appsignal 0.4.7 → 0.5.0

data/lib/appsignal/middleware.rb

@@ -1,30 +1,4 @@
-require 'action_dispatch'
-
-module Appsignal
-  class Middleware
-    def initialize(app, options = {})
-      @app, @options = app, options
-    end
-
-    def call(env)
-      Appsignal::Transaction.create(env['action_dispatch.request_id'], env)
-      @app.call(env)
-    rescue Exception => exception
-      unless in_ignored_exceptions?(exception)
-        Appsignal::Transaction.current.add_exception(
-          Appsignal::ExceptionNotification.new(env, exception)
-        )
-      end
-      raise exception
-    ensure
-      Appsignal::Transaction.current.complete!
-    end
-
-    private
-
-    def in_ignored_exceptions?(exception)
-      Array.wrap(Appsignal.config[:ignore_exceptions]).
-        include?(exception.class.name)
-    end
-  end
-end
+require 'appsignal/middleware/chain'
+require 'appsignal/middleware/delete_blanks'
+require 'appsignal/middleware/action_view_sanitizer'
+require 'appsignal/middleware/active_record_sanitizer'

data/lib/appsignal/middleware/action_view_sanitizer.rb

@@ -0,0 +1,21 @@
+module Appsignal
+  module Middleware
+    class ActionViewSanitizer
+      TARGET_EVENT_CATEGORY = 'action_view'.freeze
+
+      def call(event)
+        if event.name.end_with?(TARGET_EVENT_CATEGORY)
+          identifier = event.payload[:identifier]
+          if identifier
+            identifier.gsub!(root_path, '')
+          end
+        end
+        yield
+      end
+
+      def root_path
+        @root_path ||= "#{Rails.root.to_s}/"
+      end
+    end
+  end
+end

data/lib/appsignal/middleware/active_record_sanitizer.rb

@@ -0,0 +1,60 @@
+require 'active_record'
+
+module Appsignal
+  module Middleware
+    class ActiveRecordSanitizer
+      TARGET_EVENT_NAME = 'sql.active_record'.freeze
+
+      SINGLE_QUOTE       = /\\'/.freeze
+      DOUBLE_QUOTE       = /\\"/.freeze
+      QUOTED_DATA        = /(?:"[^"]+"|'[^']+')/.freeze
+      SINGLE_QUOTED_DATA = /(?:'[^']+')/.freeze
+      IN_ARRAY           = /(IN \()[^\)]+(\))/.freeze
+      NUMERIC_DATA       = /\b\d+\b/.freeze
+
+      SANITIZED_VALUE = '\1?\2'.freeze
+
+      def call(event)
+        if event.name == TARGET_EVENT_NAME
+          unless schema_query?(event) || adapter_uses_prepared_statements?
+            query_string = event.payload[:sql]
+            if query_string
+              if adapter_uses_double_quoted_table_names?
+                query_string.gsub!(SINGLE_QUOTE, SANITIZED_VALUE)
+                query_string.gsub!(SINGLE_QUOTED_DATA, SANITIZED_VALUE)
+              else
+                query_string.gsub!(SINGLE_QUOTE, SANITIZED_VALUE)
+                query_string.gsub!(DOUBLE_QUOTE, SANITIZED_VALUE)
+                query_string.gsub!(QUOTED_DATA, SANITIZED_VALUE)
+              end
+              query_string.gsub!(IN_ARRAY, SANITIZED_VALUE)
+              query_string.gsub!(NUMERIC_DATA, SANITIZED_VALUE)
+            end
+          end
+          event.payload.delete(:connection_id)
+          event.payload.delete(:binds)
+        end
+        yield
+      end
+
+      def schema_query?(event)
+        event.payload[:name] == 'SCHEMA'
+      end
+
+      def connection_config
+        ActiveRecord::Base.connection_config
+      end
+
+      def adapter_uses_double_quoted_table_names?
+        adapter = connection_config[:adapter]
+        adapter =~ /postgres/ || adapter =~ /sqlite/
+      end
+
+      def adapter_uses_prepared_statements?
+        return false unless adapter_uses_double_quoted_table_names?
+        return true if connection_config[:prepared_statements].nil?
+        connection_config[:prepared_statements]
+      end
+    end
+  end
+end

