diff --git a/changelogs/unreleased/sanitize_rake_ldap_check_output.yml b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml new file mode 100644 index 0000000000000000000000000000000000000000..92824d1dd4823df1bd48e11dc8ee6f60e7cc0f5d --- /dev/null +++ b/changelogs/unreleased/sanitize_rake_ldap_check_output.yml @@ -0,0 +1,5 @@ +--- +title: Sanitize LDAP output in Rake tasks +merge_request: 28427 +author: +type: fixed diff --git a/lib/system_check/ldap_check.rb b/lib/system_check/ldap_check.rb index 619fb3cccb86707f13c85d0f4d4c2be4c8b409d2..938026424ede7c8c3d3d2f633db58512f5603a0d 100644 --- a/lib/system_check/ldap_check.rb +++ b/lib/system_check/ldap_check.rb @@ -33,8 +33,13 @@ module SystemCheck $stdout.puts "LDAP users with access to your GitLab server (only showing the first #{limit} results)" users = adapter.users(adapter.config.uid, '*', limit) - users.each do |user| - $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}" + + if should_sanitize? + $stdout.puts "\tUser output sanitized. Found #{users.length} users of #{limit} limit." + else + users.each do |user| + $stdout.puts "\tDN: #{user.dn}\t #{adapter.config.uid}: #{user.uid}" + end end end rescue Net::LDAP::ConnectionRefusedError, Errno::ECONNREFUSED => e diff --git a/spec/tasks/gitlab/check_rake_spec.rb b/spec/tasks/gitlab/check_rake_spec.rb index 06525e3c771ae7dc4057c4881bf781321b357a28..0fcb9b269f3281d6855257601325d5a8ad20395c 100644 --- a/spec/tasks/gitlab/check_rake_spec.rb +++ b/spec/tasks/gitlab/check_rake_spec.rb @@ -96,6 +96,15 @@ describe 'check.rake' do subject end + + it 'sanitizes output' do + user = double(dn: 'uid=fake_user1', uid: 'fake_user1') + allow(adapter).to receive(:users).and_return([user]) + stub_env('SANITIZE', 'true') + + expect { subject }.to output(/User output sanitized/).to_stdout + expect { subject }.not_to output('fake_user1').to_stdout + end end end end