Commit 6b71f328 authored by Robert Speicher's avatar Robert Speicher Committed by Jose Ivan Vargas

Merge branch 'sh-filter-csrf-params' into 'master'

Filter additional parameters that have shown up in our logs

See merge request !13945
parent 09217e8f
---
title: Filter additional secrets from Rails logs
merge_request:
author:
type: security
...@@ -51,31 +51,24 @@ module Gitlab ...@@ -51,31 +51,24 @@ module Gitlab
# Configure sensitive parameters which will be filtered from the log file. # Configure sensitive parameters which will be filtered from the log file.
# #
# Parameters filtered: # Parameters filtered:
# - Password (:password, :password_confirmation) # - Any parameter ending with `_token`
# - Private tokens # - Any parameter containing `password`
# - Any parameter containing `secret`
# - Two-factor tokens (:otp_attempt) # - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url) # - Repo/Project Import URLs (:import_url)
# - Build variables (:variables) # - Build variables (:variables)
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook) # - Webhook URLs (:hook)
# - GitLab-shell secret token (:secret_token)
# - Sentry DSN (:sentry_dsn) # - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key) # - Deploy keys (:key)
config.filter_parameters += [/_token$/, /password/, /secret/]
config.filter_parameters += %i( config.filter_parameters += %i(
authentication_token
certificate certificate
encrypted_key encrypted_key
hook hook
import_url import_url
incoming_email_token
rss_token
key key
otp_attempt otp_attempt
password
password_confirmation
private_token
runners_token
secret_token
sentry_dsn sentry_dsn
variables variables
) )
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment