From 56448381fca598932d06768e3bf93a45c8f39fbc Mon Sep 17 00:00:00 2001
From: Vasilii Iakliushin <viakliushin@gitlab.com>
Date: Mon, 28 Apr 2025 11:14:58 +0200
Subject: [PATCH] Hide SSH signature from the tag's message

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/438825

**Problem**

The SSH signature is visible in tag's message body.

**Solution**

Remove the signature text same way as it's done for other signature
types.

Changelog: fixed
---
 .rubocop_todo/rspec/feature_category.yml |  1 -
 app/helpers/git_helper.rb                |  1 +
 spec/helpers/git_helper_spec.rb          | 25 +++++++++++++++++++++++-
 3 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/.rubocop_todo/rspec/feature_category.yml b/.rubocop_todo/rspec/feature_category.yml
index 60c08c3ac03203..024b0d8c858028 100644
--- a/.rubocop_todo/rspec/feature_category.yml
+++ b/.rubocop_todo/rspec/feature_category.yml
@@ -1701,7 +1701,6 @@ RSpec/FeatureCategory:
     - 'spec/helpers/export_helper_spec.rb'
     - 'spec/helpers/external_link_helper_spec.rb'
     - 'spec/helpers/feature_flags_helper_spec.rb'
-    - 'spec/helpers/git_helper_spec.rb'
     - 'spec/helpers/gitlab_routing_helper_spec.rb'
     - 'spec/helpers/gitlab_script_tag_helper_spec.rb'
     - 'spec/helpers/graph_helper_spec.rb'
diff --git a/app/helpers/git_helper.rb b/app/helpers/git_helper.rb
index f7c511cdc474dd..83c1677b62709d 100644
--- a/app/helpers/git_helper.rb
+++ b/app/helpers/git_helper.rb
@@ -4,6 +4,7 @@ module GitHelper
   def strip_signature(text)
     text = text.gsub(/-----BEGIN PGP SIGNATURE-----(.*)-----END PGP SIGNATURE-----/m, "")
     text = text.gsub(/-----BEGIN PGP MESSAGE-----(.*)-----END PGP MESSAGE-----/m, "")
+    text = text.gsub(/-----BEGIN SSH SIGNATURE-----(.*)-----END SSH SIGNATURE-----/m, "")
     text.gsub(/-----BEGIN SIGNED MESSAGE-----(.*)-----END SIGNED MESSAGE-----/m, "")
   end
 
diff --git a/spec/helpers/git_helper_spec.rb b/spec/helpers/git_helper_spec.rb
index 57799462431dae..68ba460e0386f4 100644
--- a/spec/helpers/git_helper_spec.rb
+++ b/spec/helpers/git_helper_spec.rb
@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe GitHelper do
+RSpec.describe GitHelper, feature_category: :source_code_management do
   describe '#short_sha' do
     let(:short_sha) { helper.short_sha('d4e043f6c20749a3ab3f4b8e23f2a8979f4b9100') }
 
@@ -27,6 +27,12 @@
 
       it { expect(strip_signature).to eq("this is Roger's signed tag\n\n") }
     end
+
+    context 'strips SSH MESSAGE' do
+      let(:strip_signature) { helper.strip_signature(ssh_message_tag) }
+
+      it { expect(strip_signature).to eq("Version 1.70.0\n\n") }
+    end
   end
 
   def pgp_signature_tag
@@ -63,6 +69,23 @@ def pgp_message_tag
     SIGNATURE
   end
 
+  def ssh_message_tag
+    <<~SIGNATURE
+    Version 1.70.0
+    -----BEGIN SSH SIGNATURE-----
+
+    iQEzBAABCAAdFiEEFMo1pwRq9j04Jovq68Q/GjfvLIoFAl2l64QACgkQ68Q/Gjfv
+    LIqRDggAm0d1ceVRsfldlwC6guR2ly8aWoTtZZ19E12bsfXd4lJqcQv7JXTP0og0
+    cwbV0l92iBJKGW6bFBipKDFmSgr5le5zFsXYOr9bJCQNOhFNMmtAgaHEIeVI16+c
+    S3pA+qIe516d4wRs/hcbxDJKC68iIlDaLXObdzTTLGMgbCYBFTjYJldNUfTkdvbB
+    oGEpFXuxV9EyfBtPLsz2vUea5GdZcRSVyJbcgm9ZU+ekdLZckroP5M0I5SQTbD3y
+    VrbCY3ziYtau4zK4cV66ybRz1G7tR6dcoC4kGUbaZlKsVZ1Af80agx2d9k5MR1wS
+    4OFe1H0zIfpPRFsyX2toaum3EX6QBA==
+    =hefg
+    -----END SSH SIGNATURE-----
+    SIGNATURE
+  end
+
   def x509_message_tag
     <<~SIGNATURE
     this is Roger's signed tag
-- 
GitLab