Automatic merge of gitlab-org/gitlab master

app/assets/javascripts/vue_shared/components/gl_mentions.vue

@@ -9,6 +9,7 @@ const AutoComplete = {
   Issues: 'issues',
   Labels: 'labels',
   Members: 'members',
+  MergeRequests: 'mergeRequests',
 };
 
 function doesCurrentLineStartWith(searchString, fullText, selectionStart) {
@@ -99,6 +100,14 @@ const autoCompleteMap = {
         ${icon}`;
     },
   },
+  [AutoComplete.MergeRequests]: {
+    filterValues() {
+      return this[AutoComplete.MergeRequests];
+    },
+    menuItemTemplate({ original }) {
+      return `<small>${original.reference || original.iid}</small> ${escape(original.title)}`;
+    },
+  },
 };
 
 export default {
@@ -139,6 +148,13 @@ export default {
               : `~${original.title}`,
           values: this.getValues(AutoComplete.Labels),
         },
+        {
+          trigger: '!',
+          lookup: value => value.iid + value.title,
+          menuItemTemplate: autoCompleteMap[AutoComplete.MergeRequests].menuItemTemplate,
+          selectTemplate: ({ original }) => original.reference || `!${original.iid}`,
+          values: this.getValues(AutoComplete.MergeRequests),
+        },
       ],
     });
 

app/assets/javascripts/vue_shared/components/markdown/field.vue

@@ -169,7 +169,7 @@ export default {
       emojis: this.enableAutocomplete,
       members: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
       issues: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
-      mergeRequests: this.enableAutocomplete,
+      mergeRequests: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,
       epics: this.enableAutocomplete,
       milestones: this.enableAutocomplete,
       labels: this.enableAutocomplete && !this.glFeatures.tributeAutocomplete,

doc/development/telemetry/snowplow.md

@@ -316,6 +316,11 @@ There are several tools for developing and testing Snowplow Event
 
 **{check-circle}** Available, **{status_preparing}** In progress, **{dotted-circle}** Not Planned
 
+### Preparing your MR for Review
+
+1. For frontend events, in the MR description section, add a screenshot of the event's relevant section using the [Snowplow Analytics Debugger](https://chrome.google.com/webstore/detail/snowplow-analytics-debugg/jbnlcgeengmijcghameodeaenefieedm) Chrome browser extension.
+1. For backend events, please use Snowplow Micro and add the output of the Snowplow Micro good events  `GET http://localhost:9090/micro/good`.
+
 ### Snowplow Analytics Debugger Chrome Extension
 
 Snowplow Analytics Debugger is a browser extension for testing frontend events. This works on production, staging and local development environments.

doc/user/application_security/index.md

@@ -67,6 +67,7 @@ GitLab uses the following tools to scan and report known vulnerabilities found i
 | [Dependency List](dependency_list/index.md) **(ULTIMATE)**                   | View your project's dependencies and their known vulnerabilities.      |
 | [Dependency Scanning](dependency_scanning/index.md) **(ULTIMATE)**           | Analyze your dependencies for known vulnerabilities.                   |
 | [Dynamic Application Security Testing (DAST)](dast/index.md) **(ULTIMATE)**  | Analyze running web applications for known vulnerabilities.            |
+| [API fuzzing](api_fuzzing/index.md) **(ULTIMATE)**                 | Find unknown bugs and vulnerabilities in web APIs with fuzzing.    |
 | [Secret Detection](secret_detection/index.md) **(ULTIMATE)**                 | Analyze Git history for leaked secrets.                                |
 | [Security Dashboard](security_dashboard/index.md) **(ULTIMATE)**             | View vulnerabilities in all your projects and groups.                  |
 | [Static Application Security Testing (SAST)](sast/index.md)                  | Analyze source code for known vulnerabilities.                         |

doc/user/project/settings/index.md

@@ -37,6 +37,9 @@ You can select a framework label to identify that your project has certain compl
 - SOC 2 - Service Organization Control 2
 - SOX - Sarbanes-Oxley
 
+NOTE: **Note:**
+Compliance framework labels do not affect your project settings.
+
 ### Sharing and permissions
 
 For your repository, you can set up features such as public access, repository features,

lib/gitlab/error_tracking.rb

@@ -26,6 +26,8 @@ module Gitlab
           # Sanitize fields based on those sanitized from Rails.
           config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
           config.processors << ::Gitlab::ErrorTracking::Processor::SidekiqProcessor
+          config.processors << ::Gitlab::ErrorTracking::Processor::GrpcErrorProcessor
+
           # Sanitize authentication headers
           config.sanitize_http_headers = %w[Authorization Private-Token]
           config.tags = extra_tags_from_env.merge(program: Gitlab.process_name)

