diff options
author | Thomas Nilsson <thomas.nilsson@irfu.se> | 2019-05-20 12:49:23 +0000 |
---|---|---|
committer | mfluharty <mfluharty@gitlab.com> | 2019-06-06 15:46:45 +0100 |
commit | ff3486a92bfcf00b85d45c9224c27cc5fa9c49e2 (patch) | |
tree | 6633bc6d12773a19f1dfb01e293686007f5fdc06 | |
parent | e5aba4b153d4ebaa8a6b0683f7ecae706e9c7e45 (diff) | |
download | gitlab-ce-ff3486a92bfcf00b85d45c9224c27cc5fa9c49e2.tar.gz |
Allow masking if 8 or more characters in base64
This should allow for private ssh-keys to remain private.
Solves https://gitlab.com/gitlab-org/gitlab-ce/issues/60790.
-rw-r--r-- | app/assets/javascripts/ci_variable_list/ci_variable_list.js | 2 | ||||
-rw-r--r-- | app/models/concerns/maskable.rb | 4 | ||||
-rw-r--r-- | doc/ci/variables/README.md | 1 |
3 files changed, 4 insertions, 3 deletions
diff --git a/app/assets/javascripts/ci_variable_list/ci_variable_list.js b/app/assets/javascripts/ci_variable_list/ci_variable_list.js index 0390a3bf96a..70335ff5751 100644 --- a/app/assets/javascripts/ci_variable_list/ci_variable_list.js +++ b/app/assets/javascripts/ci_variable_list/ci_variable_list.js @@ -196,7 +196,7 @@ export default class VariableList { validateMaskability($row) { const invalidInputClass = 'gl-field-error-outline'; - const maskableRegex = /^\w{8,}$/; // Eight or more alphanumeric characters plus underscores + const maskableRegex = /^[a-zA-Z0-9_+=/-]{8,}$/; // Eight or more characters, from the Base64 alphabet (RFC4648) const variableValue = $row.find(this.inputMap.secret_value.selector).val(); const isValueMaskable = maskableRegex.test(variableValue) || variableValue === ''; const isMaskedChecked = $row.find(this.inputMap.masked.selector).val() === 'true'; diff --git a/app/models/concerns/maskable.rb b/app/models/concerns/maskable.rb index 2943872ffab..e0f2c41b836 100644 --- a/app/models/concerns/maskable.rb +++ b/app/models/concerns/maskable.rb @@ -7,9 +7,9 @@ module Maskable # * No escape characters # * No variables # * No spaces - # * Minimal length of 8 characters + # * Minimal length of 8 characters from the Base64 alphabets (RFC4648) # * Absolutely no fun is allowed - REGEX = /\A\w{8,}\z/.freeze + REGEX = /\A[a-zA-Z0-9_+=\/-]{8,}\z/.freeze included do validates :masked, inclusion: { in: [true, false] } diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index fe64f5ab2e0..b17ad625c9e 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -95,6 +95,7 @@ though it must match certain requirements to do so: - The value must contain only letters, numbers, or underscores. - The value must be at least 8 characters long. - The value must not use variables. +- The value must only consist of characters from the Base64 alphabet, defined in [RFC4648](https://tools.ietf.org/html/rfc4648). If the value does not meet the requirements above, then the CI variable will fail to save. In order to save, either alter the value to meet the masking requirements |