data/lib/appsignal/middleware/chain.rb

@@ -0,0 +1,99 @@
+module Appsignal
+  # Middleware is code configured to run before/after a message is processed.
+  # It is patterned after Rack middleware.
+  #
+  # @example To add middleware:
+  #
+  #   Appsignal.post_processing_middleware do |chain|
+  #     chain.add MyPostProcessingHook
+  #   end
+  #
+  # @example To insert immediately preceding another entry:
+  #
+  #   Appsignal.post_process_middleware do |chain|
+  #     chain.insert_before ActiveRecord, MyPostProcessingHook
+  #   end
+  #
+  # @example To insert immediately after another entry:
+  #
+  #   Appsignal.post_process_middleware do |chain|
+  #     chain.insert_after ActiveRecord, MyPostProcessingHook
+  #   end
+  #
+  # @example This is an example of a minimal middleware class:
+  #
+  #   class MySHook
+  #     def call(transaction)
+  #       puts "Before post processing"
+  #       yield
+  #       puts "After post processing"
+  #     end
+  #   end
+  #
+  module Middleware
+    class Chain
+      attr_reader :entries
+
+      def initialize
+        @entries = []
+        yield self if block_given?
+      end
+
+      def remove(klass)
+        entries.delete_if { |entry| entry.klass == klass }
+      end
+
+      def add(klass, *args)
+        entries << Entry.new(klass, *args) unless exists?(klass)
+      end
+
+      def insert_before(oldklass, newklass, *args)
+        i = entries.index { |entry| entry.klass == newklass }
+        new_entry = i.nil? ? Entry.new(newklass, *args) : entries.delete_at(i)
+        i = entries.find_index { |entry| entry.klass == oldklass } || 0
+        entries.insert(i, new_entry)
+      end
+
+      def insert_after(oldklass, newklass, *args)
+        i = entries.index { |entry| entry.klass == newklass }
+        new_entry = i.nil? ? Entry.new(newklass, *args) : entries.delete_at(i)
+        i = entries.find_index { |entry| entry.klass == oldklass } || entries.count - 1
+        entries.insert(i+1, new_entry)
+      end
+
+      def exists?(klass)
+        entries.any? { |entry| entry.klass == klass }
+      end
+
+      def retrieve
+        @retrieve ||= entries.map(&:make_new)
+      end
+
+      def clear
+        entries.clear
+      end
+
+      def invoke(*args)
+        chain = retrieve.dup
+        traverse_chain = lambda do
+          unless chain.empty?
+            chain.shift.call(*args, &traverse_chain)
+          end
+        end
+        traverse_chain.call
+      end
+    end
+
+    class Entry
+      attr_reader :klass
+      def initialize(klass, *args)
+        @klass = klass
+        @args  = args
+      end
+
+      def make_new
+        @klass.new(*@args)
+      end
+    end
+  end
+end

data/lib/appsignal/middleware/delete_blanks.rb

@@ -0,0 +1,12 @@
+module Appsignal
+  module Middleware
+    class DeleteBlanks
+      def call(event)
+        event.payload.each do |key, value|
+          event.payload.delete(key) if value.blank?
+        end
+        yield
+      end
+    end
+  end
+end

data/lib/appsignal/railtie.rb

@@ -1,8 +1,14 @@
 module Appsignal
   class Railtie < Rails::Railtie
     initializer "appsignal.configure_rails_initialization" do |app|
+      Appsignal.logger = Logger.new(Rails.root.join('log/appsignal.log')).tap do |l|
+        l.level = Logger::INFO
+      end
+      Appsignal.flush_in_memory_log
+
       if Appsignal.active?
-        app.middleware.insert_before ActionDispatch::RemoteIp, Appsignal::Middleware
+        app.middleware.
+          insert_before(ActionDispatch::RemoteIp, Appsignal::Listener)
 
