GitLab Shell leaking stacktraces to end users
Summary
On self-hosted instance we've recently found out (due to no space left on log directory), that when any exceptions happens during Git operations via SSH, the whole stacktrace gets propagated towards the end user.
Steps to reproduce
Fill /var/log directory so there is no space left.
Example Project
n/a
What is the current bug behavior?
End user sees actual stacktrace of the exception that happened.
What is the expected correct behavior?
End user sees general message and stacktrace gets written to logs (yeah, quite ironic).
Relevant logs and/or screenshots
/opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_logger.rb:73:in `write': No space left on device @ io_write - /var/log/gitlab/gitlab-shell/gitlab-shell.log (Errno::ENOSPC)
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_logger.rb:73:in `puts'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_logger.rb:73:in `log_at'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_logger.rb:40:in `info'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:207:in `ensure in request'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:207:in `request'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:224:in `post'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_net.rb:37:in `check_access'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_shell.rb:104:in `verify_access'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_shell.rb:42:in `block in exec'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_metrics.rb:50:in `measure'
from /opt/gitlab/embedded/service/gitlab-shell/lib/gitlab_shell.rb:42:in `exec'
from /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell:24:in `<main>'
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Results of GitLab environment info
Expand for output related to GitLab environment info
System information System: RedHatEnterpriseServer 7.4 Current User: git Using RVM: no Ruby Version: 2.3.6p384 Gem Version: 2.6.13 Bundler Version:1.13.7 Rake Version: 12.3.0 Redis Version: 3.2.11 Git Version: 2.14.3 Sidekiq Version:5.0.5 Go Version: unknownGitLab information Version: 10.7.1 Revision: 0d49bb8 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://domain HTTP Clone URL: https://domain/some-group/some-project.git SSH Clone URL: git@domain:some-group/some-project.git Using LDAP: no Using Omniauth: yes Omniauth Providers: saml
GitLab Shell Version: 7.1.2 Repository storage paths:
- default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git
Possible fixes
n/a