rollbar 2.9.1 → 2.10.0

data/lib/rollbar/scrubbers.rb

@@ -1,4 +1,17 @@
 module Rollbar
   module Scrubbers
+    extend self
+
+    def scrub_value(value)
+      if Rollbar.configuration.randomize_scrub_length
+        random_filtered_value
+      else
+        '*' * (value.length rescue 8)
+      end
+    end
+
+    def random_filtered_value
+      '*' * (rand(5) + 3)
+    end
   end
 end

data/lib/rollbar/scrubbers/params.rb

@@ -0,0 +1,98 @@
+require 'rollbar/scrubbers'
+
+module Rollbar
+  module Scrubbers
+    # This class contains the logic to scrub the receive parameters. It will
+    # scrub the parameters matching Rollbar.configuration.scrub_fields Array.
+    # Also, if that configuration option is se to :scrub_all, it will scrub all
+    # received parameters
+    class Params
+      SKIPPED_CLASSES = [Tempfile]
+      ATTACHMENT_CLASSES = %w(ActionDispatch::Http::UploadedFile Rack::Multipart::UploadedFile).freeze
+      SCRUB_ALL = :scrub_all
+
+      def self.call(*args)
+        new.call(*args)
+      end
+
+      def call(params, extra_fields = [])
+        return {} unless params
+
+        config = Rollbar.configuration.scrub_fields
+
+        scrub(params, build_scrub_options(config, extra_fields))
+      end
+
+      private
+
+      def build_scrub_options(config, extra_fields)
+        ary_config = Array(config)
+
+        {
+          :fields_regex => build_fields_regex(ary_config, extra_fields),
+          :scrub_all => ary_config.include?(SCRUB_ALL)
+        }
+      end
+
+      def build_fields_regex(config, extra_fields)
+        fields = config.find_all { |f| f.is_a?(String) || f.is_a?(Symbol) }
+        fields += Array(extra_fields)
+
+        return unless fields.any?
+
+        Regexp.new(fields.map { |val| Regexp.escape(val.to_s).to_s }.join('|'), true)
+      end
+
+      def scrub(params, options)
+        fields_regex = options[:fields_regex]
+        scrub_all = options[:scrub_all]
+
+        params.to_hash.inject({}) do |result, (key, value)|
+          if value.is_a?(Hash)
+            result[key] = scrub(value, options)
+          elsif value.is_a?(Array)
+            result[key] = scrub_array(value, options)
+          elsif skip_value?(value)
+            result[key] = "Skipped value of class '#{value.class.name}'"
+          elsif fields_regex && fields_regex =~ Rollbar::Encoding.encode(key).to_s || scrub_all
+            result[key] = Rollbar::Scrubbers.scrub_value(value)
+          else
+            result[key] = rollbar_filtered_param_value(value)
+          end
+
+          result
+        end
+      end
+
+      def scrub_array(array, options)
+        array.map do |value|
+          value.is_a?(Hash) ? scrub(value, options) : rollbar_filtered_param_value(value)
+        end
+      end
+
+      def rollbar_filtered_param_value(value)
+        if ATTACHMENT_CLASSES.include?(value.class.name)
+          begin
+            attachment_value(value)
+          rescue
+            'Uploaded file'
+          end
+        else
+          value
+        end
+      end
+
+      def attachment_value(value)
+        {
+          :content_type => value.content_type,
+          :original_filename => value.original_filename,
+          :size => value.tempfile.size
+        }
+      end
+
+      def skip_value?(value)
+        SKIPPED_CLASSES.any? { |klass| value.is_a?(klass) }
+      end
+    end
+  end
+end

data/lib/rollbar/sidekiq.rb

@@ -16,7 +16,14 @@ module Rollbar
       return if skip_report?(msg_or_context, e)
 
       params = msg_or_context.reject{ |k| PARAM_BLACKLIST.include?(k) }
-      scope = { :request => { :params => params } }
+      scope = {
+        :request => { :params => params },
+        :framework => "Sidekiq: #{::Sidekiq::VERSION}"
+      }
+      if params.is_a?(Hash)
+        scope[:context] = params['class']
+        scope[:queue] = params['queue']
+      end
 
       Rollbar.scope(scope).error(e, :use_exception_level_filters => true)
     end

data/lib/rollbar/version.rb

@@ -1,3 +1,3 @@
 module Rollbar
-  VERSION = "2.9.1"
+  VERSION = '2.10.0'
 end

data/spec/controllers/home_controller_spec.rb

@@ -258,7 +258,7 @@ describe HomeController do
     it "should raise a NameError and have PUT params in the reported exception" do
       logger_mock.should_receive(:info).with('[Rollbar] Success')
 