         Appsignal.subscriber = ActiveSupport::Notifications.subscribe(/^[^!]/) do |*args|
           if Appsignal::Transaction.current
@@ -17,3 +23,5 @@ module Appsignal
     end
   end
 end
+
+require 'appsignal/to_appsignal_hash'

data/lib/appsignal/to_appsignal_hash.rb

@@ -0,0 +1,23 @@
+module Appsignal
+  module ToAppsignalHash
+
+    def to_appsignal_hash
+      {
+        :name => name,
+        :duration => duration,
+        :time => time.to_f,
+        :end => self.end.to_f,
+        :payload => payload
+      }
+    end
+
+  end
+end
+
+module ActiveSupport
+  module Notifications
+    class Event
+      include Appsignal::ToAppsignalHash
+    end
+  end
+end

data/lib/appsignal/transaction.rb

@@ -1,8 +1,20 @@
 require 'socket'
 require 'appsignal/transaction/transaction_formatter'
+require 'appsignal/transaction/params_sanitizer'
 
 module Appsignal
   class Transaction
+    # Based on what Rails uses + some variables we'd like to show
+    ENV_METHODS = %w(CONTENT_LENGTH AUTH_TYPE GATEWAY_INTERFACE
+    PATH_TRANSLATED REMOTE_HOST REMOTE_IDENT REMOTE_USER REMOTE_ADDR
+    REQUEST_METHOD SERVER_NAME SERVER_PORT SERVER_PROTOCOL
+
+    HTTP_X_REQUEST_START HTTP_X_MIDDLEWARE_START HTTP_X_QUEUE_START
+    HTTP_X_QUEUE_TIME HTTP_X_HEROKU_QUEUE_WAIT_TIME HTTP_X_APPLICATION_START
+    HTTP_ACCEPT HTTP_ACCEPT_CHARSET HTTP_ACCEPT_ENCODING HTTP_ACCEPT_LANGUAGE
+    HTTP_CACHE_CONTROL HTTP_CONNECTION HTTP_USER_AGENT HTTP_FROM HTTP_NEGOTIATE
+    HTTP_PRAGMA HTTP_REFERER).freeze
+
     def self.create(key, env)
       Thread.current[:appsignal_transaction_id] = key
       Appsignal.transactions[key] = Appsignal::Transaction.new(key, env)
@@ -12,7 +24,8 @@ module Appsignal
       Appsignal.transactions[Thread.current[:appsignal_transaction_id]]
     end
 
-    attr_reader :id, :events, :process_action_event, :action, :exception, :env
+    attr_reader :id, :events, :process_action_event, :action, :exception, :env,
+      :fullpath, :time
 
     def initialize(id, env)
       @id = id
@@ -22,15 +35,22 @@ module Appsignal
       @env = env
     end
 
+    def sanitized_environment
+      @sanitized_environment ||= {}
+    end
+
+    def sanitized_session_data
+      @sanitized_session_data ||= {}
+    end
+
     def request
       ActionDispatch::Request.new(@env)
     end
 
     def set_process_action_event(event)
       @process_action_event = event
-      if @process_action_event && @process_action_event.payload
-        @action = "#{process_action_event.payload[:controller]}#"\
-                  "#{process_action_event.payload[:action]}"
+      if event && event.payload
+        @action = "#{event.payload[:controller]}##{event.payload[:action]}"
       end
     end
 
@@ -39,6 +59,7 @@ module Appsignal
     end
 
     def add_exception(ex)
+      @time = Time.now.utc.to_f
       @exception = ex
     end
 
@@ -48,30 +69,65 @@ module Appsignal
 
     def slow_request?
       return false unless process_action_event && process_action_event.payload
-      Appsignal.config[:slow_request_threshold] <= process_action_event.duration
+      Appsignal.config[:slow_request_threshold] <=
+        process_action_event.duration
     end
 
