Commit 33844e18 authored by GitLab Bot's avatar GitLab Bot

Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee

parent 41b1c046
---
title: Filter sensitive GraphQL variables from logs
merge_request:
author:
type: security
...@@ -49,13 +49,21 @@ module Gitlab ...@@ -49,13 +49,21 @@ module Gitlab
private private
def process_variables(variables) def process_variables(variables)
if variables.respond_to?(:to_s) filtered_variables = filter_sensitive_variables(variables)
variables.to_s
if filtered_variables.respond_to?(:to_s)
filtered_variables.to_s
else else
variables filtered_variables
end end
end end
def filter_sensitive_variables(variables)
ActiveSupport::ParameterFilter
.new(::Rails.application.config.filter_parameters)
.filter(variables)
end
def duration(time_started) def duration(time_started)
Gitlab::Metrics::System.monotonic_time - time_started Gitlab::Metrics::System.monotonic_time - time_started
end end
......
...@@ -40,4 +40,22 @@ RSpec.describe Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer do ...@@ -40,4 +40,22 @@ RSpec.describe Gitlab::Graphql::QueryAnalyzers::LoggerAnalyzer do
end end
end end
end end
describe '#initial_value' do
it 'filters out sensitive variables' do
doc = GraphQL.parse <<-GRAPHQL
mutation createNote($body: String!) {
createNote(input: {noteableId: "1", body: $body}) {
note {
id
}
}
}
GRAPHQL
query = GraphQL::Query.new(GitlabSchema, document: doc, context: {}, variables: { body: "some note" })
expect(subject.initial_value(query)[:variables]).to eq('{:body=>"[FILTERED]"}')
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment