From efbe0768c35399ef58b6abac230adff6a1851088 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Thu, 15 Feb 2018 11:26:01 -0800
Subject: [PATCH] Filter secret variable values from logs

Right now Project::VariablesController users the `value` parameter to send the
secret variable value. `value` is a pretty generic term and could be used in
other controllers, but for now it's better to err on the side of caution and
filter this out.

Closes #43313
---
 config/application.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/config/application.rb b/config/application.rb
index c914e34b9c3..918bd4d57cf 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -69,6 +69,7 @@ module Gitlab
     # - Webhook URLs (:hook)
     # - Sentry DSN (:sentry_dsn)
     # - Deploy keys (:key)
+    # - Secret variable values (:value)
     config.filter_parameters += [/token$/, /password/, /secret/]
     config.filter_parameters += %i(
       certificate
@@ -80,6 +81,7 @@ module Gitlab
       sentry_dsn
       trace
       variables
+      value
     )
 
     # Enable escaping HTML in JSON.