[Bug][API] GET /projects exposes GitLab token in the gitextractor plugin #7597
Comments
dosubot
bot
added
pr-type/bug-fix
|
Hey there, @richard-fletcher! 👋 I'm here to help you with bugs, questions, and becoming a contributor. I'm a bot, but I can assist while you wait for a human maintainer. To ensure that the GitLab token is masked in the response from the Here is the relevant code snippet that shows how the func (conn *GitlabConn) Sanitize() GitlabConn {
conn.Token = utils.SanitizeString(conn.Token)
return *conn
}
func (connection GitlabConnection) Sanitize() GitlabConnection {
connection.GitlabConn = connection.GitlabConn.Sanitize()
return connection
}To ensure the token is masked in the response, you should call the func GetProjectHandler(w http.ResponseWriter, r *http.Request) {
// Assume you have a function to get the GitlabConnection object
connection := getGitlabConnectionFromRequest(r)
// Sanitize the connection to mask the token
sanitizedConnection := connection.Sanitize()
// Return the sanitized connection in the response
json.NewEncoder(w).Encode(sanitizedConnection)
}This ensures that the token is masked in the response, protecting sensitive information [1]. |
d4x1
changed the title
Search before asking
What happened
When calling GET /blueprints/{blueprintId} access tokens are correctly masked for gitextractor GitLab connections. When calling GET /projects/{projectName} the token is not masked in the Blueprint response.
What do you expect to happen
The token to be masked in the response from GET /projects/{projectName}
How to reproduce
Anything else
No response
Version
v0.21.0
Are you willing to submit PR?
Code of Conduct
The text was updated successfully, but these errors were encountered: