Comments to confidential issue and mattermost notification (potentially leaking confidential information)
Summary
In a project with the "Mattermost notifications" active, a comment to a confidential issue can goes to the a mattermost channel also if the integration is configured to not send notifications about confidential issues.
Steps to reproduce
- Create a project whit issues enabled.
- Activate the "Mattermost notifications" integration.
- Activate the triggers:
- Issue
- Note
- Deactivate the trigger Confidential issue
- Create a confidential issue.
- Add a comment to the issue.
What is the current bug behavior?
The mattermost channel is notified of the creation of the comment on the confidential issue.
What is the expected correct behavior?
If an issue is confidential and the user doesn't want to notificate mattermost also gitlab must do not send notifications about comments.
Output of checks
I don't know if the bug happens on gitlab.com
Results of GitLab environment info
Expand for output related to the GitLab environment info
System information System: Current User: git Using RVM: no Ruby Version: 2.3.3p222 Gem Version: 2.6.6 Bundler Version:1.13.7 Rake Version: 10.5.0 Redis Version: 3.2.5 Git Version: 2.11.1 Sidekiq Version:4.2.7
GitLab information Version: 9.1.4 Revision: fed799a Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https:// HTTP Clone URL: https:///some-group/some-project.git SSH Clone URL: git@:some-group/some-project.git Using LDAP: no Using Omniauth: no
GitLab Shell Version: 5.0.2 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Results of GitLab application Check
Expand for output related to the GitLab application check
Checking GitLab Shell ...GitLab Shell version >= 5.0.2 ? ... OK (5.0.2)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
3/1 ... ok
3/2 ... ok
6/3 ... ok
3/4 ... repository is empty
2/5 ... ok
7/7 ... ok
9/9 ... ok
13/10 ... ok
10/12 ... ok
11/13 ... repository is empty
10/14 ... ok
10/15 ... ok
10/16 ... ok
10/17 ... ok
2/18 ... ok
4/19 ... repository is empty
4/20 ... ok
13/21 ... ok
13/22 ... repository is empty 6/23 ... repository is empty 11/24 ... repository is empty Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Access to /var/opt/gitlab/.ssh/authorized_keys: OK Send ping to redis server: OK gitlab-shell self-check successfulChecking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config outdated? ... no Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory setup correctly? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) projects have namespace: ... 3/1 ... yes 3/2 ... yes 6/3 ... yes 3/4 ... yes 2/5 ... yes 7/7 ... yes 9/9 ... yes 13/10 ... yes 10/12 ... yes 11/13 ... yes 10/14 ... yes 10/15 ... yes 10/16 ... yes 10/17 ... yes 2/18 ... yes 4/19 ... yes 4/20 ... yes 13/21 ... yes 13/22 ... yes 6/23 ... yes 11/24 ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.1.0 ? ... yes (2.3.3) Your git bin path is "/opt/gitlab/embedded/bin/git" Git version >= 2.7.3 ? ... yes (2.11.1) Active users: 6
Checking GitLab ... Finished