opbeat 1.1.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f0e680f1743a61cd93df6a57aeae419b272fe26d
-  data.tar.gz: 352da6e6062c4b524c8524c807f4fc82cddf441b
+  metadata.gz: 0cc7e45c2207d40f1deaa655ae2510e7f6c38d7c
+  data.tar.gz: 2793d306ca86292a30fedc2ee831af7086862adc
 SHA512:
-  metadata.gz: 5a219a7467138cb9f88e4032028c05f465f76aaba9bf592ded9b8b84890f6d4d3a1da972899a97ee41550ea3ecf2efc512d902beadabe1ff627bf50166d6f723
-  data.tar.gz: cdebe683a8ba86f2d27dd7652fc428bd75466c4dc2ac457dad548e4db1097e595ec1c0cfa45e80d49a08dbb7244e71e3ea08789cba67fadde2062f2baa840677
+  metadata.gz: 388d8dedb07d74f4ee42fa21855a037a0559ea4c783e2107a8158dcc9dd2510e6e4fdc0e90a19b1a4e7fa4fdf290a50ebf23aacab5934ca937ab9edd84a01616
+  data.tar.gz: 2dc336b2815d477d7fc2fd30d2941f60cf5dd95777bdb1e3a3e70440eaa119546daff324ab07798b6d2bc58d2c15083704aa6dabbabb6fdd5fcbebbd287b59b4

data/README.md

@@ -4,15 +4,19 @@
 
 A client and integration layer for [Opbeat](https://opbeat.com). Forked from the [raven-ruby](https://github.com/getsentry/raven-ruby) project.
 
-
 ## Installation
 
 Add the following to your `Gemfile`:
 
 ```ruby
-gem "opbeat"
+gem "opbeat", "~> 2.0"
 ```
 
+The Opbeat gem adhere to [Semantic
+Versioning](http://guides.rubygems.org/patterns/#semantic-versioning)
+and so you can safely trust all minor and patch versions (e.g. 2.x.x) to
+be backwards compatible.
+
 ## Usage
 
 ### Rails 3 and Rails 4
@@ -161,13 +165,23 @@ Opbeat.configure do |config|
 end
 ```
 
-## Sanitizing Data (Processors)
+## Sanitizing Data
+
+The Opbeat agent will sanitize the data sent to the Opbeat server based
+on the following rules.
+
+If you are running Rails, the agent will first try to fetch the
+filtering settings from `Rails.application.config.filter_parameters`.
 
-If you need to sanitize or pre-process (before its sent to the server) data, you can do so using the Processors
-implementation. By default, a single processor is installed (Opbeat::Processors::SanitizeData), which will attempt to
-sanitize keys that match various patterns (e.g. password) and values that resemble credit card numbers.
+If those are not set (or if you are not running Rails), the agent will
+fall back to its own defaults:
 
-To specify your own (or to remove the defaults), simply pass them with your configuration:
+```ruby
+/(authorization|password|passwd|secret)/i
+```
+
+To specify your own (or to remove the defaults), simply set the
+`filter_parameters` configuration parameter:
 
 ```ruby
 require 'opbeat'
@@ -177,10 +191,13 @@ Opbeat.configure do |config|
   config.app_id = '094e250818'
   config.secret_token = 'f0f5237a221637f561a15614f5fef218f8d6317d'
   
