Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7ad53afd
Commit
7ad53afd
authored
Feb 28, 2022
by
Thong Kuah
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add feature flag for gradual rollout
parent
be71e069
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
28 additions
and
5 deletions
+28
-5
app/models/concerns/sensitive_serializable_hash.rb
app/models/concerns/sensitive_serializable_hash.rb
+8
-1
config/feature_flags/development/prevent_sensitive_fields_from_serializable_hash.yml
...pment/prevent_sensitive_fields_from_serializable_hash.yml
+8
-0
spec/models/concerns/sensitive_serializable_hash_spec.rb
spec/models/concerns/sensitive_serializable_hash_spec.rb
+12
-4
No files found.
app/models/concerns/sensitive_serializable_hash.rb
View file @
7ad53afd
...
...
@@ -19,7 +19,8 @@ module SensitiveSerializableHash
# In general, prefer NOT to use serializable_hash / to_json / as_json in favor
# of serializers / entities instead which has an allowlist of attributes
def
serializable_hash
(
options
=
nil
)
return
super
(
options
)
if
options
&&
options
[
:unsafe_serialization_hash
]
return
super
unless
prevent_sensitive_fields_from_serializable_hash?
return
super
if
options
&&
options
[
:unsafe_serialization_hash
]
options
=
options
.
try
(
:dup
)
||
{}
options
[
:except
]
=
Array
(
options
[
:except
]).
dup
...
...
@@ -36,4 +37,10 @@ module SensitiveSerializableHash
super
(
options
)
end
private
def
prevent_sensitive_fields_from_serializable_hash?
Feature
.
enabled?
(
:prevent_sensitive_fields_from_serializable_hash
,
default_enabled: :yaml
)
end
end
config/feature_flags/development/prevent_sensitive_fields_from_serializable_hash.yml
0 → 100644
View file @
7ad53afd
---
name
:
prevent_sensitive_fields_from_serializable_hash
introduced_by_url
:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81773
rollout_issue_url
:
https://gitlab.com/gitlab-org/gitlab/-/issues/353878
milestone
:
'
14.9'
type
:
development
group
:
group::sharding
default_enabled
:
false
spec/models/concerns/sensitive_serializable_hash_spec.rb
View file @
7ad53afd
...
...
@@ -19,19 +19,27 @@ RSpec.describe SensitiveSerializableHash do
end
end
it
'does not include the field in serializable_hash'
do
model
=
test_class
.
new
let
(
:model
)
{
test_class
.
new
}
it
'does not include the field in serializable_hash'
do
expect
(
model
.
serializable_hash
).
not_to
include
(
'super_secret'
)
end
context
'unsafe_serialization_hash option'
do
it
'includes the field in serializable_hash'
do
model
=
test_class
.
new
expect
(
model
.
serializable_hash
(
unsafe_serialization_hash:
true
)).
to
include
(
'super_secret'
)
end
end
context
'when prevent_sensitive_fields_from_serializable_hash feature flag is disabled'
do
before
do
stub_feature_flags
(
prevent_sensitive_fields_from_serializable_hash:
false
)
end
it
'includes the field in serializable_hash'
do
expect
(
model
.
serializable_hash
).
to
include
(
'super_secret'
)
end
end
end
describe
'#serializable_hash'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment