airbrake-ruby 4.7.0

data/lib/airbrake-ruby/filters/git_repository_filter.rb

@@ -0,0 +1,64 @@
+module Airbrake
+  module Filters
+    # Attaches git repository URL to `context`.
+    # @api private
+    # @since v2.12.0
+    class GitRepositoryFilter
+      # @return [Integer]
+      attr_reader :weight
+
+      # @param [String] root_directory
+      def initialize(root_directory)
+        @git_path = File.join(root_directory, '.git')
+        @repository = nil
+        @git_version = detect_git_version
+        @weight = 116
+      end
+
+      # @macro call_filter
+      def call(notice)
+        return if notice[:context].key?(:repository)
+        attach_repository(notice)
+      end
+
+      def attach_repository(notice)
+        if @repository
+          notice[:context][:repository] = @repository
+          return
+        end
+
+        return unless File.exist?(@git_path)
+        return unless @git_version
+
+        @repository =
+          if @git_version >= Gem::Version.new('2.7.0')
+            `cd #{@git_path} && git config --get remote.origin.url`.chomp
+          else
+            "`git remote get-url` is unsupported in git #{@git_version}. " \
+            'Consider an upgrade to 2.7+'
+          end
+
+        return unless @repository
+        notice[:context][:repository] = @repository
+      end
+
+      private
+
+      def detect_git_version
+        return unless which('git')
+        Gem::Version.new(`git --version`.split[2])
+      end
+
+      # Cross-platform way to tell if an executable is accessible.
+      def which(cmd)
+        exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+        ENV['PATH'].split(File::PATH_SEPARATOR).find do |path|
+          exts.find do |ext|
+            exe = File.join(path, "#{cmd}#{ext}")
+            File.executable?(exe) && !File.directory?(exe)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/git_revision_filter.rb

@@ -0,0 +1,66 @@
+module Airbrake
+  module Filters
+    # Attaches current git revision to `context`.
+    # @api private
+    # @since v2.11.0
+    class GitRevisionFilter
+      # @return [Integer]
+      attr_reader :weight
+
+      # @return [String]
+      PREFIX = 'ref: '.freeze
+
+      # @param [String] root_directory
+      def initialize(root_directory)
+        @git_path = File.join(root_directory, '.git')
+        @revision = nil
+        @weight = 116
+      end
+
+      # @macro call_filter
+      def call(notice)
+        return if notice[:context].key?(:revision)
+
+        if @revision
+          notice[:context][:revision] = @revision
+          return
+        end
+
+        return unless File.exist?(@git_path)
+
+        @revision = find_revision
+        return unless @revision
+        notice[:context][:revision] = @revision
+      end
+
+      private
+
+      def find_revision
+        head_path = File.join(@git_path, 'HEAD')
+        return unless File.exist?(head_path)
+
+        head = File.read(head_path)
+        return head unless head.start_with?(PREFIX)
+        head = head.chomp[PREFIX.size..-1]
+
+        ref_path = File.join(@git_path, head)
+        return File.read(ref_path).chomp if File.exist?(ref_path)
+
+        find_from_packed_refs(head)
+      end
+
+      def find_from_packed_refs(head)
+        packed_refs_path = File.join(@git_path, 'packed-refs')
+        return head unless File.exist?(packed_refs_path)
+
+        File.readlines(packed_refs_path).each do |line|
+          next if %w[# ^].include?(line[0])
+          next unless (parts = line.split(' ')).size == 2
+          return parts.first if parts.last == head
+        end
+
+        nil
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/keys_blacklist.rb

@@ -0,0 +1,49 @@
+module Airbrake
+  module Filters
+    # A default Airbrake notice filter. Filters only specific keys listed in the
+    # list of parameters in the payload of a notice.
+    #
+    # @example
+    #   filter = Airbrake::Filters::KeysBlacklist.new(
+    #     [:email, /credit/i, 'password']
+    #   )
+    #   airbrake.add_filter(filter)
+    #   airbrake.notify(StandardError.new('App crashed!'), {
+    #     user: 'John'
+    #     password: 's3kr3t',
+    #     email: 'john@example.com',
+    #     credit_card: '5555555555554444'
+    #   })
+    #
+    #   # The dashboard will display this parameter as is, but all other
+    #   # values will be filtered:
+    #   #   { user: 'John',
+    #   #     password: '[Filtered]',
+    #   #     email: '[Filtered]',
+    #   #     credit_card: '[Filtered]' }
+    #
+    # @see KeysWhitelist
+    # @see KeysFilter
+    # @api private
+    class KeysBlacklist
+      include KeysFilter
+
+      def initialize(*)
+        super
+        @weight = -110
+      end
+
+      # @return [Boolean] true if the key matches at least one pattern, false
+      #   otherwise
+      def should_filter?(key)
+        @patterns.any? do |pattern|
+          if pattern.is_a?(Regexp)
+            key.match(pattern)
+          else
+            key.to_s == pattern.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/keys_filter.rb

@@ -0,0 +1,140 @@
+module Airbrake
+  # Namespace for all standard filters. Custom filters can also go under this
+  # namespace.
+  module Filters
+    # This is a filter helper that endows a class ability to filter notices'
+    # payload based on the return value of the +should_filter?+ method that a
+    # class that includes this module must implement.
+    #
+    # @see Notice
+    # @see KeysWhitelist
+    # @see KeysBlacklist
+    # @api private
+    module KeysFilter
+      # @return [String] The label to replace real values of filtered payload
+      FILTERED = '[Filtered]'.freeze
+
+      # @return [Array<String,Symbol,Regexp>] the array of classes instances of
+      #   which can compared with payload keys
+      VALID_PATTERN_CLASSES = [String, Symbol, Regexp].freeze
+
+      # @return [Array<Symbol>] parts of a Notice's payload that can be modified
+      #   by blacklist/whitelist filters
+      FILTERABLE_KEYS = %i[environment session params].freeze
+
+      # @return [Array<Symbol>] parts of a Notice's *context* payload that can
+      #   be modified by blacklist/whitelist filters
+      FILTERABLE_CONTEXT_KEYS = %i[user headers].freeze
+
+      include Loggable
+
+      # @return [Integer]
+      attr_reader :weight
+
+      # Creates a new KeysBlacklist or KeysWhitelist filter that uses the given
+      # +patterns+ for filtering a notice's payload.
+      #
+      # @param [Array<String,Regexp,Symbol>] patterns
+      def initialize(patterns)
+        @patterns = patterns
+        @valid_patterns = false
+      end
+
+      # @!macro call_filter
+      #   This is a mandatory method required by any filter integrated with
+      #   FilterChain.
+      #
+      #   @param [Notice] notice the notice to be filtered
+      #   @return [void]
+      #   @see FilterChain
+      def call(notice)
+        unless @valid_patterns
+          eval_proc_patterns!
+          validate_patterns
+        end
+
+        FILTERABLE_KEYS.each { |key| filter_hash(notice[key]) }
+        FILTERABLE_CONTEXT_KEYS.each { |key| filter_context_key(notice, key) }
+
+        return unless notice[:context][:url]
+        filter_url(notice)
+      end
+
+      # @raise [NotImplementedError] if called directly
+      def should_filter?(_key)
+        raise NotImplementedError, 'method must be implemented in the included class'
+      end
+
+      private
+
+      def filter_hash(hash)
+        return hash unless hash.is_a?(Hash)
+
+        hash.each_key do |key|
+          if should_filter?(key.to_s)
+            hash[key] = FILTERED
+          elsif hash[key].is_a?(Hash)
+            filter_hash(hash[key])
+          elsif hash[key].is_a?(Array)
+            hash[key].each { |h| filter_hash(h) }
+          end
+        end
+      end
+
+      def filter_url_params(url)
+        url.query = Hash[URI.decode_www_form(url.query)].map do |key, val|
+          # Ruby < 2.2 raises InvalidComponentError if the query contains
+          # invalid characters, so be sure to escape individual components.
+          if should_filter?(key)
+            "#{URI.encode_www_form_component(key)}=[Filtered]"
+          else
+            "#{URI.encode_www_form_component(key)}=#{URI.encode_www_form_component(val)}"
+          end
+        end.join('&')
+
+        url.to_s
+      end
+
+      def filter_url(notice)
+        begin
+          url = URI(notice[:context][:url])
+        rescue URI::InvalidURIError
+          return
+        end
+
+        return unless url.query
+        notice[:context][:url] = filter_url_params(url)
+      end
+
+      def eval_proc_patterns!
+        return unless @patterns.any? { |pattern| pattern.is_a?(Proc) }
+
+        @patterns = @patterns.flat_map do |pattern|
+          next(pattern) unless pattern.respond_to?(:call)
+          pattern.call
+        end
+      end
+
+      def validate_patterns
+        @valid_patterns = @patterns.all? do |pattern|
+          VALID_PATTERN_CLASSES.any? { |c| pattern.is_a?(c) }
+        end
+
+        return if @valid_patterns
+
+        logger.error(
+          "#{LOG_LABEL} one of the patterns in #{self.class} is invalid. " \
+          "Known patterns: #{@patterns}"
+        )
+      end
+
+      def filter_context_key(notice, key)
+        return unless notice[:context][key]
+        return if notice[:context][key] == FILTERED
+        return filter_hash(notice[:context][key]) unless should_filter?(key)
+
+        notice[:context][key] = FILTERED
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/keys_whitelist.rb

