Allow masking if 8 or more characters in base64

This should allow for private ssh-keys to remain private.

Solves https://gitlab.com/gitlab-org/gitlab-ce/issues/60790.

app/assets/javascripts/ci_variable_list/ci_variable_list.js

@@ -196,7 +196,7 @@ export default class VariableList {
   validateMaskability($row) {
     const invalidInputClass = 'gl-field-error-outline';
 
-    const maskableRegex = /^\w{8,}$/; // Eight or more alphanumeric characters plus underscores
+    const maskableRegex = /^[a-zA-Z0-9_+=/-]{8,}$/; // Eight or more characters, from the Base64 alphabet (RFC4648)
     const variableValue = $row.find(this.inputMap.secret_value.selector).val();
     const isValueMaskable = maskableRegex.test(variableValue) || variableValue === '';
     const isMaskedChecked = $row.find(this.inputMap.masked.selector).val() === 'true';

app/models/concerns/maskable.rb

@@ -7,9 +7,9 @@ module Maskable
   # * No escape characters
   # * No variables
   # * No spaces
-  # * Minimal length of 8 characters
+  # * Minimal length of 8 characters from the Base64 alphabets (RFC4648)
   # * Absolutely no fun is allowed
-  REGEX = /\A\w{8,}\z/.freeze
+  REGEX = /\A[a-zA-Z0-9_+=\/-]{8,}\z/.freeze
 
   included do
     validates :masked, inclusion: { in: [true, false] }

doc/ci/variables/README.md

@@ -95,6 +95,7 @@ though it must match certain requirements to do so:
 - The value must contain only letters, numbers, or underscores.
 - The value must be at least 8 characters long.
 - The value must not use variables.
+- The value must only consist of characters from the Base64 alphabet, defined in [RFC4648](https://tools.ietf.org/html/rfc4648).
 
 If the value does not meet the requirements above, then the CI variable will fail to save.
 In order to save, either alter the value to meet the masking requirements