-    def clear_payload_and_events!
-      @process_action_event.payload.clear
-      @events.clear
+    def slower?(transaction)
+      process_action_event.duration > transaction.process_action_event.duration
+    end
+
+    def truncate!
+      process_action_event.payload.clear
+      events.clear
+      sanitized_environment.clear
+      sanitized_session_data.clear
+      @env = nil
+    end
+
+    def convert_values_to_primitives!
+      Appsignal::ParamsSanitizer.sanitize!(@process_action_event.payload) if @process_action_event
+      @events.each { |o| Appsignal::ParamsSanitizer.sanitize!(o.payload) }
+      add_sanitized_context!
+    end
+
+    def type
+      return :exception if exception?
+      return :slow_request if slow_request?
+      :regular_request
     end
 
     def to_hash
-      if exception?
-        TransactionFormatter.faulty(self)
-      elsif slow_request?
-        TransactionFormatter.slow(self)
-      else
-        TransactionFormatter.regular(self)
-      end.to_hash
+      TransactionFormatter.new(self).to_hash
     end
 
     def complete!
       Thread.current[:appsignal_transaction_id] = nil
       current_transaction = Appsignal.transactions.delete(@id)
       if process_action_event || exception?
-        Appsignal.agent.add_to_queue(current_transaction)
+        Appsignal.enqueue(current_transaction)
+      end
+    end
+
+    protected
+
+    def add_sanitized_context!
+      sanitize_environment!
+      sanitize_session_data!
+      @env = nil
+    end
+
+    def sanitize_environment!
+      env.each do |key, value|
+        sanitized_environment[key] = value if ENV_METHODS.include?(key)
       end
     end
+
+    def sanitize_session_data!
+      @sanitized_session_data =
+        Appsignal::ParamsSanitizer.sanitize(request.session)
+      @fullpath = request.fullpath
+    end
+
   end
 end

data/lib/appsignal/transaction/params_sanitizer.rb

@@ -2,35 +2,113 @@ module Appsignal
   class ParamsSanitizer
     class << self
       def sanitize(params)
-        sanitize_hash(params)
+        ParamsSanitizerCopy.sanitize_value(params)
       end
 
-      protected
+      def sanitize!(params)
+        ParamsSanitizerDestructive.sanitize_value(params)
+      end
 
-      def sanitize_hash(hash)
-        out = {}
-        hash.each_pair do |key, value|
-          out[key] = sanitize_value(value)
-        end
-        out
+      def scrub(params)
+        ParamsSanitizerCopyScrub.sanitize_value(params)
       end
 
-      def sanitize_array(array)
-        array.map { |value| sanitize_value(value) }
+      def scrub!(params)
+        ParamsSanitizerDestructiveScrub.sanitize_value(params)
       end
 
+      protected
+
       def sanitize_value(value)
         case value
         when Hash
           sanitize_hash(value)
         when Array
           sanitize_array(value)
-        when String
-          value
+        when Fixnum, String, Symbol
+          unmodified(value)
         else
-          value.inspect
+          inspected(value)
         end
       end
+
+      def sanitize_hash_with_target(source_hash, target_hash)
+        source_hash.each_pair do |key, value|
+          target_hash[key] = sanitize_value(value)
+        end
+        target_hash
+      end
+
+      def sanitize_array_with_target(source_array, target_array)
+        source_array.each_with_index do |item, index|
+          target_array[index] = sanitize_value(item)
+        end
+        target_array
+      end
+
+      def unmodified(value)
+        value
+      end
+
+      def inspected(value)
+        value.inspect
+      end
+    end
+  end
+
+  class ParamsSanitizerCopy < ParamsSanitizer
+    class << self
+      protected
+
+      def sanitize_hash(hash)
+        sanitize_hash_with_target(hash, {})
+      end
+
+      def sanitize_array(array)
+        sanitize_array_with_target(array, [])
+      end
+    end
+  end
+
+  class ParamsSanitizerDestructive < ParamsSanitizer
+    class << self
+      protected
+
+      def sanitize_hash(hash)
+        sanitize_hash_with_target(hash, hash)
+      end
+
+      def sanitize_array(array)
+        sanitize_array_with_target(array, array)
+      end
+    end
+  end
+
+  class ParamsSanitizerCopyScrub < ParamsSanitizerCopy
+    class << self
+      protected
+
+      def unmodified(value)
+        '?'
+      end
+
+      def inspected(value)
+        '?'
+      end
+    end
+  end
+
+  class ParamsSanitizerDestructiveScrub < ParamsSanitizerDestructive
+    class << self
+      protected
+
+      def unmodified(value)
+        '?'
+      end
+
+      def inspected(value)
+        '?'
+      end
     end
   end
 end