-  config.processors = [Opbeat::Processor::SanitizeData]
+  config.filter_parameters = [:credit_card, /^pass(word)$/i]
 end
 ```
 
+Note that only the `data`, `query_string` and `cookies` fields under
+`http` are filtered.
+
 ## User information
 
 With Rails, Opbeat expects `controller#current_user` to return an object with `id`, `email` and/or `username` attributes. You can change the name of the current user method in the following manner:

data/lib/opbeat.rb

@@ -8,7 +8,6 @@ require 'opbeat/interfaces/message'
 require 'opbeat/interfaces/exception'
 require 'opbeat/interfaces/stack_trace'
 require 'opbeat/interfaces/http'
-require 'opbeat/processors/sanitizedata'
 
 require 'opbeat/integrations/delayed_job'
 require 'opbeat/integrations/sidekiq'

data/lib/opbeat/client.rb

@@ -5,6 +5,7 @@ require 'faraday'
 
 require 'opbeat/version'
 require 'opbeat/error'
+require 'opbeat/filter'
 
 module Opbeat
 
@@ -52,7 +53,7 @@ module Opbeat
 
       @configuration = conf
       @state = ClientState.new conf
-      @processors = conf.processors.map { |p| p.new(self) }
+      @filter = Filter.new conf.filter_parameters
       @base_url = "#{conf.server}/api/v1/organizations/#{conf.organization_id}/apps/#{conf.app_id}"
       @auth_header = 'Bearer ' + conf.secret_token
     end
@@ -69,11 +70,7 @@ module Opbeat
 
     def encode(event)
       event_hash = event.to_hash
-
-      @processors.each do |p|
-        event_hash = p.process(event_hash)
-      end
-
+      event_hash = @filter.process_event_hash(event_hash)
       return MultiJson.encode(event_hash)
     end
 

data/lib/opbeat/configuration.rb

@@ -25,8 +25,8 @@ module Opbeat
     # Which exceptions should never be sent
     attr_accessor :excluded_exceptions
 
-    # Processors to run on data before sending upstream
-    attr_accessor :processors
+    # An array of parameters whould should be filtered from the log
+    attr_accessor :filter_parameters
 
     # Timeout when waiting for the server to return data in seconds
     attr_accessor :timeout
@@ -48,15 +48,14 @@ module Opbeat
     attr_reader :async
 
     def initialize
-      self.server = ENV['OPBEAT_SERVER'] || "https://opbeat.com"
+      self.server = ENV['OPBEAT_SERVER'] || "https://intake.opbeat.com"
       self.secret_token = ENV['OPBEAT_SECRET_TOKEN'] if ENV['OPBEAT_SECRET_TOKEN']
       self.organization_id = ENV['OPBEAT_ORGANIZATION_ID'] if ENV['OPBEAT_ORGANIZATION_ID']
       self.app_id = ENV['OPBEAT_APP_ID'] if ENV['OPBEAT_APP_ID']
       @context_lines = 3
       self.environments = %w[ development production default ]
-      self.current_environment = (defined?(Rails) && Rails.env) || ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'default'
+      self.current_environment = (defined?(::Rails) && ::Rails.env) || ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'default'
       self.excluded_exceptions = []
-      self.processors = [Opbeat::Processor::SanitizeData]
       self.timeout = 1
       self.open_timeout = 1
       self.backoff_multiplier = 2

data/lib/opbeat/filter.rb

@@ -0,0 +1,63 @@
+module Opbeat
+  class Filter
+    MASK = '[FILTERED]'
+    DEFAULT_FILTER = [/(authorization|password|passwd|secret)/i]
+
+    def initialize(filters=nil)
+      if defined?(::Rails)
+        rails_filters = ::Rails.application.config.filter_parameters
+        rails_filters = nil if rails_filters.count == 0
+      end
+      @filters = filters || rails_filters || DEFAULT_FILTER
+    end
+
+    def apply(value, key=nil, &block)
+      if value.is_a?(Hash)
+        value.each.inject({}) do |memo, (k, v)|
+          memo[k] = apply(v, k, &block)
+          memo
+        end
+      elsif value.is_a?(Array)
+        value.map do |value|
+          apply(value, key, &block)
+        end
+      else
+        block.call(key, value)
+      end
+    end
+
+    def sanitize(key, value)
+      if !value.is_a?(String) || value.empty?
+        value
