Add logging in check_path_traversal!() utility
Gitlab::Utils
(in lib/gitlab/utils.rb
) has a check_path_traversal!
method that can be used to check for and prevent potential path traversal vulnerabilities. This is mentioned in the Secure Coding Guidelines, see also this merge request to update the path traversal section.
As of right now, there is no logging being performed in the path traversal check methods. This issue represents the work to write a log statement so that it identifies path traversal attempts. See this comment thread for some information.