Error disclosure on Project Import
From #54857 (closed). When an error is encountered importing a project, the error message displayed gives file directory structure information.
Find the real path of link.gitignore
Luckily, Gitlab stores import errors in database and provides another API with the error messages where we can find the real path of link.gitignore
$ curl -H "Private-Token: $(cat tkn.nya)" http://10.26.0.3/api/v4/projects/27/import
{
"id": 27,
"description": null,
"name": "interesting-36f24022b707434f2f060c4a3559216f",
"name_with_namespace": "Administrator / interesting-36f24022b707434f2f060c4a3559216f",
"path": "interesting-36f24022b707434f2f060c4a3559216f",
"path_with_namespace": "root/interesting-36f24022b707434f2f060c4a3559216f",
"created_at": "2018-12-04T11:10:59.269Z",
"import_status": "failed",
"import_error": "Error importing repository into root/interesting-36f24022b707434f2f060c4a3559216f - Permission denied @ unlink_internal - /var/opt/gitlab/gitlab-rails/shared/tmp/project_exports/root/interesting-36f24022b707434f2f060c4a3559216f/8cef47205d875e9e9528a844ce20e092/uploads/link.gitignore"
}
Through the UI:
One other note, we present the full path to the file in the UI. Technically, the api call in File the Real Path
is not needed.