Merge branch 'security-event-counters-private-data-11-1' into 'security-11-1'

[11.1] Don't expose project names in various counters See merge request gitlab/gitlabhq!2445

Merge branch 'security-event-counters-private-data-11-1' into 'security-11-1'
[11.1] Don't expose project names in various counters See merge request gitlab/gitlabhq!2445
44318222 · Felipe Artur Cardozo · Felipe Artur · 94b93230 · 44318222 · 44318222
Commit 44318222 authored Jul 24, 2018 by Felipe Artur Cardozo Committed by Felipe Artur Jul 24, 2018
19 changed files
--- a/app/models/remote_mirror.rb
+++ b/app/models/remote_mirror.rb
@@ -48,13 +48,13 @@ class RemoteMirror < ActiveRecord::Base
    state :failed
    after_transition any => :started do |remote_mirror, _|
-      Gitlab::Metrics.add_event(:remote_mirrors_running, path: remote_mirror.project.full_path)
+      Gitlab::Metrics.add_event(:remote_mirrors_running)
      remote_mirror.update(last_update_started_at: Time.now)
    end
    after_transition started: :finished do |remote_mirror, _|
-      Gitlab::Metrics.add_event(:remote_mirrors_finished, path: remote_mirror.project.full_path)
+      Gitlab::Metrics.add_event(:remote_mirrors_finished)
      timestamp = Time.now
      remote_mirror.update_attributes!(
@@ -63,7 +63,7 @@ class RemoteMirror < ActiveRecord::Base
    end
    after_transition started: :failed do |remote_mirror, _|
-      Gitlab::Metrics.add_event(:remote_mirrors_failed, path: remote_mirror.project.full_path)
+      Gitlab::Metrics.add_event(:remote_mirrors_failed)
      remote_mirror.update(last_update_at: Time.now)
    end

--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -1032,7 +1032,7 @@ class Repository
  end
  def repository_event(event, tags = {})
-    Gitlab::Metrics.add_event(event, { path: full_path }.merge(tags))
+    Gitlab::Metrics.add_event(event, tags)
  end
  def initialize_raw_repository

--- a/app/workers/concerns/gitlab/github_import/object_importer.rb
+++ b/app/workers/concerns/gitlab/github_import/object_importer.rb
@@ -22,7 +22,7 @@ module Gitlab
        importer_class.new(object, project, client).execute
-        counter.increment(project: project.full_path)
+        counter.increment
      end
      def counter

--- a/app/workers/repository_fork_worker.rb
+++ b/app/workers/repository_fork_worker.rb
@@ -23,9 +23,7 @@ class RepositoryForkWorker
  def fork_repository(target_project, source_repository_storage_name, source_disk_path)
    return unless start_fork(target_project)
-    Gitlab::Metrics.add_event(:fork_repository,
+    Gitlab::Metrics.add_event(:fork_repository)
-                              source_path: source_disk_path,
-                              target_path: target_project.disk_path)
    result = gitlab_shell.fork_repository(source_repository_storage_name, source_disk_path,
                                          target_project.repository_storage, target_project.disk_path)

--- a/app/workers/repository_import_worker.rb
+++ b/app/workers/repository_import_worker.rb
@@ -11,9 +11,7 @@ class RepositoryImportWorker
    return unless start_import(project)
-    Gitlab::Metrics.add_event(:import_repository,
+    Gitlab::Metrics.add_event(:import_repository)
-                              import_url: project.import_url,
-                              path: project.full_path)
    service = Projects::ImportService.new(project, project.creator)
    result = service.execute

--- a/changelogs/unreleased/event-counters-private-data.yml
+++ b/changelogs/unreleased/event-counters-private-data.yml
+---
+title: Don't expose project names in various counters
+merge_request:
+author:
+type: security
--- a/changelogs/unreleased/pr-importer-project-name.yml
+++ b/changelogs/unreleased/pr-importer-project-name.yml
+---
+title: Don't expose project names in GitHub counters
+merge_request:
+author:
+type: security
--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -108,8 +108,7 @@ module API
        if result.valid?
          if result.build
-            Gitlab::Metrics.add_event(:build_found,
+            Gitlab::Metrics.add_event(:build_found)
-                                      project: result.build.project.full_path)
            present result.build, with: Entities::JobRequest::Response
          else
            Gitlab::Metrics.add_event(:build_not_found)
@@ -140,8 +139,7 @@ module API
        job.trace.set(params[:trace]) if params[:trace]
-        Gitlab::Metrics.add_event(:update_build,
+        Gitlab::Metrics.add_event(:update_build)
-                                  project: job.project.full_path)
        case params[:state].to_s
        when 'running'

