2019-07-07 11:18:12 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
RSpec.describe Gitlab::Application do # rubocop:disable RSpec/FilePath
|
2019-07-07 11:18:12 +05:30
|
|
|
using RSpec::Parameterized::TableSyntax
|
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
filtered_param = ActiveSupport::ParameterFilter::FILTERED
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
context 'when parameters are logged' do
|
|
|
|
describe 'rails does not leak confidential parameters' do
|
|
|
|
def request_for_url(input_url)
|
|
|
|
env = Rack::MockRequest.env_for(input_url)
|
|
|
|
env['action_dispatch.parameter_filter'] = described_class.config.filter_parameters
|
|
|
|
|
|
|
|
ActionDispatch::Request.new(env)
|
|
|
|
end
|
|
|
|
|
|
|
|
where(:input_url, :output_query) do
|
|
|
|
'/' | {}
|
|
|
|
'/?safe=1' | { 'safe' => '1' }
|
2020-05-24 23:13:21 +05:30
|
|
|
'/?private_token=secret' | { 'private_token' => filtered_param }
|
|
|
|
'/?mixed=1&private_token=secret' | { 'mixed' => '1', 'private_token' => filtered_param }
|
|
|
|
'/?note=secret¬eable=1&prefix_note=2' | { 'note' => filtered_param, 'noteable' => '1', 'prefix_note' => '2' }
|
|
|
|
'/?note[note]=secret&target_type=1' | { 'note' => filtered_param, 'target_type' => '1' }
|
|
|
|
'/?safe[note]=secret&target_type=1' | { 'safe' => { 'note' => filtered_param }, 'target_type' => '1' }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
with_them do
|
|
|
|
it { expect(request_for_url(input_url).filtered_parameters).to eq(output_query) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|