Add detail of potential secrets in client-side token warnings (!156503) · Merge requests · GitLab.org / GitLab

Dheeraj Joshi requested to merge djadmin-improve-secret-detection-js into master Jun 17, 2024

What does this MR do and why?

This MR adds more details around the secrets found in the client-side secret detection warnings.

Show detected token type
Show detected token (redacted)

Additionally, this update incorporates the following refactoring:

We consolidated two methods (containsSensitiveToken and confirmSensitiveAction) into one (detectAndConfirmSensitiveTokens) for improved usability and extensibility.
Implemented missing test coverage.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before

After

One secret found	Multiple secret found

Other variants

How to set up and validate locally

Add a comment to any issue / MR page with the following message:

hello glpat-12345678901234567890

It should show the modal with updated messaging.

Edited Jul 10, 2024 by Dheeraj Joshi

Add detail of potential secrets in client-side token warnings