Commit 01355138 authored by Stan Hu's avatar Stan Hu

Strip out any HTML tags in Geo response and upon failure omit full response text

Closes #2786
parent 8ee10e25
module Geo module Geo
class NodeStatusService class NodeStatusService
include ActionView::Helpers::SanitizeHelper
include Gitlab::CurrentSettings include Gitlab::CurrentSettings
include HTTParty include HTTParty
...@@ -28,10 +29,11 @@ module Geo ...@@ -28,10 +29,11 @@ module Geo
if payload.is_a?(Hash) if payload.is_a?(Hash)
payload['message'] payload['message']
else else
payload ''
end end
Array([message, details].compact.join("\n")) summary = [message, details].compact.join("\n")
[sanitize(summary)]
end end
rescue HTTParty::Error, Timeout::Error, SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED => e rescue HTTParty::Error, Timeout::Error, SocketError, Errno::ECONNRESET, Errno::ECONNREFUSED => e
[e.message] [e.message]
...@@ -42,6 +44,10 @@ module Geo ...@@ -42,6 +44,10 @@ module Geo
private private
def sanitize(message)
ActionView::Base.full_sanitizer.sanitize(message)
end
def headers def headers
Gitlab::Geo::BaseRequest.new.headers Gitlab::Geo::BaseRequest.new.headers
end end
......
...@@ -11,11 +11,11 @@ describe Geo::NodeStatusService, services: true do ...@@ -11,11 +11,11 @@ describe Geo::NodeStatusService, services: true do
end end
describe '#call' do describe '#call' do
it 'parses a 401 response' do it 'strips tags from a 401 response' do
request = double(success?: false, request = double(success?: false,
code: 401, code: 401,
message: 'Unauthorized', message: 'Unauthorized',
parsed_response: { 'message' => 'Test' } ) parsed_response: { 'message' => '<html><h1>Test</h1></html>' } )
allow(described_class).to receive(:get).and_return(request) allow(described_class).to receive(:get).and_return(request)
status = subject.call(secondary) status = subject.call(secondary)
...@@ -39,5 +39,17 @@ describe Geo::NodeStatusService, services: true do ...@@ -39,5 +39,17 @@ describe Geo::NodeStatusService, services: true do
expect(status).to have_attributes(data) expect(status).to have_attributes(data)
end end
it 'omits full response text in status' do
request = double(success?: false,
code: 401,
message: 'Unauthorized',
parsed_response: '<html><h1>You are not allowed</h1></html>')
allow(described_class).to receive(:get).and_return(request)
status = subject.call(secondary)
expect(status.health).to eq("Could not connect to Geo node - HTTP Status Code: 401 Unauthorized\n")
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment