Page MenuHomePhabricator

phabricator: auto-sanitise API tokens and HTTP cookies from VCR recordings
ClosedPublic

Authored by Kwan on Jun 11 2019, 2:56 PM.

Details

Summary

Currently when making VCR recordings one needs to manually sanitise sensitive
credentials before committing and submitting them as part of tests. It is easy
to imagine this being accidentally missed one time by a fallible human and said
credentials being leaked. It is also possible that it wouldn't be noticed to
alert the user to the leak since the recording files are so large and
practically unreviewable. Thus do so automatically, so the only place that needs
checking is in the test-phabricator.t file.

Diff Detail

Repository
rHG Mercurial
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Kwan created this revision.Jun 11 2019, 2:56 PM
This revision was not accepted when it landed; it landed in state Needs Review.
This revision was automatically updated to reflect the committed changes.