search

MeltanoLabs / tap-gitlab

Singer.io Tap for extracting data from Gitlab's API
GNU Affero General Public License v3.0
11 stars 27 forks source link

Don't log private tokens, send it in the HTTP headers #5

Closed pnadolny13 closed 2 years ago

pnadolny13 commented 2 years ago

In GitLab by @zj-gitlab on May 20, 2019, 07:23

When extracting data using my personal token is exposed:

   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=25&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=26&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=27&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=28&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=29&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=30&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/users?page=31&private_token=PRIVATE_TOKEN                                                                                                                                               
   INFO GET https://gitlab.com/api/v4/projects/2009901/issues?scope=all&page=1&private_token=PRIVATE_TOKEN                                                                                                                                     
   INFO GET https://gitlab.com/api/v4/projects/2009901/issues?scope=all&page=2&private_token=PRIVATE_TOKEN

The token should be send in the HTTP header so it's not exposed for this tap.

pnadolny13 commented 2 years ago

In GitLab by @zj-gitlab on Jun 11, 2019, 06:50

mentioned in merge request !8

pnadolny13 commented 2 years ago

In GitLab by @iroussos on Jun 11, 2019, 09:56

Oh yes! You are so right @zj

pnadolny13 commented 2 years ago

In GitLab by @iroussos on Jun 12, 2019, 08:11

mentioned in commit 08a8b34a8abdc87f686c44521227eed74b6f6919

pnadolny13 commented 2 years ago

In GitLab by @zj-gitlab on Jun 12, 2019, 08:11

closed via commit ba87fc2141053e7fa0977a86776383b454a18055

pnadolny13 commented 2 years ago

In GitLab by @iroussos on Jun 12, 2019, 08:11

closed via merge request !8