Merge branch 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-3'

Filter out sensitive fields from the project services API See merge request gitlab/gitlabhq!2281
author: Stan Hu <stan@gitlab.com> 2018-01-06 06:18:13 +0000
committer: Rémy Coutable <remy@rymai.me> 2018-01-15 11:23:06 +0100
commit: 44082cd810b216c6cf87c6ef409c364ea18c2e8b (patch)
tree: 9a7fffb681e1a383d69bcd9ed64173bf031207c6 /app
parent: 5b6e24b900ed72b2dfe970cf01ee85193911e2ba (diff)
download: gitlab-ce-44082cd810b216c6cf87c6ef409c364ea18c2e8b.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/app/models/service.rb b/app/models/service.rb
index 24ba3039707..d747fb6d97d 100644
--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -118,6 +118,11 @@ class Service < ActiveRecord::Base
     nil
   end
 
+  def api_field_names
+    fields.map { |field| field[:name] }
+      .reject { |field_name| field_name =~ /(password|token|key)/ }
+  end
+
   def global_fields
     fields
   end
author	Stan Hu <stan@gitlab.com>	2018-01-06 06:18:13 +0000
committer	Rémy Coutable <remy@rymai.me>	2018-01-15 11:23:06 +0100
commit	44082cd810b216c6cf87c6ef409c364ea18c2e8b (patch)
tree	9a7fffb681e1a383d69bcd9ed64173bf031207c6 /app
parent	5b6e24b900ed72b2dfe970cf01ee85193911e2ba (diff)
download	gitlab-ce-44082cd810b216c6cf87c6ef409c364ea18c2e8b.tar.gz