diff --git a/api/target.go b/api/target.go
index 3f44a820d..3854153a6 100644
--- a/api/target.go
+++ b/api/target.go
@@ -132,8 +132,9 @@ func (t *TargetAPI) Get() {
 		t.CustomAbort(http.StatusNotFound, http.StatusText(http.StatusNotFound))
 	}
 
-	// the reason why the password is returned is that when user just wants to
-	// modify other fields of target he does not need to input the password again
+	// The reason why the password is returned is that when user just wants to
+	// modify other fields of target he does not need to input the password again.
+	// The security issue can be fixed by enable https.
 	if len(target.Password) != 0 {
 		pwd, err := utils.ReversibleDecrypt(target.Password)
 		if err != nil {
diff --git a/dao/dao_test.go b/dao/dao_test.go
index 8655a179c..ccd847abc 100644
--- a/dao/dao_test.go
+++ b/dao/dao_test.go
@@ -731,6 +731,7 @@ var targetID, policyID, policyID2, policyID3, jobID, jobID2, jobID3 int64
 
 func TestAddRepTarget(t *testing.T) {
 	target := models.RepTarget{
+		Name:     "test",
 		URL:      "127.0.0.1:5000",
 		Username: "admin",
 		Password: "admin",
@@ -838,6 +839,17 @@ func TestGetAllRepTargets(t *testing.T) {
 	}
 }
 
+func TestFilterRepTargets(t *testing.T) {
+	targets, err := FilterRepTargets("test")
+	if err != nil {
+		t.Fatalf("failed to get all targets: %v", err)
+	}
+
+	if len(targets) == 0 {
+		t.Errorf("unexpected num of targets: %d, expected: %d", len(targets), 1)
+	}
+}
+
 func TestAddRepPolicy(t *testing.T) {
 	policy := models.RepPolicy{
 		ProjectID:   1,