Skip to content

Prevent errors saving alerts with non-string inputs for string fields

Sarah Yasonik requested to merge sy-handle-non-string-inputs into master

What does this MR do and why?

Context

Alert integrations can accept HTTP requests from 3rd party tools containing details about problems in a user's application. GitLab maps the content of fields from the request payload to various alert attributes. As best as we can, we want to make sure to save an alert for any payload, if it's possible to interpret the provided content sensibly.

This MR

For the alert attributes which are expected to be strings, we currently assume that any provided value will be a string. And we truncate the string to the max length. However, if an Array or Hash are provided, the truncation attempt raises NoMethodError.

This MR casts the values for relevant attributes to strings, so that we can create the alert for the payload & not effectively swallow the request.

How to set up and validate locally

  1. In a project with maintainer+ permissions, nav to Settings > Monitor > Alerts
  2. Create an alert integration or open an existing one
    • easiest values to select for the form: HTTP, any name, active, skip the optional mapping fields, Save!
  3. Open the Send test alert tab for the integration
  4. Send a payload like { "title": ["New alert"] } & see the success toast message

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sarah Yasonik

Merge request reports