rollbar 2.16.3 → 2.16.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b5cd5a741817deee8eeed5a026529a556fe4c1a1
-  data.tar.gz: 5aa9b0225c05b77c2d8d97c273293806658a4d6c
+  metadata.gz: 670312ce31ce58d4bba264a778aa7f760233a368
+  data.tar.gz: b9a553c4fdec208957f3369d21f25717ea6e6515
 SHA512:
-  metadata.gz: ce8a7f469fb9d0526e6f7829c3488442984aff359a8672ad86cfc120f1ef356ad7367ce496128cb77de50160bb4e55acb6f33a95ca280e41608eb34b2d3adc68
-  data.tar.gz: d2038279771ebbf00af8674e3e8c2fc14960adac93364c5b76ce81b2ad9688d59e588a5ea1e470a40e90c9b7533749fb2f5400dfec8754f30b38ae09f40bbc09
+  metadata.gz: a0b506a1b5985109fb8fe4ea636172d92ad35afb318e9104c40fc3584650f6545d9756b3efe97a7513ebf7b495b355c62f477daf655bac9b95e74353db832904
+  data.tar.gz: b00ce0173789ae771e5dd964d80e29fc8b2a0c10b34e532932fb30ed97fe49ed283e0744a20d0338b457f01d370f35a42d97e0a50929cec372fa083783c4543b

data/Gemfile

@@ -42,6 +42,5 @@ gem 'redis'
 gem 'resque'
 gem 'shoryuken'
 gem 'sinatra'
-gem 'byebug'
 
 gemspec

data/README.md

@@ -35,4 +35,4 @@ For bug reports, please [open an issue on GitHub](https://github.com/rollbar/rol
 We're using RSpec for testing. Run the test suite with ```rake spec```. Tests for pull requests are appreciated but not required. (If you don't include a test, we'll write one before merging.)
 
 ## License
-Rollbar-gem is free software released under the MIT License. See [LICENSE.txt](LICENSE.txt) for details.
+Rollbar-gem is free software released under the MIT License. See [LICENSE](LICENSE) for details.

data/lib/rollbar/configuration.rb

@@ -43,6 +43,7 @@ module Rollbar
     attr_accessor :scrub_fields
     attr_accessor :scrub_user
     attr_accessor :scrub_password
+    attr_accessor :scrub_whitelist
     attr_accessor :collect_user_ip
     attr_accessor :anonymize_user_ip
     attr_accessor :user_ip_obfuscator_secret
@@ -108,6 +109,7 @@ module Rollbar
       @scrub_user = true
       @scrub_password = true
       @randomize_scrub_length = true
+      @scrub_whitelist = false
       @uncaught_exception_level = 'error'
       @scrub_headers = ['Authorization']
       @sidekiq_threshold = 0

data/lib/rollbar/request_data_extractor.rb

@@ -63,7 +63,8 @@ module Rollbar
         :scrub_fields => Array(Rollbar.configuration.scrub_fields) + sensitive_params,
         :scrub_user => Rollbar.configuration.scrub_user,
         :scrub_password => Rollbar.configuration.scrub_password,
-        :randomize_scrub_length => Rollbar.configuration.randomize_scrub_length
+        :randomize_scrub_length => Rollbar.configuration.randomize_scrub_length,
+        :whitelist => Rollbar.configuration.scrub_whitelist
       }
 
       Rollbar::Scrubbers::URL.call(options)
@@ -73,7 +74,8 @@ module Rollbar
       options = {
         :params => params,
         :config => Rollbar.configuration.scrub_fields,
-        :extra_fields => sensitive_params
+        :extra_fields => sensitive_params,
+        :whitelist => Rollbar.configuration.scrub_whitelist
       }
       Rollbar::Scrubbers::Params.call(options)
     end

data/lib/rollbar/scrubbers/params.rb

@@ -22,18 +22,20 @@ module Rollbar
 
         config = options[:config]
         extra_fields = options[:extra_fields]
+        whitelist = options[:whitelist] | false
 
-        scrub(params, build_scrub_options(config, extra_fields))
+        scrub(params, build_scrub_options(config, extra_fields, whitelist))
       end
 
       private
 
-      def build_scrub_options(config, extra_fields)
+      def build_scrub_options(config, extra_fields, whitelist)
         ary_config = Array(config)
 