+      elsif @filters.any? { |filter| filter.is_a?(Regexp) ? filter.match(key) : filter.to_s == key.to_s }
+        MASK
+      else
+        value
+      end
+    end
+
+    def process_event_hash(data)
+      return data unless data.has_key? 'http'
+      if data['http'].has_key? 'data'
+        data['http']['data'] = process_hash(data['http']['data'])
+      end
+      if data['http'].has_key? 'query_string'
+        data['http']['query_string'] = process_string(data['http']['query_string'], '&')
+      end
+      if data['http'].has_key? 'cookies'
+        data['http']['cookies'] = process_string(data['http']['cookies'], ';')
+      end
+      data
+    end
+
+    def process_hash(data)
+      apply(data) do |key, value|
+        sanitize(key, value)
+      end
+    end
+
+    def process_string(str, separator='&')
+      str.split(separator).map { |s| s.split('=') }.map { |a| a[0]+'='+sanitize(a[0], a[1]) }.join(separator)
+    end
+  end
+end

data/lib/opbeat/version.rb

@@ -1,3 +1,3 @@
 module Opbeat
-  VERSION = "1.1.1"
+  VERSION = "2.0.0"
 end

data/spec/opbeat/filter_spec.rb

@@ -0,0 +1,101 @@
+require File::expand_path('../../spec_helper', __FILE__)
+require 'opbeat/filter'
+
+describe Opbeat::Filter do
+  it 'should filter http data by default' do
+    data = {
+      'http' => {
+        'data' => {
+          'foo' => 'bar',
+          'password' => 'hello',
+          'the_secret' => 'hello',
+          'a_password_here' => 'hello',
+          'mypasswd' => 'hello'
+        }
+      }
+    }
+
+    filter = Opbeat::Filter.new
+    result = filter.process_event_hash(data)
+
+    vars = result["http"]["data"]
+    expect(vars["foo"]).to eq("bar")
+    expect(vars["password"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["the_secret"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["a_password_here"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["mypasswd"]).to eq(Opbeat::Filter::MASK)
+  end
+
+  it 'should filter http query_string by default' do
+    data = {
+      'http' => {
+        'query_string' => 'foo=bar&password=secret'
+      }
+    }
+
+    filter = Opbeat::Filter.new
+    result = filter.process_event_hash(data)
+
+    expect(result["http"]["query_string"]).to eq('foo=bar&password=' + Opbeat::Filter::MASK)
+  end
+
+  it 'should filter http cookies by default' do
+    data = {
+      'http' => {
+        'cookies' => 'foo=bar;password=secret'
+      }
+    }
+
+    filter = Opbeat::Filter.new
+    result = filter.process_event_hash(data)
+
+    expect(result["http"]["cookies"]).to eq('foo=bar;password=' + Opbeat::Filter::MASK)
+  end
+
+  it 'should not filter env, extra or headers' do
+    data = {
+      'http' => {
+        'env' => { 'password' => 'hello' },
+        'extra' => { 'password' => 'hello' },
+        'headers' => { 'password' => 'hello' }
+      }
+    }
+
+    filter = Opbeat::Filter.new
+    result = filter.process_event_hash(data)
+
+    expect(result).to eq(data)
+  end
+
+  it 'should be configurable' do
+    data = {
+      'http' => {
+        'data' => {
+          'foo' => 'secret',
+          'bar' => 'secret',
+          '-baz-' => 'secret',
+          'password' => 'public',
+          'the_secret' => 'public',
+          'a_password_here' => 'public',
+          'mypasswd' => 'public'
+        },
+        'query_string' => 'foo=secret&password=public',
+        'cookies' => 'foo=secret;password=public'
+      }
+    }
+
+    filter = Opbeat::Filter.new [:foo, 'bar', /baz/]
+    result = filter.process_event_hash(data)
+
+    vars = result["http"]["data"]
+    expect(vars["foo"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["bar"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["-baz-"]).to eq(Opbeat::Filter::MASK)
+    expect(vars["password"]).to eq("public")
+    expect(vars["the_secret"]).to eq("public")
+    expect(vars["a_password_here"]).to eq("public")
+    expect(vars["mypasswd"]).to eq("public")
