summaryrefslogtreecommitdiff
path: root/config/application.rb
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2017-08-30 21:14:29 -0700
committerStan Hu <stanhu@gmail.com>2017-08-30 21:18:09 -0700
commitd74fecac031df1c3b4e817f49f7bafe2b175be11 (patch)
treef32ed1f3ca5cf458193dd9cd766f5fdc026e549d /config/application.rb
parent172cb70d4c427163895ec1792bd955f85748842d (diff)
downloadgitlab-ce-d74fecac031df1c3b4e817f49f7bafe2b175be11.tar.gz
Filter additional secrets from Rails logs
Upon inspection of logs, there were a number of fields not filtered. For example: * authenticity_token: CSRF token * rss_token: Used for RSS feeds * secret: Used with Projects::UploadController Rails provides a way to match regexps, so we now filter: * Any parameter ending with `_token` * Any parameter containing `password` * Any parameter containing `secret`
Diffstat (limited to 'config/application.rb')
-rw-r--r--config/application.rb15
1 files changed, 4 insertions, 11 deletions
diff --git a/config/application.rb b/config/application.rb
index f69dab4de39..32a290f2002 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,31 +51,24 @@ module Gitlab
# Configure sensitive parameters which will be filtered from the log file.
#
# Parameters filtered:
- # - Password (:password, :password_confirmation)
- # - Private tokens
+ # - Any parameter ending with `_token`
+ # - Any parameter containing `password`
+ # - Any parameter containing `secret`
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
# - Build variables (:variables)
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
- # - GitLab-shell secret token (:secret_token)
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
+ config.filter_parameters += [/_token$/, /password/, /secret/]
config.filter_parameters += %i(
- authentication_token
certificate
encrypted_key
hook
import_url
- incoming_email_token
- rss_token
key
otp_attempt
- password
- password_confirmation
- private_token
- runners_token
- secret_token
sentry_dsn
variables
)