summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorStan Hu <stanhu@gmail.com>2018-09-11 15:04:40 -0700
committerStan Hu <stanhu@gmail.com>2018-09-11 15:16:29 -0700
commit5c79c68ee755fb907227e3a74f018fc209c82242 (patch)
tree2add5cff62d068b7a98b19b8b4d431c89f0f1093 /config
parente91dc8f4badfdb4742d1662f34edd85f43fb317f (diff)
downloadgitlab-ce-5c79c68ee755fb907227e3a74f018fc209c82242.tar.gz
Filter any parameters ending with "key" in logs
Rails does a partial match for strings in the filter_parameters configuration, so the parameter "key" causes "key_id" to be filtered even though it's a useful parameter for debugging internal API issues. We now revise this filter to make any parameter ending with "key" is filtered. Relates to https://gitlab.com/gitlab-com/gl-infra/production/issues/463
Diffstat (limited to 'config')
-rw-r--r--config/application.rb5
1 files changed, 2 insertions, 3 deletions
diff --git a/config/application.rb b/config/application.rb
index fae92f6f372..f3c53fa63f3 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -85,6 +85,7 @@ module Gitlab
# - Any parameter ending with `token`
# - Any parameter containing `password`
# - Any parameter containing `secret`
+ # - Any parameter ending with `key`
# - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url)
# - Build traces (:trace)
@@ -92,15 +93,13 @@ module Gitlab
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
# - Sentry DSN (:sentry_dsn)
- # - Deploy keys (:key)
# - File content from Web Editor (:content)
- config.filter_parameters += [/token$/, /password/, /secret/]
+ config.filter_parameters += [/token$/, /password/, /secret/, /key$/]
config.filter_parameters += %i(
certificate
encrypted_key
hook
import_url
- key
otp_attempt
sentry_dsn
trace