+    expect(result["http"]["query_string"]).to eq('foo=' + Opbeat::Filter::MASK + '&password=public')
+    expect(result["http"]["cookies"]).to eq('foo=' + Opbeat::Filter::MASK + ';password=public')
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: opbeat
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Thomas Watson Steen
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-03 00:00:00.000000000 Z
+date: 2015-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -164,6 +164,7 @@ files:
 - lib/opbeat/configuration.rb
 - lib/opbeat/error.rb
 - lib/opbeat/event.rb
+- lib/opbeat/filter.rb
 - lib/opbeat/integrations/delayed_job.rb
 - lib/opbeat/integrations/resque.rb
 - lib/opbeat/integrations/sidekiq.rb
@@ -174,8 +175,6 @@ files:
 - lib/opbeat/interfaces/stack_trace.rb
 - lib/opbeat/linecache.rb
 - lib/opbeat/logger.rb
-- lib/opbeat/processor.rb
-- lib/opbeat/processors/sanitizedata.rb
 - lib/opbeat/rack.rb
 - lib/opbeat/rails/middleware/debug_exceptions_catcher.rb
 - lib/opbeat/railtie.rb
@@ -186,11 +185,11 @@ files:
 - spec/opbeat/client_spec.rb
 - spec/opbeat/configuration_spec.rb
 - spec/opbeat/event_spec.rb
+- spec/opbeat/filter_spec.rb
 - spec/opbeat/integrations/delayed_job_spec.rb
 - spec/opbeat/logger_spec.rb
 - spec/opbeat/opbeat_spec.rb
 - spec/opbeat/rack_spec.rb
-- spec/opbeat/sanitizedata_processor_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/opbeat/opbeat_ruby
 licenses:

data/lib/opbeat/processor.rb

@@ -1,15 +0,0 @@
-module Opbeat
-
-  module Processor
-    class Processor
-      def initialize(client)
-        @client = client
-      end
-
-      def process(data)
-        data
-      end
-    end
-  end
-
-end

data/lib/opbeat/processors/sanitizedata.rb

@@ -1,43 +0,0 @@
-require 'opbeat/processor'
-
-module Opbeat
-  module Processor
-    class SanitizeData < Processor
-
-      MASK = '********'
-      FIELDS_RE = /(authorization|password|passwd|secret)/i
-      VALUES_RE = /^\d{16}$/
-
-      def apply(value, key=nil, &block)
-        if value.is_a?(Hash)
-          value.each.inject({}) do |memo, (k, v)|
-            memo[k] = apply(v, k, &block)
-            memo
-          end
-        elsif value.is_a?(Array)
-          value.map do |value|
-            apply(value, key, &block)
-          end
-        else
-          block.call(key, value)
-        end
-      end
-
-      def sanitize(key, value)
-        if !value.is_a?(String) || value.empty?
-          value
-        elsif VALUES_RE.match(value) or FIELDS_RE.match(key)
-          MASK
-        else
-          value
-        end
-      end
-
-      def process(data)
-        apply(data) do |key, value|
-          sanitize(key, value)
-        end
-      end
-    end
-  end
-end

data/spec/opbeat/sanitizedata_processor_spec.rb

@@ -1,42 +0,0 @@
-require File::expand_path('../../spec_helper', __FILE__)
-require 'opbeat/processors/sanitizedata'
-
-describe Opbeat::Processor::SanitizeData do
-  before do
-    @client = double("client")
-    @processor = Opbeat::Processor::SanitizeData.new(@client)
-  end
-
-  it 'should filter http data' do
-    data = {
-      'http' => {
-        'data' => {
-          'foo' => 'bar',
-          'password' => 'hello',
-          'the_secret' => 'hello',
-          'a_password_here' => 'hello',
-          'mypasswd' => 'hello',
-        }
-      }
-    }
-
-    result = @processor.process(data)
-
-    vars = result["http"]["data"]
-    expect(vars["foo"]).to eq("bar")
-    expect(vars["password"]).to eq(Opbeat::Processor::SanitizeData::MASK)
-    expect(vars["the_secret"]).to eq(Opbeat::Processor::SanitizeData::MASK)
-    expect(vars["a_password_here"]).to eq(Opbeat::Processor::SanitizeData::MASK)
-    expect(vars["mypasswd"]).to eq(Opbeat::Processor::SanitizeData::MASK)
-  end
-
-  it 'should filter credit card values' do
-    data = {
-      'ccnumba' => '4242424242424242'
-    }
-
-    result = @processor.process(data)
-    expect(result["ccnumba"]).to eq(Opbeat::Processor::SanitizeData::MASK)
-  end
-
-end