Filter out sensitive parameters of metrics data

author: Paco Guzman <pacoguzmanp@gmail.com> 2016-06-17 10:00:51 +0200
committer: Paco Guzman <pacoguzmanp@gmail.com> 2016-06-17 18:14:25 +0200
commit: 2e552c6bf0a867b18298409217688f8c14e56207 (patch)
tree: f24f99403f02546244ce72a46c18876188c297d7 /spec/lib
parent: 7b944e01bddea2ae2ee8e4f68976df9cd8ce63bc (diff)
download: gitlab-ce-2e552c6bf0a867b18298409217688f8c14e56207.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/lib/gitlab/metrics/rack_middleware_spec.rb b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
index 40289f8b972..f264ed64029 100644
--- a/spec/lib/gitlab/metrics/rack_middleware_spec.rb
+++ b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
@@ -58,6 +58,22 @@ describe Gitlab::Metrics::RackMiddleware do
       expect(transaction.values[:request_method]).to eq('GET')
       expect(transaction.values[:request_uri]).to eq('/foo')
     end
+
+    context "when URI includes sensitive parameters" do
+      let(:env) do
+        {
+          'REQUEST_METHOD' => 'GET',
+          'REQUEST_URI'    => '/foo?private_token=my-token',
+          'PATH_INFO' => '/foo',
+          'QUERY_STRING' => 'private_token=my_token',
+          'action_dispatch.parameter_filter' => [:private_token]
+        }
+      end
+
+      it 'stores the request URI with the sensitive parameters filtered' do
+        expect(transaction.values[:request_uri]).to eq('/foo?private_token=[FILTERED]')
+      end
+    end
   end
 
   describe '#tag_controller' do
author	Paco Guzman <pacoguzmanp@gmail.com>	2016-06-17 10:00:51 +0200
committer	Paco Guzman <pacoguzmanp@gmail.com>	2016-06-17 18:14:25 +0200
commit	2e552c6bf0a867b18298409217688f8c14e56207 (patch)
tree	f24f99403f02546244ce72a46c18876188c297d7 /spec/lib
parent	7b944e01bddea2ae2ee8e4f68976df9cd8ce63bc (diff)
download	gitlab-ce-2e552c6bf0a867b18298409217688f8c14e56207.tar.gz