instana 1.12.0 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f4a95f79f6ce7a30fe5f54797a8a47637dd659345043155c13eec90a8fe221c
-  data.tar.gz: 8206b32f50dd0f80386854ec216414cb976f3045ba113e5a86f161cba87a4736
+  metadata.gz: '09630573df5e1941fc17023b97864fd430f6135b9e0a72cd2f19225265b66d16'
+  data.tar.gz: b8dc0dda20938dc03f4ebe0887c3ccd68d03995d07e0c7233a19ff3a0780f1a7
 SHA512:
-  metadata.gz: 9eada422ab4a40b7566fa1ae44614efc0ca2874ba0018fecd494ec01e31d1fa66c3a5ba18f86d6ded8089cbad85b196a21b57eaa79a17372ae954385c9ddfd7e
-  data.tar.gz: ffa1dd9e0eac0d0041945d1ddd10ecfcb813c82dcfa5aa241302838c02af17a015457af0344654bb77cc6ffb245958c8ab712c9eab450fbb627fa185ab591075
+  metadata.gz: a9bf1d5bfd714b8d1e3e187d0dfe47f0917384fb41b45d8f01b10890c7259c985b20d5adb550d955ac51b8bca9102246e9926ce114d448b391b82e0acdcd46c4
+  data.tar.gz: 139872ad95ceeca46b97be78773d999228ff30563ff90f29e65032bd6b55f7e619fb00a9e130ad6bd06b83dd0bca3e4321428e5172795242c8a045de570bd77a

data/Rakefile

@@ -8,44 +8,33 @@ Rake::TestTask.new(:test) do |t|
 
   t.libs << "test"
   t.libs << "lib"
-  t.test_files = FileList['test/**/*_test.rb']
-
-  if ENV.key?('BUNDLE_GEMFILE')
-    case File.basename(ENV['BUNDLE_GEMFILE']).split('.').first
-    when /rails6/
-      t.test_files = %w(test/frameworks/rails/activerecord_test.rb
-                        test/frameworks/rails/actioncontroller_test.rb
-                        test/frameworks/rails/actionview5_test.rb)
-    when /rails5/
-      t.test_files = %w(test/frameworks/rails/activerecord_test.rb
-                        test/frameworks/rails/actioncontroller_test.rb
-                        test/frameworks/rails/actionview5_test.rb)
-    when /rails42/
-      t.test_files = %w(test/frameworks/rails/activerecord_test.rb
-                        test/frameworks/rails/actioncontroller_test.rb
-                        test/frameworks/rails/actionview4_test.rb)
-    when /rails32/
-      t.test_files = %w(test/frameworks/rails/activerecord_test.rb
-                        test/frameworks/rails/actioncontroller_test.rb
-                        test/frameworks/rails/actionview3_test.rb)
-    when /libraries/
-      t.test_files = FileList['test/instrumentation/*_test.rb',
-                              'test/frameworks/cuba_test.rb',
-                              'test/frameworks/rack_test.rb',
-                              'test/frameworks/roda_test.rb',
-                              'test/frameworks/sinatra_test.rb']
-    else
-      t.test_files = FileList['test/agent/*_test.rb'] +
-                     FileList['test/tracing/*_test.rb'] +
-                     FileList['test/profiling/*_test.rb'] +
-                     FileList['test/benchmarks/bench_*.rb']
-    end
-  else
-    t.test_files = FileList['test/agent/*_test.rb'] +
-        FileList['test/tracing/*_test.rb'] +
-        FileList['test/profiling/*_test.rb'] +
-        FileList['test/benchmarks/bench_*.rb']
+
+  t.test_files = Dir[
+    'test/*_test.rb',
+    'test/{agent,tracing,profiling,benchmarks}/*_test.rb'
+  ]
+
+  case File.basename(ENV.fetch('BUNDLE_GEMFILE', '')).split('.').first
+  when /rails6/
+    t.test_files = %w(test/frameworks/rails/activerecord_test.rb
+                      test/frameworks/rails/actioncontroller_test.rb
+                      test/frameworks/rails/actionview5_test.rb)
+  when /rails5/
+    t.test_files = %w(test/frameworks/rails/activerecord_test.rb
+                      test/frameworks/rails/actioncontroller_test.rb
+                      test/frameworks/rails/actionview5_test.rb)
+  when /rails42/
+    t.test_files = %w(test/frameworks/rails/activerecord_test.rb
+                      test/frameworks/rails/actioncontroller_test.rb
+                      test/frameworks/rails/actionview4_test.rb)
+  when /rails32/
+    t.test_files = %w(test/frameworks/rails/activerecord_test.rb
+                      test/frameworks/rails/actioncontroller_test.rb
+                      test/frameworks/rails/actionview3_test.rb)
+  when /libraries/
+    t.test_files = Dir['test/{instrumentation,frameworks}/*_test.rb']
   end
+
 end
 
