) - } -} - -// Intialize and populate a new stacktrace, skipping skip frames. -// -// context is the number of surrounding lines that should be included for context. -// Setting context to 3 would try to get seven lines. Setting context to -1 returns -// one line with no surrounding context, and 0 returns no context. -// -// appPackagePrefixes is a list of prefixes used to check whether a package should -// be considered "in app". -func NewStacktrace(skip int, context int, appPackagePrefixes []string) *Stacktrace { - var frames []*StacktraceFrame - for i := 1 + skip; ; i++ { - pc, file, line, ok := runtime.Caller(i) - if !ok { - break - } - frame := NewStacktraceFrame(pc, file, line, context, appPackagePrefixes) - if frame != nil { - frames = append(frames, frame) - } - } - // If there are no frames, the entire stacktrace is nil - if len(frames) == 0 { - return nil - } - // Optimize the path where there's only 1 frame - if len(frames) == 1 { - return &Stacktrace{frames} - } - // Sentry wants the frames with the oldest first, so reverse them - for i, j := 0, len(frames)-1; i < j; i, j = i+1, j-1 { - frames[i], frames[j] = frames[j], frames[i] - } - return &Stacktrace{frames} -} - -// Build a single frame using data returned from runtime.Caller. -// -// context is the number of surrounding lines that should be included for context. -// Setting context to 3 would try to get seven lines. Setting context to -1 returns -// one line with no surrounding context, and 0 returns no context. -// -// appPackagePrefixes is a list of prefixes used to check whether a package should -// be considered "in app". -func NewStacktraceFrame(pc uintptr, file string, line, context int, appPackagePrefixes []string) *StacktraceFrame { - frame := &StacktraceFrame{AbsolutePath: file, Filename: trimPath(file), Lineno: line, InApp: false} - frame.Module, frame.Function = functionName(pc) - - // `runtime.goexit` is effectively a placeholder that comes from - // runtime/asm_amd64.s and is meaningless. - if frame.Module == "runtime" && frame.Function == "goexit" { - return nil - } - - if frame.Module == "main" { - frame.InApp = true - } else { - for _, prefix := range appPackagePrefixes { - if strings.HasPrefix(frame.Module, prefix) && !strings.Contains(frame.Module, "vendor") && !strings.Contains(frame.Module, "third_party") { - frame.InApp = true - } - } - } - - if context > 0 { - contextLines, lineIdx := sourceCodeLoader.Load(file, line, context) - if len(contextLines) > 0 { - for i, line := range contextLines { - switch { - case i < lineIdx: - frame.PreContext = append(frame.PreContext, string(line)) - case i == lineIdx: - frame.ContextLine = string(line) - default: - frame.PostContext = append(frame.PostContext, string(line)) - } - } - } - } else if context == -1 { - contextLine, _ := sourceCodeLoader.Load(file, line, 0) - if len(contextLine) > 0 { - frame.ContextLine = string(contextLine[0]) - } - } - return frame -} - -// Retrieve the name of the package and function containing the PC. -func functionName(pc uintptr) (string, string) { - fn := runtime.FuncForPC(pc) - if fn == nil { - return "", "" - } - - return splitFunctionName(fn.Name()) -} - -func splitFunctionName(name string) (string, string) { - var pack string - - if pos := strings.LastIndex(name, "/"); pos != -1 { - pack = name[:pos+1] - name = name[pos+1:] - } - - if pos := strings.Index(name, "."); pos != -1 { - pack += name[:pos] - name = name[pos+1:] - } - - if p, err := url.QueryUnescape(pack); err == nil { - pack = p - } - - return pack, name -} - -type SourceCodeLoader interface { - Load(filename string, line, context int) ([][]byte, int) -} - -var sourceCodeLoader SourceCodeLoader = &fsLoader{cache: make(map[string][][]byte)} - -func SetSourceCodeLoader(loader SourceCodeLoader) { - sourceCodeLoader = loader -} - -type fsLoader struct { - mu sync.Mutex - cache map[string][][]byte -} - -func (fs *fsLoader) Load(filename string, line, context int) ([][]byte, int) { - fs.mu.Lock() - defer fs.mu.Unlock() - lines, ok := fs.cache[filename] - if !ok { - data, err := ioutil.ReadFile(filename) - if err != nil { - // cache errors as nil slice: code below handles it correctly - // otherwise when missing the source or running as a different user, we try - // reading the file on each error which is unnecessary - fs.cache[filename] = nil - return nil, 0 - } - lines = bytes.Split(data, []byte{'\n'}) - fs.cache[filename] = lines - } - - if lines == nil { - // cached error from ReadFile: