Filter title, description, and body from logs

These can contain sensitive content.

Filter title, description, and body from logs
These can contain sensitive content.
08d081ca · Sean McGivern · 004b72fe · 08d081ca · 08d081ca
Commit 08d081ca authored Jul 30, 2019 by Sean McGivern
Showing with 21 additions and 3 deletions

changelogs/unreleased/filter-title-description-and-body-from-logs.yml ...nreleased/filter-title-description-and-body-from-logs.yml +5 -0

config/application.rb config/application.rb +16 -3

No files found.
--- a/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
+++ b/changelogs/unreleased/filter-title-description-and-body-from-logs.yml
+---
+title: Filter title, description, and body parameters from logs
+merge_request:
+author:
+type: changed
--- a/config/application.rb
+++ b/config/application.rb
@@ -105,10 +105,23 @@ module Gitlab
    # - Sentry DSN (:sentry_dsn)
    # - File content from Web Editor (:content)
    # - Jira shared secret (:sharedSecret)
+    # - Titles, bodies, and descriptions for notes, issues, etc.
    #
-    # NOTE: It is **IMPORTANT** to also update gitlab-workhorse's filter when adding parameters here to not
+    # NOTE: It is **IMPORTANT** to also update labkit's filter when
-    #       introduce another security vulnerability: https://gitlab.com/gitlab-org/gitlab-workhorse/issues/182
+    #       adding parameters here to not introduce another security
-    config.filter_parameters += [/token$/, /password/, /secret/, /key$/, /^note$/, /^text$/]
+    #       vulnerability:
+    #       https://gitlab.com/gitlab-org/labkit/blob/master/mask/matchers.go
+    config.filter_parameters += [
+      /token$/,
+      /password/,
+      /secret/,
+      /key$/,
+      /^body$/,
+      /^description$/,
+      /^note$/,
+      /^text$/,
+      /^title$/
+    ]
    config.filter_parameters += %i(
      certificate
      encrypted_key