Update pre-receive secret detection error message in GitLab UI
Problem to solve
As groupsecret detection works toward Make Secret Push Protection available in Beta o... (&12729 - closed), we want to ensure the developer experience with pre-receive secret detection is usable across most git interface workflows including:
- CLI
- Local IDE
- Web IDE
- Single file editor
- MR code suggestions
- MR quick actions (rebase)
- Project import*
- Repository mirroring*
* May be deemed out of scope
This issue is focused on improving the GitLab UI including the Single file editor
, and MR code suggestions
Proposal
To enhance user experience, we propose the following improvements to the Single file editor
, and MR code suggestions
UI:
- Update error messaging according to the copy changes listed below
- Render line breaks if present in error messages to improve readability.
- Remove unnecessary error message prefixes that don't provide clear user value.
- Implement clickable links or buttons within the UI and elsewhere (if possible) for accessing documentation
GitLab UI Errors
Current error | Proposed Error |
---|---|
Copy changes
NOTE: Before copying this, please check this comment.
Push blocked: Secrets detected in code changes.
Pre-receive secret detection found the following secrets in commit: Odae161128943c185ec21ab66c3c2ab835a07c24
- CHANGELOG.md:1 | GitLab Personal Access Token
- security.txt:43 | GitLab Personal Access Token
- file-name:# | Type of detected secret
To push your changes you must remove the identified secrets. For guidance, see [remove a secret](http://gitlab.com/help/user/application_security/secret_detection/pre_receive.html#remove-a-secret). To skip pre-receive secret detection, include the text "[skip secret detection]" in a commit message for one of your changes, then push again.
Issue Refinement Progress
If a checkbox is not relevant for the issue, please remove it.
-
This issue describes a problem to solve, or a task to complete, and it's confirmed. -
This issue describes a proposal or an implementation plan that outlines a way to solve the problem or complete the task. -
This issue requires assistance or support from other groups, and it's indicated in the issue description. -
This issue could affect application security or performance, and the concern is explained in the issue description. -
This issue is the smallest iteration possible and doesn't require further break down. -
This issue has weight set - based on how many tasks or merge requests are required - and needs weight label is removed. -
This issue is labeled correctly. -
This issue is reviewed by another team member to confirm strategy and estimate. -
Finally, add workflowready for development label to this issue.
Implementation Plan
-
Add HTML support for the flash alert. -
Use .html_safe
-
Make sure the content is sanitized, to prevent injection attacks
-
-
Implement a formatter -
Support line breaks in the message
-
-
Verification and testing -
Add possible test coverage -
Verify other error messages are not affected on the commit page -
Ask for security ( gitlab-com/gl-security/appsec
) team approval on the MR changes
-
Edited by Ahmed Hemdan