Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
33844e18
Commit
33844e18
authored
Feb 01, 2021
by
GitLab Bot
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee
parent
41b1c046
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
34 additions
and
3 deletions
+34
-3
changelogs/unreleased/security-filter-graphql-logs.yml
changelogs/unreleased/security-filter-graphql-logs.yml
+5
-0
lib/gitlab/graphql/query_analyzers/logger_analyzer.rb
lib/gitlab/graphql/query_analyzers/logger_analyzer.rb
+11
-3
spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
...ib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
+18
-0
No files found.
changelogs/unreleased/security-filter-graphql-logs.yml
0 → 100644
View file @
33844e18
---
title
:
Filter sensitive GraphQL variables from logs
merge_request
:
author
:
type
:
security
lib/gitlab/graphql/query_analyzers/logger_analyzer.rb
View file @
33844e18
...
@@ -49,13 +49,21 @@ module Gitlab
...
@@ -49,13 +49,21 @@ module Gitlab
private
private
def
process_variables
(
variables
)
def
process_variables
(
variables
)
if
variables
.
respond_to?
(
:to_s
)
filtered_variables
=
filter_sensitive_variables
(
variables
)
variables
.
to_s
if
filtered_variables
.
respond_to?
(
:to_s
)
filtered_variables
.
to_s
else
else
variables
filtered_
variables
end
end
end
end
def
filter_sensitive_variables
(
variables
)
ActiveSupport
::
ParameterFilter
.
new
(
::
Rails
.
application
.
config
.
filter_parameters
)
.
filter
(
variables
)
end
def
duration
(
time_started
)
def
duration
(
time_started
)
Gitlab
::
Metrics
::
System
.
monotonic_time
-
time_started
Gitlab
::
Metrics
::
System
.
monotonic_time
-
time_started
end
end
...
...
spec/lib/gitlab/graphql/query_analyzers/logger_analyzer_spec.rb
View file @
33844e18
...
@@ -40,4 +40,22 @@ RSpec.describe Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer do
...
@@ -40,4 +40,22 @@ RSpec.describe Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer do
end
end
end
end
end
end
describe
'#initial_value'
do
it
'filters out sensitive variables'
do
doc
=
GraphQL
.
parse
<<-
GRAPHQL
mutation createNote($body: String!) {
createNote(input: {noteableId: "1", body: $body}) {
note {
id
}
}
}
GRAPHQL
query
=
GraphQL
::
Query
.
new
(
GitlabSchema
,
document:
doc
,
context:
{},
variables:
{
body:
"some note"
})
expect
(
subject
.
initial_value
(
query
)[
:variables
]).
to
eq
(
'{:body=>"[FILTERED]"}'
)
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment