From 05d5504d072fa1a1c222e94b21e483ba28cbe666 Mon Sep 17 00:00:00 2001
From: Drew Blessing <drew@blessing.io>
Date: Fri, 17 May 2019 15:26:15 -0500
Subject: Sanitize LDAP output in Rake tasks

The various LDAP check Rake tasks have long supported a SANITIZE
environment variable. When present, identifiable information is
obscured such as user names and project/group names. Until now,
the LDAP check did not honor this. Now it will only say how many
users were found. This should at least give the indication that
the LDAP configuration found something, but will not leak what
it is. Resolves #56131
---
 spec/tasks/gitlab/check_rake_spec.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'spec/tasks')

diff --git a/spec/tasks/gitlab/check_rake_spec.rb b/spec/tasks/gitlab/check_rake_spec.rb
index 06525e3c771..0fcb9b269f3 100644
--- a/spec/tasks/gitlab/check_rake_spec.rb
+++ b/spec/tasks/gitlab/check_rake_spec.rb
@@ -96,6 +96,15 @@ describe 'check.rake' do
 
         subject
       end
+
+      it 'sanitizes output' do
+        user = double(dn: 'uid=fake_user1', uid: 'fake_user1')
+        allow(adapter).to receive(:users).and_return([user])
+        stub_env('SANITIZE', 'true')
+
+        expect { subject }.to output(/User output sanitized/).to_stdout
+        expect { subject }.not_to output('fake_user1').to_stdout
+      end
     end
   end
 end
-- 
cgit v1.2.3