         {
           :fields_regex => build_fields_regex(ary_config, extra_fields),
-          :scrub_all => ary_config.include?(SCRUB_ALL)
+          :scrub_all => ary_config.include?(SCRUB_ALL),
+          :whitelist => whitelist
         }
       end
 
@@ -49,12 +51,13 @@ module Rollbar
       def scrub(params, options)
         fields_regex = options[:fields_regex]
         scrub_all = options[:scrub_all]
+        whitelist = options[:whitelist]
 
         return scrub_array(params, options) if params.is_a?(Array)
 
         params.to_hash.inject({}) do |result, (key, value)|
           if fields_regex === Rollbar::Encoding.encode(key).to_s
-            result[key] = scrub_value(value)
+            result[key] = whitelist ? rollbar_filtered_param_value(value) : scrub_value(value)
           elsif value.is_a?(Hash)
             result[key] = scrub(value, options)
           elsif value.is_a?(Array)
@@ -64,7 +67,7 @@ module Rollbar
           elsif scrub_all
             result[key] = scrub_value(value)
           else
-            result[key] = rollbar_filtered_param_value(value)
+            result[key] = whitelist ? scrub_value(value) : rollbar_filtered_param_value(value)
           end
 
           result

data/lib/rollbar/scrubbers/url.rb

@@ -18,7 +18,8 @@ module Rollbar
                build_regex(options[:scrub_fields]),
                options[:scrub_user],
                options[:scrub_password],
-               options.fetch(:randomize_scrub_length, true))
+               options.fetch(:randomize_scrub_length, true),
+               options[:whitelist])
       rescue => e
         Rollbar.logger.error("[Rollbar] There was an error scrubbing the url: #{e}, options: #{options.inspect}")
         url
@@ -26,12 +27,12 @@ module Rollbar
 
       private
 
-      def filter(url, regex, scrub_user, scrub_password, randomize_scrub_length)
+      def filter(url, regex, scrub_user, scrub_password, randomize_scrub_length, whitelist)
         uri = URI.parse(url)
 
         uri.user = filter_user(uri.user, scrub_user, randomize_scrub_length)
         uri.password = filter_password(uri.password, scrub_password, randomize_scrub_length)
-        uri.query = filter_query(uri.query, regex, randomize_scrub_length)
+        uri.query = filter_query(uri.query, regex, randomize_scrub_length, whitelist)
 
         uri.to_s
       end
@@ -52,12 +53,12 @@ module Rollbar
         scrub_password && password ? filtered_value(password, randomize_scrub_length) : password
       end
 
-      def filter_query(query, regex, randomize_scrub_length)
+      def filter_query(query, regex, randomize_scrub_length, whitelist)
         return query unless query
 
         params = decode_www_form(query)
 
-        encoded_query = encode_www_form(filter_query_params(params, regex, randomize_scrub_length))
+        encoded_query = encode_www_form(filter_query_params(params, regex, randomize_scrub_length, whitelist))
 
         # We want this to rebuild array params like foo[]=1&foo[]=2
         URI.escape(CGI.unescape(encoded_query))
@@ -71,9 +72,13 @@ module Rollbar
         URI.encode_www_form(params)
       end
 
-      def filter_query_params(params, regex, randomize_scrub_length)
+      def filter_query_params(params, regex, randomize_scrub_length, whitelist)
         params.map do |key, value|
-          [key, filter_key?(key, regex) ? filtered_value(value, randomize_scrub_length) : value]
+          if whitelist
+            [key, filter_key?(key, regex) ? value : filtered_value(value, randomize_scrub_length)]
+          else
+            [key, filter_key?(key, regex) ? filtered_value(value, randomize_scrub_length) : value]
+          end
         end
       end
 

data/lib/rollbar/version.rb

@@ -1,3 +1,3 @@
 module Rollbar
-  VERSION = '2.16.3'
+  VERSION = '2.16.4'
 end

data/spec/rollbar/middleware/js_spec.rb

@@ -339,7 +339,7 @@ END
         end
         let(:expected_js_options) do
           {
-            :foo => :bar,
+            :foo => 'bar',
             :payload => {
               :a => 42,
               :person => {
@@ -354,8 +354,11 @@ END
         it 'adds the person data to the configuration' do
           _, _, response = subject.call(env)
           new_body = response.body.join
-
-          expect(new_body).to include(expected_js_options.to_json)
+          
+          rollbar_config = new_body[/var _rollbarConfig = (.*);<\/script>/, 1]
+          rollbar_config = JSON.parse(rollbar_config, { :symbolize_names => true})
+          
+          expect(rollbar_config).to eql(expected_js_options)
         end
 