-      put '/report_exception', :putparam => "putval"
+      put '/report_exception', { :putparam => "putval" }
 
       Rollbar.last_report.should_not be_nil
       Rollbar.last_report[:request][:params]["putparam"].should == "putval"
@@ -268,7 +268,7 @@ describe HomeController do
       it 'reports the errors successfully' do
         logger_mock.should_receive(:info).with('[Rollbar] Success')
 
-        put '/deprecated_report_exception', :putparam => "putval"
+        put '/deprecated_report_exception', { :putparam => "putval" }
 
         Rollbar.last_report.should_not be_nil
         Rollbar.last_report[:request][:params]["putparam"].should == "putval"
@@ -291,7 +291,7 @@ describe HomeController do
     it "should raise an uncaught exception and report a message" do
       logger_mock.should_receive(:info).with('[Rollbar] Success').once
 
-      expect { get '/cause_exception' }.to raise_exception
+      expect { get '/cause_exception' }.to raise_exception(NameError)
     end
 
     context 'show_exceptions' do
@@ -338,7 +338,7 @@ describe HomeController do
         before { cookies[:session_id] = user.id }
 
         it 'sends the current user data' do
-          put '/report_exception', 'foo' => 'bar'
+          put '/report_exception', { 'foo' => 'bar' }
 
           person_data = Rollbar.last_report[:person]
 
@@ -352,7 +352,7 @@ describe HomeController do
 
   context 'with routing errors', :type => :request do
     it 'raises a RoutingError exception' do
-      expect { get '/foo/bar', :foo => :bar }.to raise_exception
+      expect { get '/foo/bar', { :foo => :bar } }.to raise_exception(ActionController::RoutingError)
 
       report = Rollbar.last_report
       expect(report[:request][:params]['foo']).to be_eql('bar')
@@ -365,7 +365,7 @@ describe HomeController do
 
       expect do
         expect(controller.send(:rollbar_request_data)[:user_ip]).to be_nil
-      end.not_to raise_exception(GetIpRaising::IpSpoofAttackError)
+      end.not_to raise_exception
     end
   end
 
@@ -375,7 +375,7 @@ describe HomeController do
 
     context 'with a single upload' do
       it "saves attachment data" do
-        expect { post '/file_upload', :upload => file1 }.to raise_exception
+        expect { post '/file_upload', { :upload => file1 } }.to raise_exception(NameError)
 
         upload_param = Rollbar.last_report[:request][:params]['upload']
 
@@ -390,7 +390,7 @@ describe HomeController do
 
     context 'with multiple uploads', :type => :request do
       it "saves attachment data for all uploads" do
-        expect { post '/file_upload', :upload => [file1, file2] }.to raise_exception
+        expect { post '/file_upload', { :upload => [file1, file2] } }.to raise_exception(NameError)
         sent_params = Rollbar.last_report[:request][:params]['upload']
 
         expect(sent_params).to be_kind_of(Array)
@@ -401,8 +401,9 @@ describe HomeController do
 
   context 'with session data', :type => :request do
     before { get '/set_session_data' }
+
     it 'reports the session data' do
-      expect { get '/use_session_data' }.to raise_exception
+      expect { get '/use_session_data' }.to raise_exception(NoMethodError)
 
       session_data = Rollbar.last_report[:request][:session]
 
@@ -416,7 +417,7 @@ describe HomeController do
     it 'parses the correct headers' do
       expect do
         post '/cause_exception', params, { 'ACCEPT' => 'application/vnd.github.v3+json' }
-      end.to raise_exception
+      end.to raise_exception(NameError)
 
       expect(Rollbar.last_report[:request][:params]['foo']).to be_eql('bar')
     end
@@ -438,7 +439,7 @@ describe HomeController do
     end
 
     it 'scrubs sensible data from URL' do
-      expect { get '/cause_exception', { :password => 'my-secret-password' }, headers }.to raise_exception
+      expect { get '/cause_exception', { :password => 'my-secret-password' }, headers }.to raise_exception(NameError)
 
       request_data = Rollbar.last_report[:request]
 

data/spec/dummyapp/config/secrets.yml

@@ -0,0 +1,2 @@
+test:
+  secret_key_base: 9ed31a007124058789d898117509a68022a0c5045ef3fd19e228139985d7f4365d1a908aeedbc9e0ad33c2cd62d765bccfb2b19b6cb06f4f7f2ac8a059adee91

data/spec/requests/home_spec.rb

@@ -37,7 +37,7 @@ describe HomeController do
     end
 
     it "should report uncaught exceptions" do
-      expect { get '/current_user' }.to raise_exception
+      expect { get '/current_user' }.to raise_exception(NoMethodError)
 
