Filter title, description, and body from logsfilter-title-description-and-body-from-logs

These can contain sensitive content.

2 files changed, 21 insertions, 3 deletions

diff --git a/changelogs/unreleased/filter-title-description-and-body-from-logs.yml b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
new file mode 100644
index 00000000000..8b592790629
--- /dev/null
+++ b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
@@ -0,0 +1,5 @@
+---
+title: Filter title, description, and body parameters from logs
+merge_request:
+author:
+type: changed
diff --git a/config/application.rb b/config/application.rb
index 92240426b5a..449e14a0162 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -105,10 +105,23 @@ module Gitlab
     # - Sentry DSN (:sentry_dsn)
     # - File content from Web Editor (:content)
     # - Jira shared secret (:sharedSecret)
+    # - Titles, bodies, and descriptions for notes, issues, etc.
     #
-    # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not
-    #       introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
-    config.filter_parameters += [/token$/, /password/, /secret/, /key$/, /^note$/, /^text$/]
+    # NOTE: It is **IMPORTANT** to also update labkit's filter when
+    #       adding parameters here to not introduce another security
+    #       vulnerability:
+    #       https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go
+    config.filter_parameters += [
+      /token$/,
+      /password/,
+      /secret/,
+      /key$/,
+      /^body$/,
+      /^description$/,
+      /^note$/,
+      /^text$/,
+      /^title$/
+    ]
     config.filter_parameters += %i(
       certificate
       encrypted_key