return no lines - return nil, 0 - } - - line-- // stack trace lines are 1-indexed - start := line - context - var idx int - if start < 0 { - start = 0 - idx = line - } else { - idx = context - } - end := line + context + 1 - if line >= len(lines) { - return nil, 0 - } - if end > len(lines) { - end = len(lines) - } - return lines[start:end], idx -} - -var trimPaths []string - -// Try to trim the GOROOT or GOPATH prefix off of a filename -func trimPath(filename string) string { - for _, prefix := range trimPaths { - if trimmed := strings.TrimPrefix(filename, prefix); len(trimmed) < len(filename) { - return trimmed - } - } - return filename -} - -func init() { - // Collect all source directories, and make sure they - // end in a trailing "separator" - for _, prefix := range build.Default.SrcDirs() { - if prefix[len(prefix)-1] != filepath.Separator { - prefix += string(filepath.Separator) - } - trimPaths = append(trimPaths, prefix) - } -} diff --git a/workhorse-vendor/github.com/getsentry/raven-go/writer.go b/workhorse-vendor/github.com/getsentry/raven-go/writer.go deleted file mode 100644 index 61f7a91088..0000000000 --- a/workhorse-vendor/github.com/getsentry/raven-go/writer.go +++ /dev/null @@ -1,20 +0,0 @@ -package raven - -type Writer struct { - Client *Client - Level Severity - Logger string // Logger name reported to Sentry -} - -// Write formats the byte slice p into a string, and sends a message to -// Sentry at the severity level indicated by the Writer w. -func (w *Writer) Write(p []byte) (int, error) { - message := string(p) - - packet := NewPacket(message, &Message{message, nil}) - packet.Level = w.Level - packet.Logger = w.Logger - w.Client.Capture(packet, nil) - - return len(p), nil -} From 941bf6661b87467f6751588d7b27f69d7ac57dbd Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Wed, 28 Apr 2021 17:22:55 +0530 Subject: [PATCH 2/6] New upstream version 13.10.4+ds1 --- CHANGELOG.md | 12 +++++ GITALY_SERVER_VERSION | 2 +- Gemfile.lock | 4 +- VERSION | 2 +- .../concerns/sessionless_authentication.rb | 6 ++- app/controllers/graphql_controller.rb | 8 +++- .../projects/branches_controller.rb | 2 +- app/graphql/mutations/base_mutation.rb | 4 ++ app/policies/global_policy.rb | 4 ++ ...dependency_proxy_authentication_service.rb | 5 +- app/services/issues/base_service.rb | 4 +- .../projects/branches_by_mode_service.rb | 2 +- .../mirrors/_authentication_method.html.haml | 2 +- .../branch_list_keyset_pagination.yml | 2 +- lib/api/issues.rb | 3 -- lib/gitlab/auth/scope_validator.rb | 24 ++++++++++ .../graphql/authorize/object_authorization.rb | 45 ++++++++++++++++++ lib/gitlab/pagination/gitaly_keyset_pager.rb | 4 +- package.json | 2 +- .../mutations/notes/create/note_spec.rb | 2 + spec/requests/api/issues/issues_spec.rb | 28 +++++++++++ .../api/issues/post_projects_issues_spec.rb | 14 +++++- spec/requests/jwt_controller_spec.rb | 10 ++-- ...dency_proxy_authentication_service_spec.rb | 25 +++++----- .../projects/download_service_spec.rb | 5 +- spec/support/helpers/graphql_helpers.rb | 18 +++++--- .../requests/graphql_shared_examples.rb | 46 +++++++++++++++++++ yarn.lock | 8 ++-- 28 files changed, 244 insertions(+), 49 deletions(-) create mode 100644 lib/gitlab/auth/scope_validator.rb create mode 100644 lib/gitlab/graphql/authorize/object_authorization.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index d80a50862b..d9436b873d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,18 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 13.10.4 (2021-04-27) + +### Security (6 changes) + +- Prevent tokens with only read_api scope from executing mutations. +- Update mermaid to version 8.9.2. +- Do not allow deploy tokens in the dependency proxy authentication service. +- Disable keyset pagination for branches by default. +- Bump Carrierwave gem to v1.3.2. +- Restrict setting system_note_timestamp to owners. + + ## 13.10.3 (2021-04-13) ### Security (3 changes) diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION index dee21658a8..402deed307 100644 --- a/GITALY_SERVER_VERSION +++ b/GITALY_SERVER_VERSION @@ -1 +1 @@ -13.10.3 \ No newline at end of file +13.10.4 \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index e6cf7c5d93..b5bbd5a61d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -170,10 +170,11 @@ GEM capybara-screenshot (1.0.22) capybara (>= 1.0, < 4) launchy - carrierwave (1.3.1) + carrierwave (1.3.2) activemodel (>= 4.0.0) activesupport (>= 4.0.0) mime-types (>= 1.16) + ssrf_filter (~> 