diff options
author | Stan Hu <stanhu@gmail.com> | 2018-09-11 15:04:40 -0700 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-09-11 15:16:29 -0700 |
commit | 5c79c68ee755fb907227e3a74f018fc209c82242 (patch) | |
tree | 2add5cff62d068b7a98b19b8b4d431c89f0f1093 /config/application.rb | |
parent | e91dc8f4badfdb4742d1662f34edd85f43fb317f (diff) | |
download | gitlab-ce-5c79c68ee755fb907227e3a74f018fc209c82242.tar.gz |
Filter any parameters ending with "key" in logs
Rails does a partial match for strings in the filter_parameters
configuration, so the parameter "key" causes "key_id" to be filtered
even though it's a useful parameter for debugging internal API issues.
We now revise this filter to make any parameter ending with "key" is
filtered.
Relates to https://gitlab.com/gitlab-com/gl-infra/production/issues/463
Diffstat (limited to 'config/application.rb')
-rw-r--r-- | config/application.rb | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/config/application.rb b/config/application.rb index fae92f6f372..f3c53fa63f3 100644 --- a/config/application.rb +++ b/config/application.rb @@ -85,6 +85,7 @@ module Gitlab # - Any parameter ending with `token` # - Any parameter containing `password` # - Any parameter containing `secret` + # - Any parameter ending with `key` # - Two-factor tokens (:otp_attempt) # - Repo/Project Import URLs (:import_url) # - Build traces (:trace) @@ -92,15 +93,13 @@ module Gitlab # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - Webhook URLs (:hook) # - Sentry DSN (:sentry_dsn) - # - Deploy keys (:key) # - File content from Web Editor (:content) - config.filter_parameters += [/token$/, /password/, /secret/] + config.filter_parameters += [/token$/, /password/, /secret/, /key$/] config.filter_parameters += %i( certificate encrypted_key hook import_url - key otp_attempt sentry_dsn trace |