diff options
| author | Nick Thomas <nick@gitlab.com> | 2018-12-05 02:54:29 +0300 |
|---|---|---|
| committer | Nick Thomas <nick@gitlab.com> | 2018-12-05 03:00:42 +0300 |
| commit | 2f2b0ad3905377b704aab3ad581a72a02258c3a6 (patch) | |
| tree | 58a23bb7b2bdb03786726635442fd4335f3a232a /app/models/hooks | |
| parent | d2ef9876ced637f6c4d65999ad4bba4351c95d69 (diff) | |
Use a 32-byte version of db_key_base for web hooks
AES-256-GCM cipher mode requires a key that is exactly 32 bytes long.
We already handle the case when the key is too long, by truncating, but
the key can also be too short in some installations. Switching to a key
that is always exactly the right length (by virtue of right-padding
ASCII 0 characters) allows encryption to proceed, without breaking
backward compatibility.
When the key is too short, encryption fails with an `ArgumentError`,
causing the web hooks functionality to be unusable. As a result, zero
rows can exist with values encrypted with the too-short key.
When the key is too long, it is silently truncated. In this case, the
key is unchanged, so values encrypted with the new too-long key will
still be successfully decrypted.
Diffstat (limited to 'app/models/hooks')
| -rw-r--r-- | app/models/hooks/web_hook.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb index b2fb79bc7ed..1a8662db9fb 100644 --- a/app/models/hooks/web_hook.rb +++ b/app/models/hooks/web_hook.rb @@ -6,12 +6,12 @@ class WebHook < ActiveRecord::Base attr_encrypted :token, mode: :per_attribute_iv, algorithm: 'aes-256-gcm', - key: Settings.attr_encrypted_db_key_base_truncated + key: Settings.attr_encrypted_db_key_base_32 attr_encrypted :url, mode: :per_attribute_iv, algorithm: 'aes-256-gcm', - key: Settings.attr_encrypted_db_key_base_truncated + key: Settings.attr_encrypted_db_key_base_32 has_many :web_hook_logs, dependent: :destroy # rubocop:disable Cop/ActiveRecordDependent |