1.0) cbor (0.5.9.6) character_set (1.4.0) charlock_holmes (0.7.7) @@ -1203,6 +1204,7 @@ GEM sprockets (>= 3.0.0) sqlite3 (1.3.13) sshkey (2.0.0) + ssrf_filter (1.0.7) stackprof (0.2.15) state_machines (0.5.0) state_machines-activemodel (0.8.0) diff --git a/VERSION b/VERSION index dee21658a8..402deed307 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -13.10.3 \ No newline at end of file +13.10.4 \ No newline at end of file diff --git a/app/controllers/concerns/sessionless_authentication.rb b/app/controllers/concerns/sessionless_authentication.rb index a9ef33bf3b..36ba3d686a 100644 --- a/app/controllers/concerns/sessionless_authentication.rb +++ b/app/controllers/concerns/sessionless_authentication.rb @@ -7,11 +7,15 @@ module SessionlessAuthentication # This filter handles personal access tokens, atom requests with rss tokens, and static object tokens def authenticate_sessionless_user!(request_format) - user = Gitlab::Auth::RequestAuthenticator.new(request).find_sessionless_user(request_format) + user = request_authenticator.find_sessionless_user(request_format) sessionless_sign_in(user) if user end + def request_authenticator + @request_authenticator ||= Gitlab::Auth::RequestAuthenticator.new(request) + end + def sessionless_user? current_user && !session.key?('warden.user.user.key') end diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index 53064041ab..a728d5cc18 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -108,7 +108,13 @@ class GraphqlController < ApplicationController end def context - @context ||= { current_user: current_user, is_sessionless_user: !!sessionless_user?, request: request } + api_user = !!sessionless_user? + @context ||= { + current_user: current_user, + is_sessionless_user: api_user, + request: request, + scope_validator: ::Gitlab::Auth::ScopeValidator.new(api_user, request_authenticator) + } end def build_variables(variable_info) diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb index 6f3c96fa65..be1e932a1a 100644 --- a/app/controllers/projects/branches_controller.rb +++ b/app/controllers/projects/branches_controller.rb @@ -185,7 +185,7 @@ class Projects::BranchesController < Projects::ApplicationController # Here we get one more branch to indicate if there are more data we're not showing limit = @overview_max_branches + 1 - if Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: true) + if Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: :yaml) @active_branches = BranchesFinder.new(@repository, { per_page: limit, sort: sort_value_recently_updated }) .execute(gitaly_pagination: true).select(&:active?) diff --git a/app/graphql/mutations/base_mutation.rb b/app/graphql/mutations/base_mutation.rb index ac5ddc5bd4..a53cc72d90 100644 --- a/app/graphql/mutations/base_mutation.rb +++ b/app/graphql/mutations/base_mutation.rb @@ -28,8 +28,12 @@ module Mutations end def ready?(**args) + auth = ::Gitlab::Graphql::Authorize::ObjectAuthorization.new(:execute_graphql_mutation, :api) + if Gitlab::Database.read_only? raise Gitlab::Graphql::Errors::ResourceNotAvailable, ERROR_MESSAGE + elsif !auth.ok?(:global, current_user, scope_validator: context[:scope_validator]) + raise_resource_not_available_error! else true end diff --git a/app/policies/global_policy.rb b/app/policies/global_policy.rb index 5ee34ebbb2..d16c4734b2 100644 --- a/app/policies/global_policy.rb +++ b/app/policies/global_policy.rb @@ -23,6 +23,7 @@ class GlobalPolicy < BasePolicy prevent :receive_notifications prevent :use_quick_actions prevent :create_group + prevent :execute_graphql_mutation end rule { default }.policy do @@ -32,6 +33,7 @@ class GlobalPolicy < BasePolicy enable :receive_notifications enable :use_quick_actions enable :use_slash_commands + enable :execute_graphql_mutation end rule { inactive }.policy do @@ -48,6 +50,8 @@ class GlobalPolicy < BasePolicy prevent :use_slash_commands end + rule { ~can?(:access_api) }.prevent :execute_graphql_mutation + rule { blocked | (internal & ~migration_bot & ~security_bot) }.policy do prevent :access_git end diff --git a/app/services/auth/dependency_proxy_authentication_service.rb b/app/services/auth/dependency_proxy_authentication_service.rb index 1b8c16b7c7..fab42e0ebb 100644 --- a/app/services/auth/dependency_proxy_authentication_service.rb +++ b/app/services/auth/dependency_proxy_authentication_service.rb @@ -8,7 +8,10 @@ module Auth def execute(authentication_abilities:) return error('dependency proxy not enabled', 404) unless ::Gitlab.config.dependency_proxy.enabled - return error('access forbidden', 403) unless current_user + + # Because app/controllers/concerns/dependency_proxy/auth.rb consumes this + # JWT only as `User.find`, we currently only allow User (not DeployToken, etc) + return error('access forbidden', 403) unless current_user.is_a?