diff options
author | Jan Provaznik <jprovaznik@gitlab.com> | 2018-09-20 17:14:46 +0300 |
---|---|---|
committer | Jan Provaznik <jprovaznik@gitlab.com> | 2018-10-23 22:20:20 +0300 |
commit | c1c1496405620d99d5943b1c4b5277b4b7d6ad63 (patch) | |
tree | ef22eddee4707eb87edc6abe64f8451fbf24e919 /app/models/concerns/redactable.rb | |
parent | ee40dc3a7f1c3f11fad2fde3be17e4ddd5d87585 (diff) |
Redact unsubscribe links in issuable texts
It's possible that user pastes accidentally also unsubscribe link
which is included in footer of notification emails. This unsubscribe
link contains personal token which attacker then use to act as the
original user (e.g. for sending comments under his/her identity).
Diffstat (limited to 'app/models/concerns/redactable.rb')
-rw-r--r-- | app/models/concerns/redactable.rb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/app/models/concerns/redactable.rb b/app/models/concerns/redactable.rb new file mode 100644 index 00000000000..5ad96d6cc46 --- /dev/null +++ b/app/models/concerns/redactable.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +# This module searches and redacts sensitive information in +# redactable fields. Currently only unsubscribe link is redacted. +# Add following lines into your model: +# +# include Redactable +# redact_field :foo +# +module Redactable + extend ActiveSupport::Concern + + UNSUBSCRIBE_PATTERN = %r{/sent_notifications/\h{32}/unsubscribe} + + class_methods do + def redact_field(field) + before_validation do + redact_field!(field) if attribute_changed?(field) + end + end + end + + private + + def redact_field!(field) + text = public_send(field) # rubocop:disable GitlabSecurity/PublicSend + return unless text.present? + + redacted = text.gsub(UNSUBSCRIBE_PATTERN, '/sent_notifications/REDACTED/unsubscribe') + + public_send("#{field}=", redacted) # rubocop:disable GitlabSecurity/PublicSend + end +end |