filter `body` parameter for `/api/:version/projects/:id/issues/:noteable_id/notes` (and probably elsewhere)
body parameter is currently being logged in the structured rails log. Content that should remain private/confidential is present in logs. This is also an unstructured text field that can be large and causes unnecessary resource usage of logging infrastructure.
Steps to reproduce
Submit a valid request to the notes route:
What is the current bug behavior?
body parameter is included in the
What is the expected correct behavior?
body parameter should not present or given a placeholder value like
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com.
Add to the filter list will fix the immediate issue, however, this is a repeated, ongoing issue affecting the user privacy of GitLab.com users and projects and should be addressed more systematically by changing to an
allowList explicitly listing fields to includes in logs: gitlab-org/gitlab-ce#57673