(User) { token: authorized_token.encoded } end diff --git a/app/services/issues/base_service.rb b/app/services/issues/base_service.rb index 25f319da03..e621463d0d 100644 --- a/app/services/issues/base_service.rb +++ b/app/services/issues/base_service.rb @@ -34,7 +34,7 @@ module Issues private - def filter_params(merge_request) + def filter_params(issue) super moved_issue = params.delete(:moved_issue) @@ -44,6 +44,8 @@ module Issues params.delete(:iid) unless current_user.can?(:set_issue_iid, project) params.delete(:created_at) unless moved_issue || current_user.can?(:set_issue_created_at, project) params.delete(:updated_at) unless moved_issue || current_user.can?(:set_issue_updated_at, project) + + issue.system_note_timestamp = params[:created_at] || params[:updated_at] end def create_assignee_note(issue, old_assignees) diff --git a/app/services/projects/branches_by_mode_service.rb b/app/services/projects/branches_by_mode_service.rb index fb66bfa073..22a09a56cd 100644 --- a/app/services/projects/branches_by_mode_service.rb +++ b/app/services/projects/branches_by_mode_service.rb @@ -37,7 +37,7 @@ class Projects::BranchesByModeService def use_gitaly_pagination? return false if params[:page].present? || params[:search].present? - Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: true) + Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: :yaml) end def fetch_branches_via_offset_pagination diff --git a/app/views/projects/mirrors/_authentication_method.html.haml b/app/views/projects/mirrors/_authentication_method.html.haml index 94f8703657..5f31ec4087 100644 --- a/app/views/projects/mirrors/_authentication_method.html.haml +++ b/app/views/projects/mirrors/_authentication_method.html.haml @@ -13,4 +13,4 @@ .form-group .well-password-auth.collapse.js-well-password-auth = f.label :password, _("Password"), class: "label-bold" - = f.password_field :password, value: mirror.password, class: 'form-control gl-form-input qa-password', autocomplete: 'new-password' + = f.password_field :password, class: 'form-control gl-form-input qa-password', autocomplete: 'new-password' diff --git a/config/feature_flags/development/branch_list_keyset_pagination.yml b/config/feature_flags/development/branch_list_keyset_pagination.yml index 23b573e500..1220029205 100644 --- a/config/feature_flags/development/branch_list_keyset_pagination.yml +++ b/config/feature_flags/development/branch_list_keyset_pagination.yml @@ -5,4 +5,4 @@ rollout_issue_url: milestone: '13.2' type: development group: group::source code -default_enabled: true +default_enabled: false diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 13dac1c174..29fc43a1f9 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -249,7 +249,6 @@ module API authorize! :create_issue, user_project issue_params = declared_params(include_missing: false) - issue_params[:system_note_timestamp] = params[:created_at] issue_params = convert_parameters_from_legacy_format(issue_params) @@ -293,8 +292,6 @@ module API issue = user_project.issues.find_by!(iid: params.delete(:issue_iid)) authorize! :update_issue, issue - issue.system_note_timestamp = params[:updated_at] - update_params = declared_params(include_missing: false).merge(request: request, api: true) update_params = convert_parameters_from_legacy_format(update_params) diff --git a/lib/gitlab/auth/scope_validator.rb b/lib/gitlab/auth/scope_validator.rb new file mode 100644 index 0000000000..de4c36ad59 --- /dev/null +++ b/lib/gitlab/auth/scope_validator.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# Wrapper around a RequestAuthenticator to +# perform authorization of scopes. Access is limited to +# only those methods needed to validate that an API user +# has at least one permitted scope. +module Gitlab + module Auth + class ScopeValidator + def initialize(api_user, request_authenticator) + @api_user = api_user + @request_authenticator = request_authenticator + end + + def valid_for?(permitted) + return true unless @api_user + return true if permitted.none? + + scopes = permitted.map { |s| API::Scope.new(s) } + @request_authenticator.valid_access_token?