Commit c267cc80 authored by charlieablett's avatar charlieablett

Add `html` to sensitive words

parent fc55d7bc
...@@ -4,7 +4,7 @@ module Gitlab ...@@ -4,7 +4,7 @@ module Gitlab
module ImportExport module ImportExport
class AttributeCleaner class AttributeCleaner
ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + ['group_id'] ALLOWED_REFERENCES = RelationFactory::PROJECT_REFERENCES + RelationFactory::USER_REFERENCES + ['group_id']
PROHIBITED_SUFFIXES = %w(_id _html).freeze PROHIBITED_SUFFIXES = %w[_id _html].freeze
def self.clean(*args) def self.clean(*args)
new(*args).clean new(*args).clean
......
...@@ -12,7 +12,7 @@ describe 'Import/Export - project export integration test', :js do ...@@ -12,7 +12,7 @@ describe 'Import/Export - project export integration test', :js do
let(:export_path) { "#{Dir.tmpdir}/import_file_spec" } let(:export_path) { "#{Dir.tmpdir}/import_file_spec" }
let(:config_hash) { YAML.load_file(Gitlab::ImportExport.config_file).deep_stringify_keys } let(:config_hash) { YAML.load_file(Gitlab::ImportExport.config_file).deep_stringify_keys }
let(:sensitive_words) { %w[pass secret token key encrypted] } let(:sensitive_words) { %w[pass secret token key encrypted html] }
let(:safe_list) do let(:safe_list) do
{ {
token: [ProjectHook, Ci::Trigger, CommitStatus], token: [ProjectHook, Ci::Trigger, CommitStatus],
......
...@@ -63,6 +63,7 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do ...@@ -63,6 +63,7 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
it 'does not import note_html' do it 'does not import note_html' do
note_content = 'Quo reprehenderit aliquam qui dicta impedit cupiditate eligendi' note_content = 'Quo reprehenderit aliquam qui dicta impedit cupiditate eligendi'
issue_note = Issue.find_by(description: 'Aliquam enim illo et possimus.').notes.select { |n| n.note.match(/#{note_content}/)}.first issue_note = Issue.find_by(description: 'Aliquam enim illo et possimus.').notes.select { |n| n.note.match(/#{note_content}/)}.first
expect(issue_note.note_html).to match(/#{note_content}/) expect(issue_note.note_html).to match(/#{note_content}/)
end end
end end
...@@ -71,6 +72,7 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do ...@@ -71,6 +72,7 @@ describe Gitlab::ImportExport::ProjectTreeRestorer do
it 'does not import note_html' do it 'does not import note_html' do
note_content = 'Sit voluptatibus eveniet architecto quidem' note_content = 'Sit voluptatibus eveniet architecto quidem'
merge_request_note = MergeRequest.find_by(title: 'MR1').notes.select { |n| n.note.match(/#{note_content}/)}.first merge_request_note = MergeRequest.find_by(title: 'MR1').notes.select { |n| n.note.match(/#{note_content}/)}.first
expect(merge_request_note.note_html).to match(/#{note_content}/) expect(merge_request_note.note_html).to match(/#{note_content}/)
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment