Exclude sensitive attributes in serializable_hash by default
What does this MR do and why?
- Add all
attr_encrypted
fieldsserializable_hash
:except
option - Add all
add_authentication_token_field
fields toserializable_hash
:except
option - Provide
prevent_from_serialization :some_sensitive_value
utility to manually add fields that were not automatically added above
Note This does not address all problems with serializable_hash
/ to_json
/ as_json
but it solves one obvious weakness.
Related issues: https://gitlab.com/gitlab-org/gitlab/-/issues/353408, https://gitlab.com/gitlab-org/gitlab/-/issues/353608, https://gitlab.com/gitlab-com/gl-security/security-operations/sirt/operations/-/issues/2010
Moved from https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/2235
Manual testing
Enable the feature flag:
Feature.enable :prevent_sensitive_fields_from_serializable_hash
-
Project
Master:
[1] pry(main)> Project.first.serializable_hash.keys.include? "runners_token"
=> true
On this branch, it's false
-
WebHook
Master:
[1] pry(main)> WebHook.first.serializable_hash.keys.include? "token"
WebHook Load (0.7ms) SELECT "web_hooks".* FROM "web_hooks" ORDER BY "web_hooks"."id" ASC LIMIT 1 /*application:console,db_config_name:main_replica,line:(pry):1:in `__pry__'*/
=> true
On this branch, it's false
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.