Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
fb48eaba
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
fb48eaba
编写于
9月 10, 2018
作者:
N
Nick Thomas
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Encrypt webhook tokens and URLs in the database
上级
1b7fd53a
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
74 addition
and
0 deletion
+74
-0
app/models/hooks/web_hook.rb
app/models/hooks/web_hook.rb
+44
-0
changelogs/unreleased/51021-more-attr-encrypted.yml
changelogs/unreleased/51021-more-attr-encrypted.yml
+5
-0
db/migrate/20180910115836_add_attr_encrypted_columns_to_web_hook.rb
.../20180910115836_add_attr_encrypted_columns_to_web_hook.rb
+15
-0
db/schema.rb
db/schema.rb
+4
-0
lib/gitlab/import_export/import_export.yml
lib/gitlab/import_export/import_export.yml
+6
-0
未找到文件。
app/models/hooks/web_hook.rb
浏览文件 @
fb48eaba
...
...
@@ -3,6 +3,16 @@
class
WebHook
<
ActiveRecord
::
Base
include
Sortable
attr_encrypted
:token
,
mode: :per_attribute_iv
,
algorithm:
'aes-256-gcm'
,
key:
Settings
.
attr_encrypted_db_key_base_truncated
attr_encrypted
:url
,
mode: :per_attribute_iv
,
algorithm:
'aes-256-gcm'
,
key:
Settings
.
attr_encrypted_db_key_base_truncated
has_many
:web_hook_logs
,
dependent: :destroy
# rubocop:disable Cop/ActiveRecordDependent
validates
:url
,
presence:
true
,
public_url:
{
allow_localhost:
lambda
(
&
:allow_local_requests?
),
...
...
@@ -27,4 +37,38 @@ class WebHook < ActiveRecord::Base
def
allow_local_requests?
false
end
# In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
# Ensure that the encrypted version always takes precedence if present.
alias_method
:attr_encrypted_token
,
:token
def
token
attr_encrypted_token
.
presence
||
read_attribute
(
:token
)
end
# In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
# Pending a background migration to encrypt all fields, we should just clear
# the unencrypted value whenever the new value is set.
alias_method
:'attr_encrypted_token='
,
:'token='
def
token
=
(
value
)
self
.
attr_encrypted_token
=
value
write_attribute
(
:token
,
nil
)
end
# In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
# Ensure that the encrypted version always takes precedence if present.
alias_method
:attr_encrypted_url
,
:url
def
url
attr_encrypted_url
.
presence
||
read_attribute
(
:url
)
end
# In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
# Pending a background migration to encrypt all fields, we should just clear
# the unencrypted value whenever the new value is set.
alias_method
:'attr_encrypted_url='
,
:'url='
def
url
=
(
value
)
self
.
attr_encrypted_url
=
value
write_attribute
(
:url
,
nil
)
end
end
changelogs/unreleased/51021-more-attr-encrypted.yml
0 → 100644
浏览文件 @
fb48eaba
---
title
:
Encrypt webhook tokens and URLs in the database
merge_request
:
21645
author
:
type
:
security
db/migrate/20180910115836_add_attr_encrypted_columns_to_web_hook.rb
0 → 100644
浏览文件 @
fb48eaba
# frozen_string_literal: true
class
AddAttrEncryptedColumnsToWebHook
<
ActiveRecord
::
Migration
include
Gitlab
::
Database
::
MigrationHelpers
DOWNTIME
=
false
def
change
add_column
:web_hooks
,
:encrypted_token
,
:string
add_column
:web_hooks
,
:encrypted_token_iv
,
:string
add_column
:web_hooks
,
:encrypted_url
,
:string
add_column
:web_hooks
,
:encrypted_url_iv
,
:string
end
end
db/schema.rb
浏览文件 @
fb48eaba
...
...
@@ -2272,6 +2272,10 @@ ActiveRecord::Schema.define(version: 20180917172041) do
t
.
boolean
"job_events"
,
default:
false
,
null:
false
t
.
boolean
"confidential_note_events"
t
.
text
"push_events_branch_filter"
t
.
string
"encrypted_token"
t
.
string
"encrypted_token_iv"
t
.
string
"encrypted_url"
t
.
string
"encrypted_url_iv"
end
add_index
"web_hooks"
,
[
"project_id"
],
name:
"index_web_hooks_on_project_id"
,
using: :btree
...
...
lib/gitlab/import_export/import_export.yml
浏览文件 @
fb48eaba
...
...
@@ -147,6 +147,12 @@ excluded_attributes:
-
:reference
-
:reference_html
-
:epic_id
hooks
:
-
:token
-
:encrypted_token
-
:encrypted_token_iv
-
:encrypted_url
-
:encrypted_url_iv
methods
:
labels
:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录