From 41d66849499cfddd8ec42f4e374257e59944ca0c Mon Sep 17 00:00:00 2001 From: Alex Kalderimis Date: Thu, 24 Feb 2022 15:19:15 +0000 Subject: [PATCH 1/2] Limit integration property fields --- app/models/integration.rb | 5 ++++- lib/api/entities/project_integration.rb | 15 ++------------- spec/models/integration_spec.rb | 13 +++++++++++-- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/app/models/integration.rb b/app/models/integration.rb index a5b5e238410db5..15464eac953228 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -414,7 +414,10 @@ def event_field(event) end def api_field_names - fields.pluck(:name).grep_v(/password|token|key|title|description/) + fields + .reject { _1[:type] == 'password' } + .pluck(:name) + .grep_v(/password|token|key|title|description/) end def global_fields diff --git a/lib/api/entities/project_integration.rb b/lib/api/entities/project_integration.rb index 649e4d015b8c4a..155136d2f80add 100644 --- a/lib/api/entities/project_integration.rb +++ b/lib/api/entities/project_integration.rb @@ -5,19 +5,8 @@ module Entities class ProjectIntegration < Entities::ProjectIntegrationBasic # Expose serialized properties expose :properties do |integration, options| - # TODO: Simplify as part of https://gitlab.com/gitlab-org/gitlab/issues/29404 - - attributes = - if integration.data_fields_present? - integration.data_fields.as_json.keys - else - integration.properties.keys - end - - attributes &= integration.api_field_names - - attributes.each_with_object({}) do |attribute, hash| - hash[attribute] = integration.public_send(attribute) # rubocop:disable GitlabSecurity/PublicSend + integration.api_field_names.to_h do |name| + [name, integration.public_send(name)] # rubocop:disable GitlabSecurity/PublicSend end end end diff --git a/spec/models/integration_spec.rb b/spec/models/integration_spec.rb index b8f75e8595e304..69f6b1ab040883 100644 --- a/spec/models/integration_spec.rb +++ b/spec/models/integration_spec.rb @@ -732,14 +732,23 @@ def fields { name: 'password' }, { name: 'password_field' }, { name: 'some_safe_field' }, - { name: 'safe_field' } + { name: 'safe_field' }, + { name: 'description' }, + { name: 'title' }, + { name: 'url' }, + { name: 'trojan_horse', type: 'password' }, + { name: 'trojan_gift', type: 'gift' } ].shuffle end end end it 'filters out sensitive fields' do - expect(fake_integration.new).to have_attributes(api_field_names: match_array(%w[some_safe_field safe_field])) + safe_fields = %w[some_safe_field safe_field url trojan_gift] + + expect(fake_integration.new).to have_attributes( + api_field_names: match_array(safe_fields) + ) end end -- GitLab From 278e0be55b714536fe86b79009a93bd979960332 Mon Sep 17 00:00:00 2001 From: Alex Kalderimis Date: Thu, 24 Feb 2022 19:29:32 +0000 Subject: [PATCH 2/2] Remove unnecessary regexp elements This removes the regexp filter for fields containing 'title' or 'description' in their name. This relates to the removal of the title and description columns on the integrations table See: https://gitlab.com/gitlab-org/gitlab/-/issues/217587 --- app/models/integration.rb | 2 +- spec/models/integration_spec.rb | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/app/models/integration.rb b/app/models/integration.rb index 15464eac953228..e64fff2d811143 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -417,7 +417,7 @@ def api_field_names fields .reject { _1[:type] == 'password' } .pluck(:name) - .grep_v(/password|token|key|title|description/) + .grep_v(/password|token|key/) end def global_fields diff --git a/spec/models/integration_spec.rb b/spec/models/integration_spec.rb index 69f6b1ab040883..c0bb0ba636d9dc 100644 --- a/spec/models/integration_spec.rb +++ b/spec/models/integration_spec.rb @@ -733,8 +733,6 @@ def fields { name: 'password_field' }, { name: 'some_safe_field' }, { name: 'safe_field' }, - { name: 'description' }, - { name: 'title' }, { name: 'url' }, { name: 'trojan_horse', type: 'password' }, { name: 'trojan_gift', type: 'gift' } -- GitLab