       body = Rollbar.last_report[:body]
       trace = body[:trace] && body[:trace] || body[:trace_chain][0]

data/spec/rollbar/delay/delayed_job_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+require 'delayed_job'
+require 'delayed/worker'
+require 'rollbar/delay/delayed_job'
+require 'delayed/backend/test'
+
+describe Rollbar::Delay::DelayedJob do
+  before do
+    Delayed::Backend::Test.prepare_worker
+    Delayed::Worker.backend = :test
+  end
+
+  describe '.call' do
+    let(:payload) { {} }
+    it 'calls Rollbar' do
+      expect(Rollbar).to receive(:process_from_async_handler).with(payload)
+
+      Rollbar::Delay::DelayedJob.call(payload)
+    end
+  end
+end

data/spec/rollbar/delay/thread_spec.rb

@@ -20,7 +20,7 @@ describe Rollbar::Delay::Thread do
       it 'doesnt raise any exception' do
         expect do
           described_class.call(payload).join
-        end.not_to raise_error(exception)
+        end.not_to raise_error
       end
     end
   end

data/spec/rollbar/js/middleware_spec.rb

@@ -22,6 +22,11 @@ describe Rollbar::Js::Middleware do
     <h1>Testing the middleware</h1>
   </body>
 </html>
+END
+  end
+  let(:minified_html) do
+    <<-END
+<html><head><link rel="stylesheet" href="url" type="text/css" media="screen" /><script type="text/javascript" src="foo"></script></head><body><h1>Testing the middleware</h1></body></html>
 END
   end
   let(:snippet) { 'THIS IS THE SNIPPET' }
@@ -65,6 +70,26 @@ END
           res_status, res_headers, response = subject.call(env)
           new_body = response.body.join
 
+          expect(new_body).to_not include('>>')
+          expect(new_body).to include(snippet)
+          expect(new_body).to include(config[:options].to_json)
+          expect(res_status).to be_eql(status)
+          expect(res_headers['Content-Type']).to be_eql(content_type)
+        end
+      end
+
+      context 'having a html 200 response with minified body' do
+        let(:body) { [minified_html] }
+        let(:status) { 200 }
+        let(:headers) do
+          { 'Content-Type' => content_type }
+        end
+
+        it 'adds the config and the snippet to the response' do
+          res_status, res_headers, response = subject.call(env)
+          new_body = response.body.join
+
+          expect(new_body).to_not include('>>')
           expect(new_body).to include(snippet)
           expect(new_body).to include(config[:options].to_json)
           expect(res_status).to be_eql(status)
@@ -72,6 +97,30 @@ END
         end
       end
 
+      context 'having a html 200 response and SecureHeaders defined' do
+        let(:body) { [html] }
+        let(:status) { 200 }
+        let(:headers) do
+          { 'Content-Type' => content_type }
+        end
+
+        before do
+          Object.const_set('SecureHeaders', Module.new)
+          allow(SecureHeaders).to receive(:content_security_policy_script_nonce) { 'lorem-ipsum-nonce' }
+        end
+
+        it 'renders the snippet and config in the response with nonce in script tag when SecureHeaders installed' do
+          res_status, res_headers, response = subject.call(env)
+          new_body = response.body.join
+
+          expect(new_body).to include('<script type="text/javascript" nonce="lorem-ipsum-nonce">')
+          expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
+          expect(new_body).to include(snippet)
+
+          Object.send(:remove_const, 'SecureHeaders')
+        end
+      end
+
       context 'having a html 200 response without head', :add_js => false do
         let(:body) { ['foobar'] }
         let(:status) { 200 }

data/spec/rollbar/logger_proxy_spec.rb

@@ -22,7 +22,19 @@ describe Rollbar::LoggerProxy do
     end
   end
 
-  describe '#call' do
+  describe '#log' do
+    context 'if Rollbar is disabled' do
+      before do
+        expect(Rollbar.configuration).to receive(:enabled).and_return(false)
+      end
+
+      it 'doesnt call the logger' do
+        expect(logger).to_not receive(:error)
+
+        subject.log('error', 'foo')
+      end
+    end
+
     context 'if the logger fails' do
       it 'doesnt raise' do
         allow(logger).to receive(:info).and_raise(StandardError.new)

