# Rollback production changes
git checkout master -- lib
bundle exec rspec spec/gitlab/client_spec.rb
Randomized with seed 22140
Gitlab::Client
#inspect
with a known private token
is expected to include "@endpoint=" (FAILED - 1)
is expected to include "@private_token=\"****oint\"" (FAILED - 2)
with very short private token
example at ./spec/gitlab/client_spec.rb:33 (FAILED - 3)
with a private token
is expected to include "@private_token=\"******oken\""
with short private token
is expected to include "@private_token=\"****\"" (FAILED - 4)
without private token
is expected not to include "@private_token="
Failures:
1) Gitlab::Client#inspect with a known private token is expected to include "@endpoint="
Failure/Error: it { is_expected.to include('@endpoint=') }
expected "#<Gitlab::Client:0x00007f7d05a9ff90 @****oint=\"https://api.example.com\", @private_token=\"endpoint\", @user_agent=\"Gitlab Ruby Gem 5.0.0\">" to include "@endpoint="
# ./spec/gitlab/client_spec.rb:27:in `block (4 levels) in <top (required)>'
2) Gitlab::Client#inspect with a known private token is expected to include "@private_token=\"****oint\""
Failure/Error: it { is_expected.to include('@private_token="****oint"') }
expected "#<Gitlab::Client:0x00007f7d05fc9bd8 @****oint=\"https://api.example.com\", @private_token=\"endpoint\", @user_agent=\"Gitlab Ruby Gem 5.0.0\">" to include "@private_token=\"****oint\""
# ./spec/gitlab/client_spec.rb:26:in `block (4 levels) in <top (required)>'
3) Gitlab::Client#inspect with very short private token
Failure/Error: "#{'*' * (token.size - 4)}#{token[-4..]}"
ArgumentError:
negative argument
# ./lib/gitlab/client.rb:95:in `*'
# ./lib/gitlab/client.rb:95:in `only_show_last_four_chars'
# ./lib/gitlab/client.rb:80:in `inspect'
# ./spec/gitlab/client_spec.rb:9:in `block (3 levels) in <top (required)>'
# ./spec/gitlab/client_spec.rb:33:in `block (4 levels) in <top (required)>'
4) Gitlab::Client#inspect with short private token is expected to include "@private_token=\"****\""
Failure/Error: it { is_expected.to include('@private_token="****"') }
expected "#<Gitlab::Client:0x00007f7d05cb9ba0 @endpoint=\"https://api.example.com\", @private_token=\"abcd\", @user_agent=\"Gitlab Ruby Gem 5.0.0\">" to include "@private_token=\"****\""
# ./spec/gitlab/client_spec.rb:39:in `block (4 levels) in <top (required)>'
Finished in 0.0212 seconds (files took 0.19272 seconds to load)
6 examples, 4 failures
Failed examples:
rspec ./spec/gitlab/client_spec.rb:27 # Gitlab::Client#inspect with a known private token is expected to include "@endpoint="
rspec ./spec/gitlab/client_spec.rb:26 # Gitlab::Client#inspect with a known private token is expected to include "@private_token=\"****oint\""
rspec ./spec/gitlab/client_spec.rb:33 # Gitlab::Client#inspect with very short private token
rspec ./spec/gitlab/client_spec.rb:39 # Gitlab::Client#inspect with short private token is expected to include "@private_token=\"****\""
Randomized with seed 22140
Prior this commit very short private tokens (< 4 chars) triggered:
ArgumentError: negative argument
Also, if private token was a term which was part of the inspected string only the first occurrence was redacted.
Refs
https://gitlab.com/gitlab-org/quality/triage-ops/-/merge_requests/2919#note_1983270817
Verification