Hide WebMock stubbing instructions in CI
What does this MR do and why?
This was initially discussed in Slack (internal).
Hide WebMock stubbing instructions and request body and headers to add an extra layer of protection. Even though we mock HTTP calls and don't use real credentials in tests, hiding these instructions helps avoid accidentally exposing sensitive headers during CI tests if some calls aren't fully mocked.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots
Before
Failures:
1) Project fetches google.com
Failure/Error: Net::HTTP.get(URI('https://google.com'), 'Authorization' => 'Bearer EXPOSED')
WebMock::NetConnectNotAllowedError:
Real HTTP connections are disabled. Unregistered request: GET https://google.com/ with headers {'Accept'=>'*/*', 'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3', 'Authorization'=>'Bearer EXPOSED', 'Host'=>'google.com', 'User-Agent'=>'Ruby'}
You can stub this request with the following snippet:
stub_request(:get, "https://google.com/").
with(
headers: {
'Accept'=>'*/*',
'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
'Authorization'=>'Bearer EXPOSED',
'Host'=>'google.com',
'User-Agent'=>'Ruby'
}).
to_return(status: 200, body: "", headers: {})
============================================================
After
See https://gitlab.com/gitlab-org/gitlab/-/jobs/7666926093#L3852
Failures:
1) Project fetches google.com
Failure/Error: Net::HTTP.get(URI('https://google.com'), 'Authorization' => 'Bearer EXPOSED')
WebMock::NetConnectNotAllowedError:
Real HTTP connections are disabled. Unregistered request: GET https://google.com/ body and headers are hidden.
Edited by Peter Leitzen