blob: ae9df203544c11fcc75170e9a56e3cde2f00b317 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# frozen_string_literal: true
module Gitlab
module GrapeLogging
module Loggers
# In the CI variables APIs, the POST or PUT parameters will always be
# literally 'key' and 'value'. Rails' default filters_parameters will
# always incorrectly mask the value of param 'key' when it should mask the
# value of the param 'value'.
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/353857
class FilterParameters < ::GrapeLogging::Loggers::FilterParameters
private
def safe_parameters(request)
loggable_params = super
settings = request.env[Grape::Env::API_ENDPOINT]&.route&.settings
return loggable_params unless settings&.key?(:log_safety)
settings[:log_safety][:safe].each do |key|
loggable_params[key] = request.params[key] if loggable_params.key?(key)
end
settings[:log_safety][:unsafe].each do |key|
loggable_params[key] = @replacement if loggable_params.key?(key)
end
loggable_params
end
end
end
end
end
|