         context 'when the person data is nil' do

data/spec/rollbar/request_data_extractor_spec.rb

@@ -18,12 +18,14 @@ describe Rollbar::RequestDataExtractor do
     let(:url) { 'http://this-is-the-url.com/foobar?param1=value1' }
     let(:sensitive_params) { [:param1, :param2] }
     let(:scrub_fields) { [:password, :secret] }
+    let(:scrub_whitelist) { false }
 
     before do
       allow(Rollbar.configuration).to receive(:scrub_fields).and_return(scrub_fields)
       allow(Rollbar.configuration).to receive(:scrub_user).and_return(true)
       allow(Rollbar.configuration).to receive(:scrub_password).and_return(true)
       allow(Rollbar.configuration).to receive(:randomize_secret_length).and_return(true)
+      allow(Rollbar.configuration).to receive(:scrub_whitelist).and_return(false)
     end
 
     it 'calls the scrubber with the correct options' do
@@ -32,7 +34,8 @@ describe Rollbar::RequestDataExtractor do
         :scrub_fields => [:password, :secret, :param1, :param2],
         :scrub_user => true,
         :scrub_password => true,
-        :randomize_scrub_length => true
+        :randomize_scrub_length => true,
+        :whitelist => false
       }
 
       expect(Rollbar::Scrubbers::URL).to receive(:call).with(expected_options)
@@ -50,16 +53,19 @@ describe Rollbar::RequestDataExtractor do
     end
     let(:sensitive_params) { [:param1, :param2] }
     let(:scrub_fields) { [:password, :secret] }
+    let(:scrub_whitelist) { false }
 
     before do
       allow(Rollbar.configuration).to receive(:scrub_fields).and_return(scrub_fields)
+      allow(Rollbar.configuration).to receive(:scrub_whitelist).and_return(scrub_whitelist)
     end
 
     it 'calls the scrubber with the correct options' do
       expected_options = {
         :params => params,
         :config => scrub_fields,
-        :extra_fields => sensitive_params
+        :extra_fields => sensitive_params,
+        :whitelist => scrub_whitelist
       }
 
       expect(Rollbar::Scrubbers::Params).to receive(:call).with(expected_options)

data/spec/rollbar/scrubbers/params_spec.rb

@@ -16,10 +16,16 @@ describe Rollbar::Scrubbers::Params do
 
   describe '#call' do
     let(:options) do
-      {
+      options = {
         :params => params,
         :config => scrub_config
       }
+      
+      if defined? whitelist
+        options[:whitelist] = whitelist
+      end
+      
+      options
     end
 
     context 'with scrub fields configured' do
@@ -271,6 +277,7 @@ describe Rollbar::Scrubbers::Params do
 
     context 'with :scrub_all option' do
       let(:scrub_config) { :scrub_all }
+      
       let(:params) do
         {
           :foo => 'bar',
@@ -298,6 +305,174 @@ describe Rollbar::Scrubbers::Params do
         expect(subject.call(options)).to be_eql_hash_with_regexes(result)
       end
     end
+    
+    context 'with :whitelist option' do
+      let(:scrub_config) do
+        [:secret, :password]
+      end
+      
+      let(:whitelist) { true }
+
+      context 'with Array object' do
+        let(:params) do
+          [
+            {
+              :foo => 'bar',
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }
+          ]
+        end
+        let(:result) do
+          [
+            {
+              :foo => /\*+/,
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }
+          ]
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(options).first).to be_eql_hash_with_regexes(result.first)
+        end
+      end
+
+      context 'with simple Hash' do
+        let(:params) do
+          {
+            :foo => 'bar',
+            :secret => 'the-secret',
+            :password => 'the-password',
+            :password_confirmation => 'the-password'
+          }
+        end
+        let(:result) do
+          {
+            :foo => /\*+/,
+            :secret => 'the-secret',
+            :password => 'the-password',
+            :password_confirmation => 'the-password'
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(options)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with nested Hash' do
+        let(:scrub_config) do
+          super().push(:param)
+        end
+
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => {
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            },
+            :other => {
+              :param => 'filtered',
+              :to_scrub => 'to_scrub'
+            }
+          }
+        end
+        let(:result) do
+          {
+            :foo => /\*+/,
+            :extra => {
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            },
+            :other => {
+              :param => 'filtered',
+              :to_scrub => /\*+/
+            }
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(options)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with nested Array' do
+        let(:scrub_config) do
+          super().push(:param)
+        end
+
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }],
+            :other => [{
+              :param => 'filtered',
+              :to_scrub => 'to_scrub'
+            }]
+          }
+        end
+        let(:result) do
+          {
+            :foo => /\*+/,
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }],
+            :other => [{
+              :param => 'filtered',
+              :to_scrub => /\*+/
+            }]
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(options)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with skipped instance' do
+        let(:tempfile) { Tempfile.new('foo') }
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password',
+              :skipped => tempfile
+            }]
+          }
+        end
+        let(:result) do
+          {
+            :foo => /\*+/,
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password',
+              :skipped => "Skipped value of class 'Tempfile'"
+            }]
+          }
+        end
+
+        after { tempfile.close }
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(options)).to be_eql_hash_with_regexes(result)
+        end
+      end
+    end
   end
 end
 

