summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSean McGivern <sean@gitlab.com>2019-07-30 11:07:28 +0100
committerSean McGivern <sean@gitlab.com>2019-07-30 11:07:28 +0100
commit08d081ca8e665fe644a00d0054fdede69869290a (patch)
tree485facbefb0a7c23af9e454b98a2e6010e0a10fe
parent004b72fe165a38dd97cab1fb531f1094261a4eba (diff)
downloadgitlab-ce-08d081ca8e665fe644a00d0054fdede69869290a.tar.gz
Filter title, description, and body from logsfilter-title-description-and-body-from-logs
These can contain sensitive content.
-rw-r--r--changelogs/unreleased/filter-title-description-and-body-from-logs.yml5
-rw-r--r--config/application.rb19
2 files changed, 21 insertions, 3 deletions
diff --git a/changelogs/unreleased/filter-title-description-and-body-from-logs.yml b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
new file mode 100644
index 00000000000..8b592790629
--- /dev/null
+++ b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
@@ -0,0 +1,5 @@
+---
+title: Filter title, description, and body parameters from logs
+merge_request:
+author:
+type: changed
diff --git a/config/application.rb b/config/application.rb
index 92240426b5a..449e14a0162 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -105,10 +105,23 @@ module Gitlab
# - Sentry DSN (:sentry_dsn)
# - File content from Web Editor (:content)
# - Jira shared secret (:sharedSecret)
+ # - Titles, bodies, and descriptions for notes, issues, etc.
#
- # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not
- # introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
- config.filter_parameters += [/token$/, /password/, /secret/, /key$/, /^note$/, /^text$/]
+ # NOTE: It is **IMPORTANT** to also update labkit's filter when
+ # adding parameters here to not introduce another security
+ # vulnerability:
+ # https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go
+ config.filter_parameters += [
+ /token$/,
+ /password/,
+ /secret/,
+ /key$/,
+ /^body$/,
+ /^description$/,
+ /^note$/,
+ /^text$/,
+ /^title$/
+ ]
config.filter_parameters += %i(
certificate
encrypted_key