summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLin Jen-Shin <godfat@godfat.org>2019-06-21 11:42:00 +0000
committerLin Jen-Shin <godfat@godfat.org>2019-06-21 11:42:00 +0000
commit176164d37423ffb39d293341799aff757f050d7c (patch)
treed71b107855b213fb87fa64032b78808ef23b4983
parentc10bde1ff088d0b744ce98b28ee6faa16b0eda34 (diff)
parent05d5504d072fa1a1c222e94b21e483ba28cbe666 (diff)
downloadgitlab-ce-176164d37423ffb39d293341799aff757f050d7c.tar.gz
Merge branch 'sanitize_rake_ldap_check_output' into 'master'
Sanitize LDAP output in Rake tasks Closes #56131 See merge request gitlab-org/gitlab-ce!28427
-rw-r--r--changelogs/unreleased/sanitize_rake_ldap_check_output.yml5
-rw-r--r--lib/system_check/ldap_check.rb9
-rw-r--r--spec/tasks/gitlab/check_rake_spec.rb9
3 files changed, 21 insertions, 2 deletions
diff --git a/changelogs/unreleased/sanitize_rake_ldap_check_output.yml b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml
new file mode 100644
index 00000000000..92824d1dd48
--- /dev/null
+++ b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml
@@ -0,0 +1,5 @@
+---
+title: Sanitize LDAP output in Rake tasks
+merge_request: 28427
+author:
+type: fixed
diff --git a/lib/system_check/ldap_check.rb b/lib/system_check/ldap_check.rb
index 619fb3cccb8..938026424ed 100644
--- a/lib/system_check/ldap_check.rb
+++ b/lib/system_check/ldap_check.rb
@@ -33,8 +33,13 @@ module SystemCheck
$stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"
users = adapter.users(adapter.config.uid, '*', limit)
- users.each do |user|
- $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+
+ if should_sanitize?
+ $stdout.puts "\tUser output sanitized. Found #{users.length} users of #{limit} limit."
+ else
+ users.each do |user|
+ $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+ end
end
end
rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e
diff --git a/spec/tasks/gitlab/check_rake_spec.rb b/spec/tasks/gitlab/check_rake_spec.rb
index 06525e3c771..0fcb9b269f3 100644
--- a/spec/tasks/gitlab/check_rake_spec.rb
+++ b/spec/tasks/gitlab/check_rake_spec.rb
@@ -96,6 +96,15 @@ describe 'check.rake' do
subject
end
+
+ it 'sanitizes output' do
+ user = double(dn: 'uid=fake_user1', uid: 'fake_user1')
+ allow(adapter).to receive(:users).and_return([user])
+ stub_env('SANITIZE', 'true')
+
+ expect { subject }.to output(/User output sanitized/).to_stdout
+ expect { subject }.not_to output('fake_user1').to_stdout
+ end
end
end
end