Backend: Increase masking of special characters for variables
Summary
Based on the investigation on whether or not we can add more special characters to masked variables, the conclusion is we need to update the regex restriction rule in rails to be less strict. This issue is for the implementation.
Why this matters and how we measure
This currently prevents users from migrating from Jenkins and is a key part of our CI adoption strategy.
Proposal
From the investigation:
My recommendation would be to allow the same characters we allow as part of a regular variable, with the exception of \n
and \r
.
\n
, \r
, \r\n
because rendering a secret with newlines/carriage returns is probably more likely to be modified as it runs through programs and the Runner masker may want to read line-by-line at some point (The masking technique doesn't require this today though).
Performance Considerations
Out of Scope
Acceptance Criteria
Confirmation of character masking per the Proposal.
Some relevant technical details, if applicable, such as:
- Does this need a feature flag?
- Does there need to be an associated instrumentation issue created related to this work?
- Is there an example response showing the data structure that should be returned (new endpoints only)?
- What permissions should be used?
- Which tier(s) is this for?
- Additional comments:
Implementation Table
Group | Issue Link |
---|---|
backend |
|
documentation | Issue Title |
Investigation | Investigation: Special character limitations in masked variables |