(scopes: scopes) + end + end + end +end diff --git a/lib/gitlab/graphql/authorize/object_authorization.rb b/lib/gitlab/graphql/authorize/object_authorization.rb new file mode 100644 index 0000000000..f13acc9ea2 --- /dev/null +++ b/lib/gitlab/graphql/authorize/object_authorization.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +module Gitlab + module Graphql + module Authorize + class ObjectAuthorization + attr_reader :abilities, :permitted_scopes + + def initialize(abilities, scopes = %i[api read_api]) + @abilities = Array.wrap(abilities).flatten + @permitted_scopes = Array.wrap(scopes) + end + + def none? + abilities.empty? + end + + def any? + abilities.present? + end + + def ok?(object, current_user, scope_validator: nil) + scopes_ok?(scope_validator) && abilities_ok?(object, current_user) + end + + private + + def abilities_ok?(object, current_user) + return true if none? + + subject = object.try(:declarative_policy_subject) || object + abilities.all? do |ability| + Ability.allowed?(current_user, ability, subject) + end + end + + def scopes_ok?(validator) + return true unless validator.present? + + validator.valid_for?(permitted_scopes) + end + end + end + end +end diff --git a/lib/gitlab/pagination/gitaly_keyset_pager.rb b/lib/gitlab/pagination/gitaly_keyset_pager.rb index 1350168967..b05891066a 100644 --- a/lib/gitlab/pagination/gitaly_keyset_pager.rb +++ b/lib/gitlab/pagination/gitaly_keyset_pager.rb @@ -26,11 +26,11 @@ module Gitlab private def keyset_pagination_enabled? - Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: true) && params[:pagination] == 'keyset' + Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: :yaml) && params[:pagination] == 'keyset' end def paginate_first_page? - Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: true) && (params[:page].blank? || params[:page].to_i == 1) + Feature.enabled?(:branch_list_keyset_pagination, project, default_enabled: :yaml) && (params[:page].blank? || params[:page].to_i == 1) end def paginate_via_gitaly(finder) diff --git a/package.json b/package.json index 978b9079aa..9e47dcdea0 100644 --- a/package.json +++ b/package.json @@ -121,7 +121,7 @@ "lodash": "^4.17.20", "marked": "^0.3.12", "mathjax": "3", - "mermaid": "^8.9.0", + "mermaid": "^8.9.2", "minimatch": "^3.0.4", "monaco-editor": "^0.20.0", "monaco-editor-webpack-plugin": "^1.9.0", diff --git a/spec/requests/api/graphql/mutations/notes/create/note_spec.rb b/spec/requests/api/graphql/mutations/notes/create/note_spec.rb index 1eed1c8e2a..8dd8ed361b 100644 --- a/spec/requests/api/graphql/mutations/notes/create/note_spec.rb +++ b/spec/requests/api/graphql/mutations/notes/create/note_spec.rb @@ -31,6 +31,8 @@ RSpec.describe 'Adding a Note' do project.add_developer(current_user) end + it_behaves_like 'a working GraphQL mutation' + it_behaves_like 'a Note mutation that creates a Note' it_behaves_like 'a Note mutation when there are active record validation errors' diff --git a/spec/requests/api/issues/issues_spec.rb b/spec/requests/api/issues/issues_spec.rb index 0fe68be027..8f10de5952 100644 --- a/spec/requests/api/issues/issues_spec.rb +++ b/spec/requests/api/issues/issues_spec.rb @@ -943,6 +943,34 @@ RSpec.describe API::Issues do it_behaves_like 'issuable update endpoint' do let(:entity) { issue } end + + describe 'updated_at param' do + let(:fixed_time) { Time.new(2001, 1, 1) } + let(:updated_at) { Time.new(2000, 1, 1) } + + before do + travel_to fixed_time + end + + it 'allows admins to set the timestamp' do + put api("/projects/#{project.id}/issues/#{issue.iid}", admin), params: { labels: 'label1', updated_at: updated_at } + + expect(response).to have_gitlab_http_status(:ok) + expect(Time.parse(json_response['updated_at'])).to be_like_time(updated_at) + expect(ResourceLabelEvent.last.created_at).to be_like_time(updated_at) + end + + it 'does not allow other users to set the timestamp' do + reporter = create(:user) + project.add_developer(reporter) + + put api("/projects/#{project.id}/issues/#{issue.iid}", reporter), params: { labels: 'label1', updated_at: updated_at } + + expect(response).to have_gitlab_http_status(:ok) + expect(Time.parse(json_response['updated_at'])).to be_like_time(fixed_time) + expect(ResourceLabelEvent.last.created_at).to be_like_time(fixed_time) + end + end end describe 'DELETE /projects/:id/issues/:issue_iid' do diff --git a/spec/requests/api/issues/post_projects_issues_spec.rb b/spec/requests/api/issues/post_projects_issues_spec.rb index 5b3e236366..2536c5dd7c 100644 --- a/spec/requests/api/issues/post_projects_issues_spec.rb +++ b/spec/requests/api/issues/post_projects_issues_spec.rb @@ -330,15 +330,21 @@ RSpec.describe API::Issues do end context 'setting created_at' do + let(:fixed_time) { Time.new(2001, 1, 1) } let(:creation_time) { 2.weeks.ago } let(:params) { { title: 'new issue', labels: 'label, label2', created_at: creation_time } } + before do + travel_to fixed_time + end + context 'by an admin' do it 'sets the creation time on the new issue' do post api("/projects/#{project.id}/issues", admin), params: params expect(response).to have_gitlab_http_status(:created) expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time) + expect(ResourceLabelEvent.last.created_at).to be_like_time(creation_time) end end @@ -348,6 +354,7 @@ RSpec.describe API::Issues do expect(response).to have_gitlab_http_status(:created) expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time) + expect(ResourceLabelEvent.last.created_at).to be_like_time(creation_time) end end @@ -356,19 +363,24 @@ RSpec.describe API::Issues do group = create(:group) group_project = create(:project, :public, namespace: group) group.add_owner(user2) + post api("/projects/#{group_project.id}/issues", user2), params: params expect(response).to have_gitlab_http_status(:created) expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time) + expect(ResourceLabelEvent.last.created_at).to be_like_time(creation_time) end end context 'by another user' do it 'ignores the given creation time' do + project.add_developer(user2) + post api("/projects/#{project.id}/issues", user2), params: params expect(response).to have_gitlab_http_status(:created) - expect(Time.parse(json_response['created_at'])).not_to be_like_time(creation_time) + expect(Time.parse(json_response['created_at'])).to be_like_time(fixed_time) + expect(ResourceLabelEvent.last.created_at).to be_like_time(fixed_time) end end end diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb index e154e691d5..3087e0e1ab 100644 --- a/spec/requests/jwt_controller_spec.rb +++ b/spec/requests/jwt_controller_spec.rb @@ -262,25 +262,21 @@ RSpec.describe JwtController do let(:credential_user) { group_deploy_token.username } let(:credential_password) { group_deploy_token.token } - it_behaves_like 'with valid credentials' + it_behaves_like 'returning response status', :forbidden end context 'with project deploy token' do let(:credential_user) { project_deploy_token.username } let(:credential_password) { project_deploy_token.token } - it_behaves_like 'with valid credentials' + it_behaves_like 'returning response status', :forbidden end context 'with invalid credentials' do let(:credential_user) { 'foo' } let(:credential_password) { 'bar' } - it 'returns unauthorized' do - subject - - expect(response).to have_gitlab_http_status(:unauthorized) - end + it_behaves_like 'returning response status', :unauthorized end end diff --git a/spec/services/auth/dependency_proxy_authentication_service_spec.rb b/spec/services/auth/dependency_proxy_authentication_service_spec.rb index ba50149f53..1fd1677c7d 100644 --- a/spec/services/auth/dependency_proxy_authentication_service_spec.rb +++ b/spec/services/auth/dependency_proxy_authentication_service_spec.rb @@ -13,28 +13,31 @@ RSpec.describe Auth::DependencyProxyAuthenticationService do describe '#execute' do subject { service.execute(authentication_abilities: nil) } + shared_examples 'returning' do |status:, message:| + it "returns #{message}", :aggregate_failures do + expect(subject[:http_status]).to eq(status) + expect(subject[:message]).to eq(message) + end + end + context 'dependency proxy is not enabled' do before do stub_config(dependency_proxy: { enabled: false }) end - it 'returns not found' do - result = subject - - expect(result[:http_status]).to eq(404) - expect(result[:message]).to eq('dependency proxy not enabled') - end + it_behaves_like 'returning', status: 404, message: 'dependency proxy not enabled' end context 'without a user' do let(:user) { nil } - it 'returns forbidden' do - result = subject + it_behaves_like 'returning', status: 403, message: 'access forbidden' + end - expect(result[:http_status]).to eq(403) - expect(result[:message]).to eq('access forbidden') - end + context 'with a deploy token as user' do + let_it_be(:user) { create(:deploy_token) } + + it_behaves_like 'returning', status: 403, message: 'access forbidden' end context 'with a user' do diff --git a/spec/services/projects/download_service_spec.rb b/spec/services/projects/download_service_spec.rb index 0f743eaa7f..7d4fce814f 