Filter secret variable values from logs

Right now Project::VariablesController users the `value` parameter to send the secret variable value. `value` is a pretty generic term and could be used in other controllers, but for now it's better to err on the side of caution and filter this out. Closes #43313

Filter secret variable values from logs
Right now Project::VariablesController users the `value` parameter to send the secret variable value. `value` is a pretty generic term and could be used in other controllers, but for now it's better to err on the side of caution and filter this out. Closes #43313
efbe0768 · Stan Hu · efdde042 · efbe0768
Commit efbe0768 authored Feb 15, 2018 by Stan Hu
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

config/application.rb config/application.rb +2 -0

No files found.
--- a/config/application.rb
+++ b/config/application.rb
@@ -69,6 +69,7 @@ module Gitlab
    # - Webhook URLs (:hook)
    # - Sentry DSN (:sentry_dsn)
    # - Deploy keys (:key)
+    # - Secret variable values (:value)
    config.filter_parameters += [/token$/, /password/, /secret/]
    config.filter_parameters += %i(
      certificate
@@ -80,6 +81,7 @@ module Gitlab
      sentry_dsn
      trace
      variables
+      value
    )

    # Enable escaping HTML in JSON.