 task :environment do

data/lib/instana/agent.rb

@@ -25,6 +25,7 @@ module Instana
     attr_accessor :collect_thread
     attr_accessor :thread_spawn_lock
     attr_accessor :extra_headers
+    attr_reader :secret_values
 
     attr_accessor :testmode
 
@@ -83,6 +84,10 @@ module Instana
 
       # The agent may pass down custom headers for this sensor to capture
       @extra_headers = nil
+      
+      # The values considered sensitive and removed from http query parameters
+      # and database connection strings 
+      @secret_values = nil
     end
 
     # Spawns the background thread and calls start.  This method is separated
@@ -278,6 +283,7 @@ module Instana
         data = Oj.load(response.body, OJ_OPTIONS)
         @process[:report_pid] = data['pid']
         @agent_uuid = data['agentUuid']
+        @secret_values = data['secrets']
 
         if data.key?('extraHeaders')
           @extra_headers = data['extraHeaders']

data/lib/instana/base.rb

@@ -12,6 +12,7 @@ module Instana
     attr_accessor :config
     attr_accessor :logger
     attr_accessor :pid
+    attr_reader :secrets
 
     ##
     # setup
@@ -24,6 +25,7 @@ module Instana
       @tracer = ::Instana::Tracer.new
       @processor = ::Instana::Processor.new
       @collector = ::Instana::Collector.new
+      @secrets = ::Instana::Secrets.new
     end
   end
 end

data/lib/instana/instrumentation/excon.rb

@@ -7,7 +7,7 @@ if defined?(::Excon) && ::Instana.config[:excon][:enabled]
 
           payload = { :http => {} }
           path = datum[:path].split('?').first
-          payload[:http][:url] = "#{datum[:connection].instance_variable_get(:@socket_key)}#{path}"
+          payload[:http][:url] = ::Instana.secrets.remove_from_query("#{datum[:connection].instance_variable_get(:@socket_key)}#{path}")
           payload[:http][:method] = datum[:method] if datum.key?(:method)
 
           if datum[:pipeline] == true

data/lib/instana/instrumentation/net-http.rb

@@ -32,6 +32,8 @@ if defined?(::Net::HTTP) && ::Instana.config[:nethttp][:enabled]
           kv_payload[:http][:url] = "http://#{@address}:#{@port}#{request.path}"
         end
       end
+      
+      kv_payload[:http][:url] = ::Instana.secrets.remove_from_query(kv_payload[:http][:url])
 
       # The core call
       response = request_without_instana(*args, &block)

data/lib/instana/secrets.rb

@@ -0,0 +1,42 @@
+require 'uri'
+require 'cgi'
+
+module Instana
+  class Secrets    
+    def remove_from_query(str, secret_values = Instana.agent.secret_values)
+      return str unless secret_values
+      
+      url = URI(str)
+      params = CGI.parse(url.query)
+      
+      redacted = params.map do |k, v|
+        needs_redaction = secret_values['list']
+          .any? { |t| matcher(secret_values['matcher']).(t,k) }
+        [k, needs_redaction ? '<redacted>' : v]
+      end
+      
+      url.query = URI.encode_www_form(redacted)
+      CGI.unescape(url.to_s)
+    end
+    
+    private
+    
+    def matcher(name)
+      case name
+      when 'equals-ignore-case'
+        ->(expected, actual) { expected.casecmp(actual) == 0 }
+      when 'equals'
+        ->(expected, actual) { (expected <=> actual) == 0 }
+      when 'contains-ignore-case'
+        ->(expected, actual) { actual.downcase.include?(expected) }
+      when 'contains'
+        ->(expected, actual) { actual.include?(expected) }
+      when 'regex'
+        ->(expected, actual) { !Regexp.new(expected).match(actual).nil? }
+      else
+        ::Instana.logger.warn("Matcher #{name} is not supported.")
+        lambda { false }
+      end
+    end
+  end
+end

data/lib/instana/setup.rb

@@ -4,6 +4,7 @@ require "instana/base"
 require "instana/config"
 require "instana/agent"
 require "instana/collector"
+require "instana/secrets"
 require "instana/tracer"
 require "instana/tracing/processor"
 require "instana/instrumentation"

data/lib/instana/version.rb

@@ -1,4 +1,4 @@
 module Instana
-  VERSION = "1.12.0"
+  VERSION = "1.13.0"
   VERSION_FULL = "instana-#{VERSION}"
 end

data/test/config_test.rb

@@ -10,28 +10,12 @@ class ConfigTest < Minitest::Test
     assert_equal '127.0.0.1', ::Instana.config[:agent_host]
     assert_equal 42699, ::Instana.config[:agent_port]
 
