Skip to content

RepositoryPushAuditEventWorker throws "ActiveRecord::StatementInvalid" exception if author has no current_sign_in_ip

Summary

When auditing repository push events - the RepositoryPushAuditEventWorker / RepositoryPushAuditEventService will generate an ActiveRecord::StatementInvalid exception with the error:

PG::InvalidTextRepresentation: ERROR:  invalid input syntax for type inet:

when the author of the push has no current_sign_in_ip

This is due to the fact that ::AuditEventService will fall back to current_sign_in_ip if it's not provided and there's no RequestContext - which there's not with a repository push (at least via SSH)

Steps to reproduce

  1. Enable the Feature.enable(:repository_push_audit_event) feature flag.
  2. Clear the current_sign_in_ip for a user
  3. Using that user's account, push a change (tested with ssh push only) to a repository
  4. The RepositoryPushAuditEventWorker will fail with the following backtrace (14.0.3)
  "error_message": "PG::InvalidTextRepresentation: ERROR:  invalid input syntax for type inet: \"\"\nLINE 2:         VALUES (1, 'jayo', 9, 'Project', '', '2021-07-06 21:...\n                                                 ^\n",
  "error_class": "ActiveRecord::StatementInvalid",
  "error_backtrace": [
    "lib/gitlab/database.rb:235:in `bulk_insert'",
    "ee/app/services/audit_events/bulk_insert_service.rb:21:in `block in execute'",
    "ee/app/services/audit_events/bulk_insert_service.rb:20:in `execute'",
    "ee/app/workers/repository_push_audit_event_worker.rb:28:in `perform'",
    "lib/gitlab/sidekiq_middleware/duplicate_jobs/strategies/until_executing.rb:16:in `perform'",
    "lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb:41:in `perform'",
    "lib/gitlab/sidekiq_middleware/duplicate_jobs/server.rb:8:in `call'",
    "lib/gitlab/sidekiq_middleware/worker_context.rb:9:in `wrap_in_optional_context'",
    "lib/gitlab/sidekiq_middleware/worker_context/server.rb:17:in `block in call'",
    "lib/gitlab/application_context.rb:74:in `block in use'",
    "lib/gitlab/application_context.rb:74:in `use'",
    "lib/gitlab/application_context.rb:27:in `with_context'",
    "lib/gitlab/sidekiq_middleware/worker_context/server.rb:15:in `call'",
    "lib/gitlab/sidekiq_status/server_middleware.rb:7:in `call'",
    "lib/gitlab/sidekiq_versioning/middleware.rb:9:in `call'",
    "lib/gitlab/sidekiq_middleware/admin_mode/server.rb:14:in `call'",
    "lib/gitlab/sidekiq_middleware/instrumentation_logger.rb:9:in `call'",
    "lib/gitlab/sidekiq_middleware/batch_loader.rb:7:in `call'",
    "lib/gitlab/sidekiq_middleware/extra_done_log_metadata.rb:7:in `call'",
    "lib/gitlab/sidekiq_middleware/request_store_middleware.rb:10:in `block in call'",
    "lib/gitlab/with_request_store.rb:17:in `enabling_request_store'",
    "lib/gitlab/with_request_store.rb:10:in `with_request_store'",
    "lib/gitlab/sidekiq_middleware/request_store_middleware.rb:9:in `call'",
    "lib/gitlab/sidekiq_middleware/server_metrics.rb:29:in `block in call'",
    "lib/gitlab/sidekiq_middleware/server_metrics.rb:52:in `block in instrument'",
    "lib/gitlab/metrics/background_transaction.rb:30:in `run'",
    "lib/gitlab/sidekiq_middleware/server_metrics.rb:52:in `instrument'",
    "lib/gitlab/sidekiq_middleware/server_metrics.rb:28:in `call'",
    "lib/gitlab/sidekiq_middleware/monitor.rb:8:in `block in call'",
    "lib/gitlab/sidekiq_daemon/monitor.rb:49:in `within_job'",
    "lib/gitlab/sidekiq_middleware/monitor.rb:7:in `call'",
    "lib/gitlab/sidekiq_middleware/size_limiter/server.rb:13:in `call'",
    "lib/gitlab/sidekiq_logging/structured_logger.rb:19:in `call'"
  ],

Proposal

  1. Add a Sentry report when User#current_sign_in_ip is an empty string.
  2. TBD: Fix the underlying bug that has been explained by the Sentry report.
Edited by Dan Jensen