lib/gitlab/error_tracking/processor/grpc_error_processor.rb

+# frozen_string_literal: true
+
+module Gitlab
+  module ErrorTracking
+    module Processor
+      class GrpcErrorProcessor < ::Raven::Processor
+        DEBUG_ERROR_STRING_REGEX = RE2('(.*) debug_error_string:(.*)')
+
+        def process(value)
+          return value unless grpc_exception?(value)
+
+          process_message(value)
+          process_exception_values(value)
+          process_custom_fingerprint(value)
+
+          value
+        end
+
+        def grpc_exception?(value)
+          value[:exception] && value[:message].start_with?('GRPC::')
+        end
+
+        def process_message(value)
+          message, debug_str = split_debug_error_string(value[:message])
+
+          return unless message
+
+          value[:message] = message
+          extra = value[:extra] || {}
+          extra[:grpc_debug_error_string] = debug_str if debug_str
+        end
+
+        def process_exception_values(value)
+          exceptions = value.dig(:exception, :values)
+
+          return unless exceptions.is_a?(Array)
+
+          exceptions.each do |entry|
+            message, _ = split_debug_error_string(entry[:value])
+            entry[:value] = message if message
+          end
+        end
+
+        def process_custom_fingerprint(value)
+          fingerprint = value[:fingerprint]
+
+          return value unless custom_grpc_fingerprint?(fingerprint)
+
+          message, _ = split_debug_error_string(fingerprint[1])
+          fingerprint[1] = message if message
+        end
+
+        private
+
+        def custom_grpc_fingerprint?(fingerprint)
+          fingerprint.is_a?(Array) && fingerprint.length == 2 && fingerprint[0].start_with?('GRPC::')
+        end
+
+        def split_debug_error_string(message)
+          return unless message
+
+          match = DEBUG_ERROR_STRING_REGEX.match(message)
+
+          return unless match
+
+          [match[1], match[2]]
+        end
+      end
+    end
+  end
+end

spec/features/issues/gfm_autocomplete_spec.rb

@@ -763,6 +763,29 @@ RSpec.describe 'GFM autocomplete', :js do
       end
     end
 
+    shared_examples 'autocomplete suggestions' do
+      it 'suggests objects correctly' do
+        page.within '.timeline-content-form' do
+          find('#note-body').native.send_keys(object.class.reference_prefix)
+        end
+
+        page.within '.tribute-container' do
+          expect(page).to have_content(object.title)
+
+          find('ul li').click
+        end
+
+        expect(find('.new-note #note-body').value).to include(expected_body)
+      end
+    end
+
+    context 'merge requests' do
+      let(:object) { create(:merge_request, source_project: project) }
+      let(:expected_body) { object.to_reference }
+
+      it_behaves_like 'autocomplete suggestions'
+    end
+
     context 'when other notes are destroyed' do
       let!(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) }
 

spec/lib/gitlab/error_tracking/processor/grpc_error_processor_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::ErrorTracking::Processor::GrpcErrorProcessor do
+  describe '#process' do
+    subject { described_class.new }
+
+    context 'when there is no GRPC exception' do
+      let(:data) { { fingerprint: ['ArgumentError', 'Missing arguments'] } }
+
+      it 'leaves data unchanged' do
+        expect(subject.process(data)).to eq(data)
+      end
+    end
+
+    context 'when there is a GPRC exception with a debug string' do
+      let(:data) do
+        {
+          exception: {
+            values: [
+              {
+                value: "GRPC::DeadlineExceeded: 4:DeadlineExceeded. debug_error_string:{\"hello\":1}"
+              }
+            ]
+          },
+          extra: {
+            caller: 'test'
+          },
+          message: "GRPC::DeadlineExceeded: 4:DeadlineExceeded. debug_error_string:{\"hello\":1}",
+          fingerprint: [
+            "GRPC::DeadlineExceeded",
+            "4:Deadline Exceeded. debug_error_string:{\"created\":\"@1598938192.005782000\",\"description\":\"Error received from peer unix:/home/git/gitalypraefect.socket\",\"file\":\"src/core/lib/surface/call.cc\",\"file_line\":1055,\"grpc_message\":\"Deadline Exceeded\",\"grpc_status\":4}"
+          ]
+        }
+      end
+
+      let(:expected) do
+        {
+          message: "GRPC::DeadlineExceeded: 4:DeadlineExceeded.",
+          fingerprint: [
+            "GRPC::DeadlineExceeded",
+            "4:Deadline Exceeded."
+          ],
+          exception: {
+            values: [
+              {
+                value: "GRPC::DeadlineExceeded: 4:DeadlineExceeded."
+              }
+            ]
+          },
+          extra: {
+            caller: 'test',
+            grpc_debug_error_string: "{\"hello\":1}"
+         }
+        }
+      end
+
+      it 'removes the debug error string and stores it as an extra field' do
+        expect(subject.process(data)).to eq(expected)
+      end
+
+      context 'with no custom fingerprint' do
+        before do
+          data.delete(:fingerprint)
+          expected.delete(:fingerprint)
+        end
+
+        it 'removes the debug error string and stores it as an extra field' do
+          expect(subject.process(data)).to eq(expected)
+        end
+      end
+    end
+  end
+end