@@ -0,0 +1,48 @@
+module Airbrake
+  module Filters
+    # A default Airbrake notice filter. Filters everything in the payload of a
+    # notice, but specified keys.
+    #
+    # @example
+    #   filter = Airbrake::Filters::KeysBlacklist.new(
+    #     [:email, /credit/i, 'password']
+    #   )
+    #   airbrake.add_filter(filter)
+    #   airbrake.notify(StandardError.new('App crashed!'), {
+    #     user: 'John',
+    #     password: 's3kr3t',
+    #     email: 'john@example.com',
+    #     account_id: 42
+    #   })
+    #
+    #   # The dashboard will display this parameters as filtered, but other
+    #   # values won't be affected:
+    #   #   { user: 'John',
+    #   #     password: '[Filtered]',
+    #   #     email: 'john@example.com',
+    #   #     account_id: 42 }
+    #
+    # @see KeysBlacklist
+    # @see KeysFilter
+    class KeysWhitelist
+      include KeysFilter
+
+      def initialize(*)
+        super
+        @weight = -100
+      end
+
+      # @return [Boolean] true if the key doesn't match any pattern, false
+      #   otherwise.
+      def should_filter?(key)
+        @patterns.none? do |pattern|
+          if pattern.is_a?(Regexp)
+            key.match(pattern)
+          else
+            key.to_s == pattern.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/root_directory_filter.rb

@@ -0,0 +1,28 @@
+module Airbrake
+  module Filters
+    # Replaces root directory with a label.
+    # @api private
+    class RootDirectoryFilter
+      # @return [String]
+      PROJECT_ROOT_LABEL = '/PROJECT_ROOT'.freeze
+
+      # @return [Integer]
+      attr_reader :weight
+
+      def initialize(root_directory)
+        @root_directory = root_directory
+        @weight = 100
+      end
+
+      # @macro call_filter
+      def call(notice)
+        notice[:errors].each do |error|
+          error[:backtrace].each do |frame|
+            next unless (file = frame[:file])
+            file.sub!(/\A#{@root_directory}/, PROJECT_ROOT_LABEL)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/airbrake-ruby/filters/sql_filter.rb

