diff options
author | Stan Hu <stan@gitlab.com> | 2018-01-06 06:18:13 +0000 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2018-01-15 11:23:06 +0100 |
commit | 44082cd810b216c6cf87c6ef409c364ea18c2e8b (patch) | |
tree | 9a7fffb681e1a383d69bcd9ed64173bf031207c6 /app | |
parent | 5b6e24b900ed72b2dfe970cf01ee85193911e2ba (diff) | |
download | gitlab-ce-44082cd810b216c6cf87c6ef409c364ea18c2e8b.tar.gz |
Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2281
Diffstat (limited to 'app')
-rw-r--r-- | app/models/service.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/service.rb b/app/models/service.rb index 24ba3039707..d747fb6d97d 100644 --- a/app/models/service.rb +++ b/app/models/service.rb @@ -118,6 +118,11 @@ class Service < ActiveRecord::Base nil end + def api_field_names + fields.map { |field| field[:name] } + .reject { |field_name| field_name =~ /(password|token|key)/ } + end + def global_fields fields end |