--- a/lib/gitlab/email/handler/create_issue_handler.rb
+++ b/lib/gitlab/email/handler/create_issue_handler.rb
@@ -36,10 +36,6 @@ module Gitlab
          @project ||= Project.find_by_full_path(project_path)
        end
-        def metrics_params
-          super.merge(project: project&.full_path)
-        end
        private
        def create_issue

--- a/lib/gitlab/email/handler/create_merge_request_handler.rb
+++ b/lib/gitlab/email/handler/create_merge_request_handler.rb
@@ -40,10 +40,6 @@ module Gitlab
          @project ||= Project.find_by_full_path(project_path)
        end
-        def metrics_params
-          super.merge(project: project&.full_path)
-        end
        private
        def create_merge_request

--- a/lib/gitlab/email/handler/create_note_handler.rb
+++ b/lib/gitlab/email/handler/create_note_handler.rb
@@ -28,10 +28,6 @@ module Gitlab
            record_name: 'comment')
        end
-        def metrics_params
-          super.merge(project: project&.full_path)
-        end
        private
        def author

--- a/lib/gitlab/email/handler/unsubscribe_handler.rb
+++ b/lib/gitlab/email/handler/unsubscribe_handler.rb
@@ -20,10 +20,6 @@ module Gitlab
          noteable.unsubscribe(sent_notification.recipient)
        end
-        def metrics_params
-          super.merge(project: project&.full_path)
-        end
        private
        def sent_notification

--- a/lib/gitlab/github_import/importer/pull_requests_importer.rb
+++ b/lib/gitlab/github_import/importer/pull_requests_importer.rb
@@ -43,7 +43,7 @@ module Gitlab
          Rails.logger
            .info("GitHub importer finished updating repository for #{pname}")
-          repository_updates_counter.increment(project: pname)
+          repository_updates_counter.increment
        end
        def update_repository?(pr)

--- a/spec/lib/gitlab/github_import/importer/pull_requests_importer_spec.rb
+++ b/spec/lib/gitlab/github_import/importer/pull_requests_importer_spec.rb
@@ -158,7 +158,6 @@ describe Gitlab::GithubImport::Importer::PullRequestsImporter do
      expect(importer.repository_updates_counter)
        .to receive(:increment)
-        .with(project: project.path_with_namespace)
        .and_call_original
      Timecop.freeze do

--- a/spec/workers/concerns/gitlab/github_import/object_importer_spec.rb
+++ b/spec/workers/concerns/gitlab/github_import/object_importer_spec.rb
@@ -51,7 +51,6 @@ describe Gitlab::GithubImport::ObjectImporter do
      expect(worker.counter)
        .to receive(:increment)
-        .with(project: 'foo/bar')
        .and_call_original
      worker.import(project, client, { 'number' => 10 })

--- a/spec/workers/gitlab/github_import/import_diff_note_worker_spec.rb
+++ b/spec/workers/gitlab/github_import/import_diff_note_worker_spec.rb
@@ -33,7 +33,6 @@ describe Gitlab::GithubImport::ImportDiffNoteWorker do
      expect(worker.counter)
        .to receive(:increment)
-        .with(project: 'foo/bar')
        .and_call_original
      worker.import(project, client, hash)

--- a/spec/workers/gitlab/github_import/import_issue_worker_spec.rb
+++ b/spec/workers/gitlab/github_import/import_issue_worker_spec.rb
@@ -36,7 +36,6 @@ describe Gitlab::GithubImport::ImportIssueWorker do
      expect(worker.counter)
        .to receive(:increment)
-        .with(project: 'foo/bar')
        .and_call_original
      worker.import(project, client, hash)

--- a/spec/workers/gitlab/github_import/import_note_worker_spec.rb
+++ b/spec/workers/gitlab/github_import/import_note_worker_spec.rb
@@ -31,7 +31,6 @@ describe Gitlab::GithubImport::ImportNoteWorker do
      expect(worker.counter)
        .to receive(:increment)
-        .with(project: 'foo/bar')
        .and_call_original
      worker.import(project, client, hash)

--- a/spec/workers/gitlab/github_import/import_pull_request_worker_spec.rb
+++ b/spec/workers/gitlab/github_import/import_pull_request_worker_spec.rb
@@ -42,7 +42,6 @@ describe Gitlab::GithubImport::ImportPullRequestWorker do
      expect(worker.counter)
        .to receive(:increment)
-        .with(project: 'foo/bar')
        .and_call_original
      worker.import(project, client, hash)