data/spec/rollbar/scrubbers/url_spec.rb

@@ -4,13 +4,19 @@ require 'rollbar/scrubbers/url'
 
 describe Rollbar::Scrubbers::URL do
   let(:options) do
-    {
+    options = {
       :url => url,
       :scrub_fields => [:password, :secret],
       :scrub_user => false,
       :scrub_password => false,
       :randomize_scrub_length => true
     }
+      
+    if defined? whitelist
+      options[:whitelist] = whitelist
+    end
+    
+    options
   end
 
   describe '#call' do
@@ -132,5 +138,74 @@ describe Rollbar::Scrubbers::URL do
         end
       end
     end
+    
+    context 'in whitelist mode' do
+      
+      let(:whitelist) { true }
+      
+      context 'with ruby different from 1.8' do
+        next unless Rollbar::LanguageSupport.can_scrub_url?
+        
+        context 'cannot scrub URLs' do
+    
+          let(:url) { 'http://user:password@foo.com/some-interesting-path#fragment' }
+    
+          it 'returns the URL without any change' do
+            expect(subject.call(options)).to be_eql(url)
+          end
+        end
+          
+        context 'scrubbing user and password' do
+          
+          let(:options) do
+            {
+              :url => url,
+              :scrub_fields => [],
+              :scrub_password => true,
+              :scrub_user => true,
+              :whitelist => whitelist
+            }
+          end
+  
+          let(:url) { 'http://user:password@foo.com/some-interesting-path#fragment' }
+  
+          it 'returns the URL without any change' do
+            expected_url = /http:\/\/\*{3,8}:\*{3,8}@foo.com\/some-interesting\-path#fragment/
+  
+            expect(subject.call(options)).to match(expected_url)
+          end
+        end
+        
+        context 'with params to be filtered' do
+          let(:options) do
+            {
+              :url => url,
+              :scrub_fields => [:dont_scrub],
+              :scrub_password => false,
+              :scrub_user => false,
+              :whitelist => whitelist
+            }
+          end
+          
+          let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password=mypassword&secret=somevalue&dont_scrub=foo#fragment' }
+  
+          it 'returns the URL with some params filtered' do
+            expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password=\*{3,8}&secret=\*{3,8}&dont_scrub=foo#fragment/
+            
+            expect(subject.call(options)).to match(expected_url)
+          end
+  
+          context 'having array params' do
+            let(:url) { 'http://foo.com/some-interesting-path?foo=bar&password[]=mypassword&password[]=otherpassword&secret=somevalue&dont_scrub=foo#fragment' }
+  
+            it 'returns the URL with some params filtered' do
+              expected_url = /http:\/\/foo.com\/some-interesting-path\?foo=\*{3,8}&password\[\]=\*{3,8}&password\[\]=\*{3,8}&secret=\*{3,8}&dont_scrub=foo#fragment/
+  
+              expect(subject.call(options)).to match(expected_url)
+            end
+          end
+        end
+      end
+    end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rollbar
 version: !ruby/object:Gem::Version
-  version: 2.16.3
+  version: 2.16.4
 platform: ruby
 authors:
 - Rollbar, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-07-12 00:00:00.000000000 Z
+date: 2018-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json