diff options
author | Rémy Coutable <remy@gitlab.com> | 2016-10-05 09:30:10 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-10-11 13:49:32 +0200 |
commit | c158f6e186cbbe77d2a790b9de2df3678371f30e (patch) | |
tree | d3ada1facb2d05a7e5306a571c53a469286613c2 | |
parent | 97d1ef0336d6dcf2359058d045b27b484b76211c (diff) | |
download | gitlab-ce-c158f6e186cbbe77d2a790b9de2df3678371f30e.tar.gz |
Merge branch 'raven-headers' into 'security'
Don't send Private-Token headers to Sentry
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
This bumps 'raven' (the Ruby gem we use to send errors to Sentry) to
version 2.0.2. We need 2.0.0 or newer to be able to sanitize HTTP
headers.
See merge request !2004
Signed-off-by: Rémy Coutable <remy@rymai.me>
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | Gemfile | 2 | ||||
-rw-r--r-- | Gemfile.lock | 6 | ||||
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | config/initializers/sentry.rb | 2 |
5 files changed, 9 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG index b166b737271..ffab3092a84 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ v 8.12.5 - Update the mail_room gem to 0.8.1 to fix a race condition with the mailbox watching thread. !6714 - Improve issue load time performance by avoiding ORDER BY in find_by call. !6724 - Add a new gitlab:users:clear_all_authentication_tokens task. !6745 + - Don't send Private-Token (API authentication) headers to Sentry v 8.12.4 - Fix "Copy to clipboard" tooltip to say "Copied!" when clipboard button is clicked. !6294 (lukehowell) @@ -234,7 +234,7 @@ gem 'net-ssh', '~> 3.0.1' gem 'base32', '~> 0.3.0' # Sentry integration -gem 'sentry-raven', '~> 1.1.0' +gem 'sentry-raven', '~> 2.0.0' gem 'premailer-rails', '~> 1.9.0' diff --git a/Gemfile.lock b/Gemfile.lock index 6aa4ac6f06c..839195e5d75 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -665,8 +665,8 @@ GEM activesupport (>= 3.1) select2-rails (3.5.9.3) thor (~> 0.14) - sentry-raven (1.1.0) - faraday (>= 0.7.6) + sentry-raven (2.0.2) + faraday (>= 0.7.6, < 0.10.x) settingslogic (2.0.9) sexp_processor (4.7.0) sham_rack (1.3.6) @@ -956,7 +956,7 @@ DEPENDENCIES sdoc (~> 0.3.20) seed-fu (~> 2.3.5) select2-rails (~> 3.5.9) - sentry-raven (~> 1.1.0) + sentry-raven (~> 2.0.0) settingslogic (~> 2.0.9) sham_rack (~> 1.3.6) shoulda-matchers (~> 2.8.0) diff --git a/config/application.rb b/config/application.rb index 1ebdb43d662..0ae92c67829 100644 --- a/config/application.rb +++ b/config/application.rb @@ -50,6 +50,7 @@ module Gitlab # - Build variables (:variables) # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - Webhook URLs (:hook) + # - GitLab-shell secret token (:secret_token) # - Sentry DSN (:sentry_dsn) # - Deploy keys (:key) config.filter_parameters += %i( @@ -62,6 +63,7 @@ module Gitlab password password_confirmation private_token + secret_token sentry_dsn variables ) diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 5892c1de024..4f30d1265c8 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -18,6 +18,8 @@ if Rails.env.production? # Sanitize fields based on those sanitized from Rails. config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) + # Sanitize authentication headers + config.sanitize_http_headers = %w[Authorization Private-Token] config.tags = { program: Gitlab::Sentry.program_context } end end |