From 0424801ec8854167d17c76b68e6ae8c5b5a6a52a Mon Sep 17 00:00:00 2001
From: Stan Hu <stan@gitlab.com>
Date: Sat, 6 Jan 2018 06:18:13 +0000
Subject: Merge branch
 'security-10-3-do-not-expose-passwords-or-tokens-in-service-integrations-api'
 into 'security-10-3'

Filter out sensitive fields from the project services API

See merge request gitlab/gitlabhq!2281

(cherry picked from commit 476f2576444632f2a9a61b4cead9c1077f2c81d7)

2bcbbda0 Filter out sensitive fields from the project services API
---
 app/models/service.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app')

diff --git a/app/models/service.rb b/app/models/service.rb
index 7f260f7a96b..96a064697f0 100644
--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -118,6 +118,11 @@ class Service < ActiveRecord::Base
     nil
   end
 
+  def api_field_names
+    fields.map { |field| field[:name] }
+      .reject { |field_name| field_name =~ /(password|token|key)/ }
+  end
+
   def global_fields
     fields
   end
-- 
cgit v1.2.1