From 08d081ca8e665fe644a00d0054fdede69869290a Mon Sep 17 00:00:00 2001 From: Sean McGivern Date: Tue, 30 Jul 2019 11:07:28 +0100 Subject: [PATCH] Filter title, description, and body from logs These can contain sensitive content. --- ...r-title-description-and-body-from-logs.yml | 5 +++++ config/application.rb | 19 ++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 changelogs/unreleased/filter-title-description-and-body-from-logs.yml diff --git a/changelogs/unreleased/filter-title-description-and-body-from-logs.yml b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml new file mode 100644 index 00000000000..8b592790629 --- /dev/null +++ b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml @@ -0,0 +1,5 @@ +--- +title: Filter title, description, and body parameters from logs +merge_request: +author: +type: changed diff --git a/config/application.rb b/config/application.rb index 92240426b5a..449e14a0162 100644 --- a/config/application.rb +++ b/config/application.rb @@ -105,10 +105,23 @@ module Gitlab # - Sentry DSN (:sentry_dsn) # - File content from Web Editor (:content) # - Jira shared secret (:sharedSecret) + # - Titles, bodies, and descriptions for notes, issues, etc. # - # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not - # introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182 - config.filter_parameters += [/token$/, /password/, /secret/, /key$/, /^note$/, /^text$/] + # NOTE: It is **IMPORTANT** to also update labkit's filter when + # adding parameters here to not introduce another security + # vulnerability: + # https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go + config.filter_parameters += [ + /token$/, + /password/, + /secret/, + /key$/, + /^body$/, + /^description$/, + /^note$/, + /^text$/, + /^title$/ + ] config.filter_parameters += %i( certificate encrypted_key