Create a rubocop to enforce prefixing authentication tokens
In https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#token-prefixes we mandate that tokens are prefixed, so that they can be detected by secret detection if leaked. Now that many of our tokens have prefixes we should enforce this for new additions. Proactively including a prefix increases efficiency: developers don't need to go back and add a prefix later, there's no worries about needing to rotate existing tokens later, no need for feature flagged rollout, etc. The rubocop has been disabled for existing violations with either a wontfix comment, or a TODO with issue URL comment. The rationale for these decisions is at https://gitlab.com/gitlab-org/gitlab/-/issues/439007#note_1740969806 Resolves https://gitlab.com/gitlab-org/gitlab/-/issues/439007
显示
- .rubocop.yml 8 个添加, 0 个删除.rubocop.yml
- .rubocop_todo/gitlab/token_without_prefix.yml 5 个添加, 0 个删除.rubocop_todo/gitlab/token_without_prefix.yml
- app/models/application_setting.rb 7 个添加, 4 个删除app/models/application_setting.rb
- app/models/operations/feature_flags_client.rb 1 个添加, 1 个删除app/models/operations/feature_flags_client.rb
- app/models/user.rb 3 个添加, 2 个删除app/models/user.rb
- ee/app/models/ee/group.rb 1 个添加, 1 个删除ee/app/models/ee/group.rb
- lib/tasks/tokens.rake 1 个添加, 1 个删除lib/tasks/tokens.rake
- rubocop/cop/gitlab/token_without_prefix.rb 36 个添加, 0 个删除rubocop/cop/gitlab/token_without_prefix.rb
- spec/rubocop/cop/gitlab/token_without_prefix_spec.rb 30 个添加, 0 个删除spec/rubocop/cop/gitlab/token_without_prefix_spec.rb
加载中
想要评论请 注册 或 登录