Don't send Private-Token headers to Sentry

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537

Don't send Private-Token headers to Sentry
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
437bebb0 · Jacob Vosmaer · 5e4418b2 · 437bebb0 · 437bebb0 · 437bebb0
Commit 437bebb0 authored Oct 04, 2016 by Jacob Vosmaer
Showing with 9 additions and 4 deletions

CHANGELOG CHANGELOG +1 -0

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +3 -3

config/application.rb config/application.rb +2 -0

config/initializers/sentry.rb config/initializers/sentry.rb +2 -0

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ v 8.13.0 (unreleased)

 v 8.12.4 (unreleased)
  - Set GitLab project exported file permissions to owner only
+  - Don't send Private-Token (API authentication) headers to Sentry

 v 8.12.2 (unreleased)
  - Fix Import/Export not recognising correctly the imported services.

--- a/Gemfile
+++ b/Gemfile
@@ -233,7 +233,7 @@ gem 'net-ssh',            '~> 3.0.1'
 gem 'base32',             '~> 0.3.0'

 # Sentry integration
-gem 'sentry-raven', '~> 1.1.0'
+gem 'sentry-raven', '~> 2.0.0'

 gem 'premailer-rails', '~> 1.9.0'


--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -664,8 +664,8 @@ GEM
      activesupport (>= 3.1)
    select2-rails (3.5.9.3)
      thor (~> 0.14)
-    sentry-raven (1.1.0)
-      faraday (>= 0.7.6)
+    sentry-raven (2.0.2)
+      faraday (>= 0.7.6, < 0.10.x)
    settingslogic (2.0.9)
    sexp_processor (4.7.0)
    sham_rack (1.3.6)
@@ -950,7 +950,7 @@ DEPENDENCIES
  sdoc (~> 0.3.20)
  seed-fu (~> 2.3.5)
  select2-rails (~> 3.5.9)
-  sentry-raven (~> 1.1.0)
+  sentry-raven (~> 2.0.0)
  settingslogic (~> 2.0.9)
  sham_rack (~> 1.3.6)
  shoulda-matchers (~> 2.8.0)

--- a/config/application.rb
+++ b/config/application.rb
@@ -50,6 +50,7 @@ module Gitlab
    # - Build variables (:variables)
    # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
    # - Webhook URLs (:hook)
+    # - GitLab-shell secret token (:secret_token)
    # - Sentry DSN (:sentry_dsn)
    # - Deploy keys (:key)
    config.filter_parameters += %i(
@@ -62,6 +63,7 @@ module Gitlab
      password
      password_confirmation
      private_token
+      secret_token
      sentry_dsn
      variables
    )

--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -18,6 +18,8 @@ if Rails.env.production?
      
      # Sanitize fields based on those sanitized from Rails.
      config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+      # Sanitize authentication headers
+      config.sanitize_http_headers = %w[Authorization Private-Token]
      config.tags = { program: Gitlab::Sentry.program_context }
    end
  end