Filter secret variable values from logs

Right now Project::VariablesController users the `value` parameter to send the secret variable value. `value` is a pretty generic term and could be used in other controllers, but for now it's better to err on the side of caution and filter this out. Closes #43313
2018-02-15 11:26:01 -08:00 · 2018-02-15 11:26:01 -08:00 · efbe0768c3
parent efdde042a3
commit efbe0768c3
1 changed files with 2 additions and 0 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -69,6 +69,7 @@ module Gitlab
    # - Webhook URLs (:hook)
    # - Sentry DSN (:sentry_dsn)
    # - Deploy keys (:key)
+    # - Secret variable values (:value)
    config.filter_parameters += [/token$/, /password/, /secret/]
    config.filter_parameters += %i(
      certificate
@ -80,6 +81,7 @@ module Gitlab
      sentry_dsn
      trace
      variables
+      value
    )

    # Enable escaping HTML in JSON.