Sanitize LDAP output in Rake tasks

The various LDAP check Rake tasks have long supported a SANITIZE environment variable. When present, identifiable information is obscured such as user names and project/group names. Until now, the LDAP check did not honor this. Now it will only say how many users were found. This should at least give the indication that the LDAP configuration found something, but will not leak what it is. Resolves #56131
author: Drew Blessing <drew@blessing.io> 2019-05-17 15:26:15 -0500
committer: Drew Blessing <drew@blessing.io> 2019-06-21 05:49:56 -0500
commit: 05d5504d072fa1a1c222e94b21e483ba28cbe666 (patch)
tree: d71b107855b213fb87fa64032b78808ef23b4983 /spec/tasks
parent: c10bde1ff088d0b744ce98b28ee6faa16b0eda34 (diff)
download: gitlab-ce-05d5504d072fa1a1c222e94b21e483ba28cbe666.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/spec/tasks/gitlab/check_rake_spec.rb b/spec/tasks/gitlab/check_rake_spec.rb
index 06525e3c771..0fcb9b269f3 100644
--- a/spec/tasks/gitlab/check_rake_spec.rb
+++ b/spec/tasks/gitlab/check_rake_spec.rb
@@ -96,6 +96,15 @@ describe 'check.rake' do
 
         subject
       end
+
+      it 'sanitizes output' do
+        user = double(dn: 'uid=fake_user1', uid: 'fake_user1')
+        allow(adapter).to receive(:users).and_return([user])
+        stub_env('SANITIZE', 'true')
+
+        expect { subject }.to output(/User output sanitized/).to_stdout
+        expect { subject }.not_to output('fake_user1').to_stdout
+      end
     end
   end
 end
author	Drew Blessing <drew@blessing.io>	2019-05-17 15:26:15 -0500
committer	Drew Blessing <drew@blessing.io>	2019-06-21 05:49:56 -0500
commit	05d5504d072fa1a1c222e94b21e483ba28cbe666 (patch)
tree	d71b107855b213fb87fa64032b78808ef23b4983 /spec/tasks
parent	c10bde1ff088d0b744ce98b28ee6faa16b0eda34 (diff)
download	gitlab-ce-05d5504d072fa1a1c222e94b21e483ba28cbe666.tar.gz