diff options
author | Sean McGivern <sean@gitlab.com> | 2018-01-05 22:46:53 +0300 |
---|---|---|
committer | Tiago Botelho <tiago@gitlab.com> | 2018-01-08 16:36:36 +0300 |
commit | 3a163509588d83748c4333ad7a74ac077da4c953 (patch) | |
tree | 661435cfe85917a87a9756de52265f52910a403f /spec/models/service_spec.rb | |
parent | 14861b04cd5ab620420fd2d9b2b241017d5bdf4a (diff) |
Merge branch 'security-10-1-do-not-expose-passwords-or-tokens-in-service-integrations-api' into 'security-10-1'
Filter out sensitive fields from the project services API
See merge request gitlab/gitlabhq!2283
(cherry picked from commit cde3ae62e8f602b8db4fbdd382fba1a90780be7f)
c958086d Filter out sensitive fields from the project services API
Diffstat (limited to 'spec/models/service_spec.rb')
-rw-r--r-- | spec/models/service_spec.rb | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/spec/models/service_spec.rb b/spec/models/service_spec.rb index 0f2f906c667..49031b6323e 100644 --- a/spec/models/service_spec.rb +++ b/spec/models/service_spec.rb @@ -254,4 +254,38 @@ describe Service do end end end + + describe '#api_field_names' do + let(:fake_service) do + Class.new(Service) do + def fields + [ + { name: 'token' }, + { name: 'api_token' }, + { name: 'key' }, + { name: 'api_key' }, + { name: 'password' }, + { name: 'password_field' }, + { name: 'safe_field' } + ] + end + end + end + + let(:service) do + fake_service.new(properties: [ + { token: 'token-value' }, + { api_token: 'api_token-value' }, + { key: 'key-value' }, + { api_key: 'api_key-value' }, + { password: 'password-value' }, + { password_field: 'password_field-value' }, + { safe_field: 'safe_field-value' } + ]) + end + + it 'filters out sensitive fields' do + expect(service.api_field_names).to eq(['safe_field']) + end + end end |