Merge branch 'security-admin-audit-log-dos' into 'master'

Fix rendering failure of Audit Event

Closes #110

See merge request gitlab-org/security/gitlab!412

ee/app/services/ee/audit_events/release_audit_event_service.rb

@@ -9,7 +9,6 @@ module EE
         @release = release
 
         super(author, entity, {
-          action: :custom,
           custom_message: message,
           ip_address: ip_address,
           target_id: release.id,

ee/changelogs/unreleased/security-admin-audit-log-dos.yml

+---
+title: Fix rendering failure of Audit Event generated by Releases API
+merge_request:
+author:
+type: security

ee/lib/audit/details.rb

@@ -29,9 +29,9 @@ module Audit
     end
 
     def action_text
-      action = @details.slice(*ACTIONS)
+      action_name, action_info = @details.slice(*ACTIONS).first
 
-      case action.each_key.first
+      case action_name
       when :add
         "Added #{target_name}#{@details[:as] ? " as #{@details[:as]}" : ''}"
       when :remove
@@ -45,7 +45,7 @@ module Audit
 
         "Updated ref #{target_ref} from #{from_sha} to #{to_sha}"
       when :custom_message
-        detail_value
+        action_info
       else
         text_for_change(target_name)
       end

ee/spec/features/admin/admin_audit_logs_spec.rb

@@ -36,6 +36,21 @@ describe 'Admin::AuditLogs', :js do
       expect(page).to have_link('Audit Log', href: admin_audit_logs_path)
     end
 
+    describe 'release created events' do
+      let(:project) { create(:project) }
+      let(:release) { create(:release, project: project, tag: 'v0.1', author: user) }
+
+      before do
+        EE::AuditEvents::ReleaseCreatedAuditEventService.new(user, project, '127.0.0.1', release).security_event
+      end
+
+      it 'shows the related audit event' do
+        visit admin_audit_logs_path
+
+        expect(page).to have_content('Created Release')
+      end
+    end
+
     describe 'user events' do
       before do
         AuditEventService.new(user, user, with: :ldap)

ee/spec/support/shared_examples/services/audit_event_logging_shared_examples.rb

@@ -89,7 +89,6 @@ RSpec.shared_examples 'logs the release audit event' do
     expect(logger).to receive(:info).with(author_id: user.id,
                                           entity_id: entity.id,
                                           entity_type: entity_type,
-                                          action: :custom,
                                           ip_address: ip_address,
                                           custom_message: custom_message,
                                           target_details: target_details,
@@ -102,7 +101,6 @@ RSpec.shared_examples 'logs the release audit event' do
 
     expect(security_event.details).to eq(custom_message: custom_message,
                                          ip_address: ip_address,
-                                         action: :custom,
                                          target_details: target_details,
                                          target_id: target_id,
                                          target_type: target_type)