Redact short and known private tokens

Prior this commit very short private tokens (< 4 chars) triggered: ArgumentError: negative argument Also, if private token was a term which was part of the inspected string only the first occurrence was the term was redacted.
NARKOZ · Jul 4, 2024 · 41bfc86 · 41bfc86
1 parent 0766442
commit 41bfc86
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/lib/gitlab/client.rb b/lib/gitlab/client.rb
@@ -77,7 +77,7 @@ class Client < API
     # @return [String]
     def inspect
       inspected = super
-      inspected.sub! @private_token, only_show_last_four_chars(@private_token) if @private_token
+      inspected = redact_private_token(inspected, @private_token) if @private_token
       inspected
     end
 
@@ -91,7 +91,14 @@ def url_encode(url)
 
     private
 
+    def redact_private_token(inspected, private_token)
+      redacted = only_show_last_four_chars(private_token)
+      inspected.sub %{@private_token="#{private_token}"}, %{@private_token="#{redacted}"}
+    end
+
     def only_show_last_four_chars(token)
+      return "****" if token.size <= 4
+
       "#{'*' * (token.size - 4)}#{token[-4..]}"
     end
   end