kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'security-182-update-workhorse' into 'master'

Browse source 
[Master] Redact sensitive information on gitlab-workhorse log

See merge request gitlab/gitlabhq!2584
This commit is contained in:
Cindy Pallares 2018-11-28 18:36:11 +00:00
parent 335434ca98
commit 3881285c2b
No known key found for this signature in database
GPG key ID: 8E13768AD1946B0C
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
changelogs/unreleased/security-182-update-workhorse.yml Normal file
View file

@ -0,0 +1,5 @@
---
title: Redact sensitive information on gitlab-workhorse log
merge_request:
author:
type: security

3
config/application.rb
View file

@ -103,6 +103,9 @@ module Gitlab
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
# - File content from Web Editor (:content)
#
# NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not
# introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
config.filter_parameters += %i(
certificate