summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorKamil Trzcinski <ayufan@ayufan.eu>2016-09-19 12:38:03 +0200
committerKamil Trzcinski <ayufan@ayufan.eu>2016-09-19 12:38:10 +0200
commitb51ededc5fef05f94a632aa7651b5a1f7395bd4e (patch)
tree74a4e49d7c005d67823ec206c65ab75fed5e62d6 /app
parent0ca43b1b86edea69656582b2a8febb0d41f7ef01 (diff)
downloadgitlab-ce-b51ededc5fef05f94a632aa7651b5a1f7395bd4e.tar.gz
Don't leak build tokens in build logs
Diffstat (limited to 'app')
-rw-r--r--app/controllers/projects/builds_controller.rb6
-rw-r--r--app/models/ci/build.rb16
2 files changed, 15 insertions, 7 deletions
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index 77934ff9962..9ce5b4de42f 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -35,7 +35,11 @@ class Projects::BuildsController < Projects::ApplicationController
respond_to do |format|
format.html
format.json do
- render json: @build.to_json(methods: :trace_html)
+ render json: {
+ id: @build.id,
+ status: @build.status,
+ trace_html: @build.trace_html
+ }
end
end
end
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 57ef4646d24..8a9d7555393 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -241,12 +241,7 @@ module Ci
end
def trace
- trace = raw_trace
- if project && trace.present? && project.runners_token.present?
- trace.gsub(project.runners_token, 'xxxxxx')
- else
- trace
- end
+ hide_secrets(raw_trace)
end
def trace_length
@@ -259,6 +254,7 @@ module Ci
def trace=(trace)
recreate_trace_dir
+ trace = hide_secrets(trace)
File.write(path_to_trace, trace)
end
@@ -272,6 +268,8 @@ module Ci
def append_trace(trace_part, offset)
recreate_trace_dir
+ trace_part = hide_secrets(trace_part)
+
File.truncate(path_to_trace, offset) if File.exist?(path_to_trace)
File.open(path_to_trace, 'ab') do |f|
f.write(trace_part)
@@ -490,5 +488,11 @@ module Ci
pipeline.config_processor.build_attributes(name)
end
+
+ def hide_secrets(trace)
+ trace = Ci::MaskSecret.mask(trace, project.runners_token) if project
+ trace = Ci::MaskSecret.mask(trace, token)
+ trace
+ end
end
end