Mask http header values
What does this MR do?
Masks HTTP Headers in the DAST report so that sensitive information isn't displayed. Masking will replace the real header value with a series of *
.
When the DAST_MASK_HTTP_HEADERS
environment variable is not supplied, the headers Authorization
, Proxy-Authorization
, Set-Cookie
and Cookie
will have their values masked.
Cookie
and Set-Cookie
are treated like special cases as only the values in the value will be masked, e.g. 'Set-Cookie', 'sessionId=********; Domain=site.com; Secure; HttpOnly'
.
This MR has no changelog, as the feature has not been turned on.
What are the relevant issue numbers?
gitlab-org/gitlab#215679 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer