diff options
| author | Rémy Coutable <remy@gitlab.com> | 2016-10-05 09:30:10 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@gitlab.com> | 2016-10-05 09:30:10 +0000 |
| commit | 3f57ea0c0ba55f2612997acfb531f83a70b73323 (patch) | |
| tree | bd6eaf4bc4fe25d95a9390299fd3b3d44311acef | |
| parent | 5e4418b23850947752134a04e4e42a1a22c7aac9 (diff) | |
| parent | 437bebb0ff6e7deba6fd157ec6b55112e125731f (diff) | |
| download | gitlab-ce-3f57ea0c0ba55f2612997acfb531f83a70b73323.tar.gz | |
Merge branch 'raven-headers' into 'security'
Don't send Private-Token headers to Sentry
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
This bumps 'raven' (the Ruby gem we use to send errors to Sentry) to
version 2.0.2. We need 2.0.0 or newer to be able to sanitize HTTP
headers.
See merge request !2004
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | Gemfile | 2 | ||||
| -rw-r--r-- | Gemfile.lock | 6 | ||||
| -rw-r--r-- | config/application.rb | 2 | ||||
| -rw-r--r-- | config/initializers/sentry.rb | 2 |
5 files changed, 9 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index c243920283c..84a6702907f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ v 8.13.0 (unreleased) v 8.12.4 (unreleased) - Set GitLab project exported file permissions to owner only + - Don't send Private-Token (API authentication) headers to Sentry v 8.12.2 (unreleased) - Fix Import/Export not recognising correctly the imported services. @@ -233,7 +233,7 @@ gem 'net-ssh', '~> 3.0.1' gem 'base32', '~> 0.3.0' # Sentry integration -gem 'sentry-raven', '~> 1.1.0' +gem 'sentry-raven', '~> 2.0.0' gem 'premailer-rails', '~> 1.9.0' diff --git a/Gemfile.lock b/Gemfile.lock index 1db8c9dd8c8..66e566de3c1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -664,8 +664,8 @@ GEM activesupport (>= 3.1) select2-rails (3.5.9.3) thor (~> 0.14) - sentry-raven (1.1.0) - faraday (>= 0.7.6) + sentry-raven (2.0.2) + faraday (>= 0.7.6, < 0.10.x) settingslogic (2.0.9) sexp_processor (4.7.0) sham_rack (1.3.6) @@ -950,7 +950,7 @@ DEPENDENCIES sdoc (~> 0.3.20) seed-fu (~> 2.3.5) select2-rails (~> 3.5.9) - sentry-raven (~> 1.1.0) + sentry-raven (~> 2.0.0) settingslogic (~> 2.0.9) sham_rack (~> 1.3.6) shoulda-matchers (~> 2.8.0) diff --git a/config/application.rb b/config/application.rb index 4792f6670a8..f5c900da8cf 100644 --- a/config/application.rb +++ b/config/application.rb @@ -50,6 +50,7 @@ module Gitlab # - Build variables (:variables) # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - Webhook URLs (:hook) + # - GitLab-shell secret token (:secret_token) # - Sentry DSN (:sentry_dsn) # - Deploy keys (:key) config.filter_parameters += %i( @@ -62,6 +63,7 @@ module Gitlab password password_confirmation private_token + secret_token sentry_dsn variables ) diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 5892c1de024..4f30d1265c8 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -18,6 +18,8 @@ if Rails.env.production? # Sanitize fields based on those sanitized from Rails. config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) + # Sanitize authentication headers + config.sanitize_http_headers = %w[Authorization Private-Token] config.tags = { program: Gitlab::Sentry.program_context } end end |