@@ -0,0 +1,125 @@
+module Airbrake
+  module Filters
+    # SqlFilter filters out sensitive data from {Airbrake::Query}. Sensitive
+    # data is everything that is not table names or fields (e.g. column values
+    # and such).
+    #
+    # Supports the following SQL dialects:
+    # * PostgreSQL
+    # * MySQL
+    # * SQLite
+    # * Cassandra
+    # * Oracle
+    #
+    # @api private
+    # @since v3.2.0
+    class SqlFilter
+      # @return [String] the label to replace real values of filtered query
+      FILTERED = '?'.freeze
+
+      # @return [String] the string that will replace the query in case we
+      #   cannot filter it
+      ERROR_MSG = 'Error: Airbrake::Query was not filtered'.freeze
+
+      # @return [Hash{Symbol=>Regexp}] matchers for certain features of SQL
+      ALL_FEATURES = {
+        # rubocop:disable Metrics/LineLength
+        single_quotes: /'(?:[^']|'')*?(?:\\'.*|'(?!'))/,
+        double_quotes: /"(?:[^"]|"")*?(?:\\".*|"(?!"))/,
+        dollar_quotes: /(\$(?!\d)[^$]*?\$).*?(?:\1|$)/,
+        uuids: /\{?(?:[0-9a-fA-F]\-*){32}\}?/,
+        numeric_literals: /\b-?(?:[0-9]+\.)?[0-9]+([eE][+-]?[0-9]+)?\b/,
+        boolean_literals: /\b(?:true|false|null)\b/i,
+        hexadecimal_literals: /0x[0-9a-fA-F]+/,
+        comments: /(?:#|--).*?(?=\r|\n|$)/i,
+        multi_line_comments: %r{/\*(?:[^/]|/[^*])*?(?:\*/|/\*.*)},
+        oracle_quoted_strings: /q'\[.*?(?:\]'|$)|q'\{.*?(?:\}'|$)|q'\<.*?(?:\>'|$)|q'\(.*?(?:\)'|$)/
+        # rubocop:enable Metrics/LineLength
+      }.freeze
+
+      # @return [Regexp] the regexp that is applied after the feature regexps
+      #   were used
+      POST_FILTER = /(?<=[values|in ]\().+(?=\))/i
+
+      # @return [Hash{Symbol=>Array<Symbol>}] a set of features that corresponds
+      #   to a certain dialect
+      DIALECT_FEATURES = {
+        default: ALL_FEATURES.keys,
+        mysql: %i[
+          single_quotes double_quotes numeric_literals boolean_literals
+          hexadecimal_literals comments multi_line_comments
+        ].freeze,
+        postgres: %i[
+          single_quotes dollar_quotes uuids numeric_literals boolean_literals
+          comments multi_line_comments
+        ].freeze,
+        sqlite: %i[
+          single_quotes numeric_literals boolean_literals hexadecimal_literals
+          comments multi_line_comments
+        ].freeze,
+        oracle: %i[
+          single_quotes oracle_quoted_strings numeric_literals comments
+          multi_line_comments
+        ].freeze,
+        cassandra: %i[
+          single_quotes uuids numeric_literals boolean_literals
+          hexadecimal_literals comments multi_line_comments
+        ].freeze
+      }.freeze
+
+      # @return [Hash{Symbol=>Regexp}] a set of regexps to check for unmatches
+      #   quotes after filtering (should be none)
+      UNMATCHED_PAIR = {
+        mysql: %r{'|"|/\*|\*/},
+        mysql2: %r{'|"|/\*|\*/},
+        postgres: %r{'|/\*|\*/|\$(?!\?)},
+        sqlite: %r{'|/\*|\*/},
+        cassandra: %r{'|/\*|\*/},
+        oracle: %r{'|/\*|\*/},
+        oracle_enhanced: %r{'|/\*|\*/}
+      }.freeze
+
+      # @return [Array<Regexp>] the list of queries to be ignored
+      IGNORED_QUERIES = [
+        /\ACOMMIT/i,
+        /\ABEGIN/i,
+        /\ASET/i,
+        /\ASHOW/i,
+        /\AWITH/i,
+        /FROM pg_attribute/i
+      ].freeze
+
+      def initialize(dialect)
+        @dialect =
+          case dialect
+          when /mysql/i then :mysql
+          when /postgres/i then :postgres
+          when /sqlite/i then :sqlite
+          when /oracle/i then :oracle
+          when /cassandra/i then :cassandra
+          else
+            :default
+          end
+
+        features = DIALECT_FEATURES[@dialect].map { |f| ALL_FEATURES[f] }
+        @regexp = Regexp.union(features)
+      end
+
+      # @param [Airbrake::Query] resource
+      def call(resource)
+        return unless resource.respond_to?(:query)
+
+        query = resource.query
+        if IGNORED_QUERIES.any? { |q| q =~ query }
+          resource.ignore!
+          return
+        end
+
+        q = query.gsub(@regexp, FILTERED)
+        q.gsub!(POST_FILTER, FILTERED) if q =~ POST_FILTER
+        q = ERROR_MSG if UNMATCHED_PAIR[@dialect] =~ q
+        resource.query = q
+      end
+    end
+  end
+end