Closed richard-fletcher closed 3 months ago
Hey there, @richard-fletcher! 👋 I'm here to help you with bugs, questions, and becoming a contributor. I'm a bot, but I can assist while you wait for a human maintainer.
To ensure that the GitLab token is masked in the response from the GET /projects/{projectName}
endpoint, you can use the Sanitize
method defined in the GitlabConn
and GitlabConnection
structs. This method replaces the token with a sanitized version.
Here is the relevant code snippet that shows how the Sanitize
method is used:
func (conn *GitlabConn) Sanitize() GitlabConn {
conn.Token = utils.SanitizeString(conn.Token)
return *conn
}
func (connection GitlabConnection) Sanitize() GitlabConnection {
connection.GitlabConn = connection.GitlabConn.Sanitize()
return connection
}
To ensure the token is masked in the response, you should call the Sanitize
method on the GitlabConnection
object before returning it in the response of the GET /projects/{projectName}
endpoint. Here is an example of how you might do this:
func GetProjectHandler(w http.ResponseWriter, r *http.Request) {
// Assume you have a function to get the GitlabConnection object
connection := getGitlabConnectionFromRequest(r)
// Sanitize the connection to mask the token
sanitizedConnection := connection.Sanitize()
// Return the sanitized connection in the response
json.NewEncoder(w).Encode(sanitizedConnection)
}
This ensures that the token is masked in the response, protecting sensitive information [1].
To continue talking to Dosu, mention @dosu.
Search before asking
What happened
When calling GET /blueprints/{blueprintId} access tokens are correctly masked for gitextractor GitLab connections. When calling GET /projects/{projectName} the token is not masked in the Blueprint response.
What do you expect to happen
The token to be masked in the response from GET /projects/{projectName}
How to reproduce
Anything else
No response
Version
v0.21.0
Are you willing to submit PR?
Code of Conduct