Filter additional secrets from Rails logs

Upon inspection of logs, there were a number of fields not filtered. For example: * authenticity_token: CSRF token * rss_token: Used for RSS feeds * secret: Used with Projects::UploadController Rails provides a way to match regexps, so we now filter: * Any parameter ending with `_token` * Any parameter containing `password` * Any parameter containing `secret`
author: Stan Hu <stanhu@gmail.com> 2017-08-30 21:14:29 -0700
committer: Stan Hu <stanhu@gmail.com> 2017-08-30 21:18:09 -0700
commit: d74fecac031df1c3b4e817f49f7bafe2b175be11 (patch)
tree: f32ed1f3ca5cf458193dd9cd766f5fdc026e549d /changelogs
parent: 172cb70d4c427163895ec1792bd955f85748842d (diff)
download: gitlab-ce-d74fecac031df1c3b4e817f49f7bafe2b175be11.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/changelogs/unreleased/sh-filter-csrf-params.yml b/changelogs/unreleased/sh-filter-csrf-params.yml
new file mode 100644
index 00000000000..70eb3321e77
--- /dev/null
+++ b/changelogs/unreleased/sh-filter-csrf-params.yml
@@ -0,0 +1,5 @@
+---
+title: Filter additional secrets from Rails logs
+merge_request:
+author:
+type: security
author	Stan Hu <stanhu@gmail.com>	2017-08-30 21:14:29 -0700
committer	Stan Hu <stanhu@gmail.com>	2017-08-30 21:18:09 -0700
commit	d74fecac031df1c3b4e817f49f7bafe2b175be11 (patch)
tree	f32ed1f3ca5cf458193dd9cd766f5fdc026e549d /changelogs
parent	172cb70d4c427163895ec1792bd955f85748842d (diff)
download	gitlab-ce-d74fecac031df1c3b4e817f49f7bafe2b175be11.tar.gz