Merge branch 'sanitize_rake_ldap_check_output' into 'master'

Sanitize LDAP output in Rake tasks Closes #56131 See merge request gitlab-org/gitlab-ce!28427

Merge branch 'sanitize_rake_ldap_check_output' into 'master'
Sanitize LDAP output in Rake tasks Closes #56131 See merge request gitlab-org/gitlab-ce!28427
176164d3 · Lin Jen-Shin · c10bde1f · 05d5504d · 176164d3 · 176164d3
3 changed file
--- a/changelogs/unreleased/sanitize_rake_ldap_check_output.yml
+++ b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml
+---
+title: Sanitize LDAP output in Rake tasks
+merge_request: 28427
+author:
+type: fixed
--- a/lib/system_check/ldap_check.rb
+++ b/lib/system_check/ldap_check.rb
@@ -33,8 +33,13 @@ module SystemCheck
            $stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)"

            users = adapter.users(adapter.config.uid, '*', limit)
-            users.each do |user|
-              $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+
+            if should_sanitize?
+              $stdout.puts "\tUser output sanitized. Found #{users.length} users of #{limit} limit."
+            else
+              users.each do |user|
+                $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}"
+              end
            end
          end
        rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e

--- a/spec/tasks/gitlab/check_rake_spec.rb
+++ b/spec/tasks/gitlab/check_rake_spec.rb
@@ -96,6 +96,15 @@ describe 'check.rake' do

        subject
      end
+
+      it 'sanitizes output' do
+        user = double(dn: 'uid=fake_user1', uid: 'fake_user1')
+        allow(adapter).to receive(:users).and_return([user])
+        stub_env('SANITIZE', 'true')
+
+        expect { subject }.to output(/User output sanitized/).to_stdout
+        expect { subject }.not_to output('fake_user1').to_stdout
+      end
    end
  end
 end