100644 --- a/spec/services/projects/download_service_spec.rb +++ b/spec/services/projects/download_service_spec.rb @@ -20,8 +20,9 @@ RSpec.describe Projects::DownloadService do context 'for URLs that are on the whitelist' do before do - stub_request(:get, 'http://mycompany.fogbugz.com/rails_sample.jpg').to_return(body: File.read(Rails.root + 'spec/fixtures/rails_sample.jpg')) - stub_request(:get, 'http://mycompany.fogbugz.com/doc_sample.txt').to_return(body: File.read(Rails.root + 'spec/fixtures/doc_sample.txt')) + # `ssrf_filter` resolves the hostname. See https://github.com/carrierwaveuploader/carrierwave/commit/91714adda998bc9e8decf5b1f5d260d808761304 + stub_request(:get, %r{http://[\d\.]+/rails_sample.jpg}).to_return(body: File.read(Rails.root + 'spec/fixtures/rails_sample.jpg')) + stub_request(:get, %r{http://[\d\.]+/doc_sample.txt}).to_return(body: File.read(Rails.root + 'spec/fixtures/doc_sample.txt')) end context 'an image file' do diff --git a/spec/support/helpers/graphql_helpers.rb b/spec/support/helpers/graphql_helpers.rb index 75d9508f47..5ea3f65e66 100644 --- a/spec/support/helpers/graphql_helpers.rb +++ b/spec/support/helpers/graphql_helpers.rb @@ -390,17 +390,21 @@ module GraphqlHelpers post api('/', current_user, version: 'graphql'), params: { _json: queries }, headers: headers end - def post_graphql(query, current_user: nil, variables: nil, headers: {}) + def post_graphql(query, current_user: nil, variables: nil, headers: {}, token: {}) params = { query: query, variables: serialize_variables(variables) } - post api('/', current_user, version: 'graphql'), params: params, headers: headers + post api('/', current_user, version: 'graphql', **token), params: params, headers: headers - if graphql_errors # Errors are acceptable, but not this one: - expect(graphql_errors).not_to include(a_hash_including('message' => 'Internal server error')) - end + return unless graphql_errors + + # Errors are acceptable, but not this one: + expect(graphql_errors).not_to include(a_hash_including('message' => 'Internal server error')) end - def post_graphql_mutation(mutation, current_user: nil) - post_graphql(mutation.query, current_user: current_user, variables: mutation.variables) + def post_graphql_mutation(mutation, current_user: nil, token: {}) + post_graphql(mutation.query, + current_user: current_user, + variables: mutation.variables, + token: token) end def post_graphql_mutation_with_uploads(mutation, current_user: nil) diff --git a/spec/support/shared_examples/requests/graphql_shared_examples.rb b/spec/support/shared_examples/requests/graphql_shared_examples.rb index a66bc7112f..d133c5ea64 100644 --- a/spec/support/shared_examples/requests/graphql_shared_examples.rb +++ b/spec/support/shared_examples/requests/graphql_shared_examples.rb @@ -10,6 +10,52 @@ RSpec.shared_examples 'a working graphql query' do end end +RSpec.shared_examples 'a working GraphQL mutation' do + include GraphqlHelpers + + before do + post_graphql_mutation(mutation, current_user: current_user, token: token) + end + + shared_examples 'allows access to the mutation' do + let(:scopes) { ['api'] } + + it_behaves_like 'a working graphql query' do + it 'returns data' do + expect(graphql_data.compact).not_to be_empty + end + end + end + + shared_examples 'prevents access to the mutation' do + let(:scopes) { ['read_api'] } + + it 'does not resolve the mutation' do + expect(graphql_data.compact).to be_empty + expect(graphql_errors).to be_present + end + end + + context 'with a personal access token' do + let(:token) do + pat = create(:personal_access_token, user: current_user, scopes: scopes) + { personal_access_token: pat } + end + + it_behaves_like 'prevents access to the mutation' + it_behaves_like 'allows access to the mutation' + end + + context 'with an OAuth token' do + let(:token) do + { oauth_access_token: create(:oauth_access_token, resource_owner: current_user, scopes: scopes.join(' ')) } + end + + it_behaves_like 'prevents access to the mutation' + it_behaves_like 'allows access to the mutation' + end +end + RSpec.shared_examples 'a mutation on an unauthorized resource' do it_behaves_like 'a mutation that returns top-level errors', errors: [::Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR] diff --git a/yarn.lock b/yarn.lock index 6e636ca172..2c33f8ffd5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -8194,10 +8194,10 @@ merge2@^1.3.0: resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== -mermaid@^8.9.0: - version "8.9.0" - resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.9.0.tgz#e569517863ab903aa5389cd746b68ca958a8ca7c" - integrity sha512-J582tyE1vkdNu4BGgfwXnFo4Mu6jpuc4uK96mIenavaak9kr4T5gaMmYCo/7edwq/vTBkx/soZ5LcJo5WXZ1BQ== +mermaid@^8.9.2: + version "8.9.2" + resolved "https://registry.yarnpkg.com/mermaid/-/mermaid-8.9.2.tgz#40bb2052cc6c4feaf5d93a5e527a8d06d0bacea7" + integrity sha512-XWEaraDRDlHZexdeHSSr/MH4VJAOksRSPudchi69ecZJ7IUjjlzHsg32n4ZwJUh6lFO+NMYLHwHNNYUyxIjGPg== dependencies: "@braintree/sanitize-url" "^3.1.0" d3 "^5.7.0" From 12905e534ade16143bdd8de278ee7ec6f95ae95d Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Wed, 28 Apr 2021 18:09:24 +0530 Subject: [PATCH 3/6] Update minimum version of node-mermaid to 8.9.2 --- debian/control | 2 +- debian/patches/0740-use-packaged-modules.patch | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/control b/debian/control index 5e6d86de52..be5b3f45af 100644 --- a/debian/control +++ b/debian/control @@ -458,7 +458,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, node-katex (>= 0.10.2+dfsg-8~), node-lodash (>= 4.17.21+dfsg+~cs8.31.189.20210220~), node-marked (>= 0.3~), - node-mermaid (>= 8.9~), + node-mermaid (>= 8.9.2~), node-minimatch, node-miragejs, node-mousetrap, diff --git a/debian/patches/0740-use-packaged-modules.patch b/debian/patches/0740-use-packaged-modules.patch index 55d59417b9..b48c014794 100644 --- a/debian/patches/0740-use-packaged-modules.patch +++ b/debian/patches/0740-use-packaged-modules.patch @@ -136,7 +136,7 @@ Use debian packaged node modules when available "bootstrap": "4.4.1", "cache-loader": "^4.1.0", "clipboard": "^1.7.1", -@@ -113,26 +113,26 @@ +@@ -113,26 +113,28 @@ "jquery": "^3.5.0", "jquery.caret": "^0.3.1", "jquery.waitforimages": "^2.2.0", @@ -154,10 +154,10 @@ Use debian packaged node modules when available + "lodash": "link:/usr/share/nodejs/lodash", "marked": "^0.3.12", "mathjax": "3", -- "mermaid": "^8.9.0", -- "minimatch": "^3.0.4", + "mermaid": "link:/usr/share/nodejs/mermaid", + "minimatch": "link:/usr/share/nodejs/minimatch", + "mermaid": "^8.9.2", + "minimatch": "^3.0.4", "monaco-editor": "^0.20.0", "monaco-editor-webpack-plugin": "^1.9.0", "monaco-yaml": "^2.5.1", @@ -175,7 +175,7 @@ Use debian packaged node modules when available "raphael": "^2.2.7", "raw-loader": "^4.0.2", "select2": "3.5.2-browserify", -@@ -143,26 +143,25 @@ +@@ -143,26 +145,25 @@ "style-loader": "^1.3.0", "swagger-ui-dist": "^3.44.1", "three": "^0.84.0", From 274d8be34fcec620121ae9e811e028e4cffaf066 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Wed, 28 Apr 2021 18:09:54 +0530 Subject: [PATCH 4/6] Update minimum version of ruby-carrierwave to 1.3.2 --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index be5b3f45af..70a19294f4 100644 --- a/debian/control +++ b/debian/control @@ -166,7 +166,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, # HAML ruby-hamlit (>= 2.14.4~), # Files attachments - ruby-carrierwave (>= 1.3~), + ruby-carrierwave (>= 1.3.2~), ruby-mini-magick (>= 4.10.1~), # for backups ruby-fog-aws (>= 3.9~), From 60e7c731c548e6c8f726d206f5219d8f56d5d8db Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Wed, 28 Apr 2021 18:44:24 +0530 Subject: [PATCH 5/6] Update minimum version of redis-server to 5:6.0.12~ --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 70a19294f4..0ea96dc4aa 100644 --- a/debian/control +++ b/debian/control @@ -75,7 +75,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, postgresql-contrib, dbconfig-pgsql | dbconfig-no-thanks, bc, - redis-server (>= 2:2.8~), + redis-server (>= 5:6.0.12~), # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=956211 nodejs (>= 10~), nginx | httpd, From 8bc51979c625f5c96b5ba8e596d0ebe86a753a10 Mon Sep 17 00:00:00 2001 From: Pirate Praveen Date: Wed, 28 Apr 2021 17:50:39 +0530 Subject: [PATCH 6/6] Upload to experimental (staging) --- debian/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/changelog b/debian/changelog index 00df8a18cf..9e856bb8d8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +gitlab (13.10.4+ds1-1) experimental; urgency=medium + + * New upstream security release 13.10.4+ds1 (Fixes: CVE-2021-22209, + CVE-2021-22206, CVE-2021-22210, CVE-2021-22208, CVE-2021-22211) + * Update minimum version of node-mermaid to 8.9.2, ruby-carrierwave to 1.3.2 + and redis-server to 5:6.0.12~ + + -- Pirate Praveen Wed, 28 Apr 2021 17:47:54 +0530 + gitlab (13.10.3+ds2-3) experimental; urgency=medium * Keep gitlab-workhorse binary in main