Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-01 09:00:48 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-02-01 09:01:16 +0000
commit: 33844e18d2b83dec384549802e4efb20ae964223 (patch)
tree: 6b636d65641155f4541863a29b3bc8b236988712 /spec
parent: 41b1c0469dba622a1c2c67c17f1f5e491573accf (diff)
download: gitlab-ce-33844e18d2b83dec384549802e4efb20ae964223.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb b/spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
index c8432513185..138765afd8a 100644
--- a/spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
+++ b/spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
@@ -40,4 +40,22 @@ RSpec.describe Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer do
       end
     end
   end
+
+  describe '#initial_value' do
+    it 'filters out sensitive variables' do
+      doc = GraphQL.parse <<-GRAPHQL
+        mutation createNote($body: String!) {
+          createNote(input: {noteableId: "1", body: $body}) {
+            note {
+              id
+            }
+          }
+        }
+      GRAPHQL
+
+      query = GraphQL::Query.new(GitlabSchema, document: doc, context: {}, variables: { body: "some note" })
+
+      expect(subject.initial_value(query)[:variables]).to eq('{:body=>"[FILTERED]"}')
+    end
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-01 09:00:48 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-02-01 09:01:16 +0000
commit	33844e18d2b83dec384549802e4efb20ae964223 (patch)
tree	6b636d65641155f4541863a29b3bc8b236988712 /spec
parent	41b1c0469dba622a1c2c67c17f1f5e491573accf (diff)
download	gitlab-ce-33844e18d2b83dec384549802e4efb20ae964223.tar.gz