summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
authorYorick Peterse <yorickpeterse@gmail.com>2016-06-17 16:43:14 +0000
committerYorick Peterse <yorickpeterse@gmail.com>2016-06-17 16:43:14 +0000
commited5f17cc73680f6d1eb5bf07e869a0c3f6da81ad (patch)
tree00287af19da1f71dde181927f67d54382fe2ad81 /spec
parent8dccfb4a9cbebb48cc9764a30e49aef2f8c56b97 (diff)
parent2e552c6bf0a867b18298409217688f8c14e56207 (diff)
downloadgitlab-ce-ed5f17cc73680f6d1eb5bf07e869a0c3f6da81ad.tar.gz
Merge branch 'secure-request-uris' into 'master'
Filter out sensitive parameters of metrics data See merge request !4748
Diffstat (limited to 'spec')
-rw-r--r--spec/lib/gitlab/metrics/rack_middleware_spec.rb16
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/lib/gitlab/metrics/rack_middleware_spec.rb b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
index 40289f8b972..f264ed64029 100644
--- a/spec/lib/gitlab/metrics/rack_middleware_spec.rb
+++ b/spec/lib/gitlab/metrics/rack_middleware_spec.rb
@@ -58,6 +58,22 @@ describe Gitlab::Metrics::RackMiddleware do
expect(transaction.values[:request_method]).to eq('GET')
expect(transaction.values[:request_uri]).to eq('/foo')
end
+
+ context "when URI includes sensitive parameters" do
+ let(:env) do
+ {
+ 'REQUEST_METHOD' => 'GET',
+ 'REQUEST_URI' => '/foo?private_token=my-token',
+ 'PATH_INFO' => '/foo',
+ 'QUERY_STRING' => 'private_token=my_token',
+ 'action_dispatch.parameter_filter' => [:private_token]
+ }
+ end
+
+ it 'stores the request URI with the sensitive parameters filtered' do
+ expect(transaction.values[:request_uri]).to eq('/foo?private_token=[FILTERED]')
+ end
+ end
end
describe '#tag_controller' do
View Lorry Controller Status