-    assert ::Instana.config[:enabled]
     assert ::Instana.config[:tracing][:enabled]
     assert ::Instana.config[:metrics][:enabled]
 
     ::Instana.config[:metrics].each do |k, v|
+      next unless v.is_a? Hash
       assert_equal true, ::Instana.config[:metrics][k].key?(:enabled)
     end
   end
-
-  def test_that_global_affects_children
-    # Disabling the gem should explicitly disable
-    # metrics and tracing flags
-    ::Instana.config[:enabled] = false
-
-    assert_equal false, ::Instana.config[:tracing][:enabled]
-    assert_equal false, ::Instana.config[:metrics][:enabled]
-
-    # Enabling the gem should explicitly enable
-    # metrics and tracing flags
-    ::Instana.config[:enabled] = true
-
-    assert_equal ::Instana.config[:tracing][:enabled]
-    assert_equal ::Instana.config[:metrics][:enabled]
-  end
 end

data/test/secrets_test.rb

@@ -0,0 +1,73 @@
+require 'test_helper'
+
+class SecretsTest < Minitest::Test
+  def setup
+    @subject = Instana::Secrets.new
+  end
+  
+  def test_equals_ignore_case
+    sample_config = {
+      "matcher"=>"equals-ignore-case", 
+      "list"=>["key"]
+    }
+    
+    url = url_for(%w(key Str kEy KEY))
+    assert_redacted @subject.remove_from_query(url, sample_config), %w(key kEy KEY)
+  end
+  
+  def test_equals
+    sample_config = {
+      "matcher"=>"equals", 
+      "list"=>["key", "kEy"]
+    }
+    
+    url = url_for(%w(key Str kEy KEY))
+    assert_redacted @subject.remove_from_query(url, sample_config), %w(key kEy)
+  end
+  
+  def test_contains_ignore_case
+    sample_config = {
+      "matcher"=>"contains-ignore-case", 
+      "list"=>["stan"]
+    }
+    
+    url = url_for(%w(instantiate conTESTant sample))
+    assert_redacted @subject.remove_from_query(url, sample_config), %w(instantiate conTESTant)
+  end
+  
+  def test_contains
+    sample_config = {
+      "matcher"=>"contains", 
+      "list"=>["stan"]
+    }
+    
+    url = url_for(%w(instantiate conTESTant sample))
+    assert_redacted @subject.remove_from_query(url, sample_config), %w(instantiate)
+  
+  end
+  
+  def test_regexp
+    sample_config = {
+      "matcher"=>"regex", 
+      "list"=>["l{2}"]
+    }
+    
+    url = url_for(%w(ball foot move))
+    assert_redacted @subject.remove_from_query(url, sample_config), %w(ball) 
+  end
+  
+  private
+  
+  def url_for(keys)
+    url = URI('http://example.com')
+    url.query = URI.encode_www_form(keys.map { |k| [k, rand(1..100)]})
+    url.to_s
+  end
+  
+  def assert_redacted(str, keys)
+    url = URI(str)
+    params = CGI.parse(url.query)
+    
+    assert_equal keys, params.select { |_, v| v == %w(<redacted>) }.keys, 'to be redacted'
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: instana
 version: !ruby/object:Gem::Version
-  version: 1.12.0
+  version: 1.13.0
 platform: ruby
 authors:
 - Peter Giacomo Lombardo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-01-07 00:00:00.000000000 Z
+date: 2021-01-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -242,6 +242,7 @@ files:
 - lib/instana/opentracing/carrier.rb
 - lib/instana/opentracing/tracer.rb
 - lib/instana/rack.rb
+- lib/instana/secrets.rb
 - lib/instana/setup.rb
 - lib/instana/test.rb
 - lib/instana/thread_local.rb
@@ -287,6 +288,7 @@ files:
 - test/jobs/sidekiq_job_2.rb
 - test/models/block.rb
 - test/models/block6.rb
+- test/secrets_test.rb
 - test/servers/grpc_50051.rb
 - test/servers/helpers/sidekiq_worker_initializer.rb
 - test/servers/rackapp_6511.rb
@@ -335,6 +337,7 @@ test_files:
 - test/agent/agent_test.rb
 - test/models/block.rb
 - test/models/block6.rb
+- test/secrets_test.rb
 - test/instrumentation/sidekiq-client_test.rb
 - test/instrumentation/resque_test.rb
 - test/instrumentation/sidekiq-worker_test.rb