data/spec/rollbar/request_data_extractor_spec.rb

@@ -53,30 +53,4 @@ describe Rollbar::RequestDataExtractor do
       end
     end
   end
-
-  describe '#rollbar_scrubbed_value' do
-    context 'with random scrub length' do
-      before do
-        allow(Rollbar.configuration).to receive(:randomize_scrub_length).and_return(true)
-      end
-
-      let(:value) { 'herecomesaverylongvalue' }
-
-      it 'randomizes the scrubbed string' do
-        expect(subject.rollbar_scrubbed(value)).to match(/\*{3,8}/)
-      end
-    end
-
-    context 'with no-random scrub length' do
-      before do
-        allow(Rollbar.configuration).to receive(:randomize_scrub_length).and_return(false)
-      end
-
-      let(:value) { 'herecomesaverylongvalue' }
-
-      it 'randomizes the scrubbed string' do
-        expect(subject.rollbar_scrubbed(value)).to match(/\*{#{value.length}}/)
-      end
-    end
-  end
 end

data/spec/rollbar/scrubbers/params_spec.rb

@@ -0,0 +1,268 @@
+require 'spec_helper'
+require 'tempfile'
+require 'rollbar/scrubbers/params'
+
+require 'rspec/expectations'
+
+describe Rollbar::Scrubbers::Params do
+  describe '.call' do
+    it 'calls #call in a new instance' do
+      arguments = [:foo, :bar]
+      expect_any_instance_of(described_class).to receive(:call).with(*arguments)
+
+      described_class.call(*arguments)
+    end
+  end
+
+  describe '#call' do
+    before do
+      allow(Rollbar.configuration).to receive(:scrub_fields).and_return(scrub_config)
+    end
+
+    context 'with scrub fields configured' do
+      let(:scrub_config) do
+        [:secret, :password]
+      end
+
+      context 'with simple Hash' do
+        let(:params) do
+          {
+            :foo => 'bar',
+            :secret => 'the-secret',
+            :password => 'the-password',
+            :password_confirmation => 'the-password'
+          }
+        end
+        let(:result) do
+          {
+            :foo => 'bar',
+            :secret => /\*+/,
+            :password => /\*+/,
+            :password_confirmation => /\*+/
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with nested Hash' do
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => {
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }
+          }
+        end
+        let(:result) do
+          {
+            :foo => 'bar',
+            :extra => {
+              :secret => /\*+/,
+              :password => /\*+/,
+              :password_confirmation => /\*+/
+            }
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with nested Array' do
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password'
+            }]
+          }
+        end
+        let(:result) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => /\*+/,
+              :password => /\*+/,
+              :password_confirmation => /\*+/
+            }]
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with skipped instance' do
+        let(:tempfile) { Tempfile.new('foo') }
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password',
+              :skipped => tempfile
+            }]
+          }
+        end
+        let(:result) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => /\*+/,
+              :password => /\*+/,
+              :password_confirmation => /\*+/,
+              :skipped => "Skipped value of class 'Tempfile'"
+            }]
+          }
+        end
+
+        after { tempfile.close }
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+      end
+
+      context 'with attachment instance' do
+        let(:tempfile) { double(:size => 100) }
+        let(:attachment) do
+          double(:class => double(:name => 'ActionDispatch::Http::UploadedFile'),
+                 :tempfile => tempfile,
+                 :content_type => 'content-type',
+                 'original_filename' => 'filename')
+        end
+        let(:params) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => 'the-secret',
+              :password => 'the-password',
+              :password_confirmation => 'the-password',
+              :attachment => attachment
+            }]
+          }
+        end
+        let(:result) do
+          {
+            :foo => 'bar',
+            :extra => [{
+              :secret => /\*+/,
+              :password => /\*+/,
+              :password_confirmation => /\*+/,
+              :attachment => {
+                :content_type => 'content-type',
+                :original_filename => 'filename',
+                :size => 100
+              }
+            }]
+          }
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+
+        context 'if getting the attachment values fails' do
+          let(:tempfile) { Object.new }
+          let(:attachment) do
+            double(:class => double(:name => 'ActionDispatch::Http::UploadedFile'),
+                   :tempfile => tempfile,
+                   :content_type => 'content-type',
+                   'original_filename' => 'filename')
+          end
+          let(:params) do
+            {
+              :foo => 'bar',
+              :extra => [{
+                :secret => 'the-secret',
+                :password => 'the-password',
+                :password_confirmation => 'the-password',
+                :attachment => attachment
+              }]
+            }
+          end
+          let(:result) do
+            {
+              :foo => 'bar',
+              :extra => [{
+                :secret => /\*+/,
+                :password => /\*+/,
+                :password_confirmation => /\*+/,
+                :attachment => 'Uploaded file'
+              }]
+            }
+          end
+
+          it 'scrubs the required parameters' do
+            expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+          end
+        end
+      end
+
+      context 'without params' do
+        let(:params) do
+          nil
+        end
+        let(:result) do
+          {}
+        end
+
+        it 'scrubs the required parameters' do
+          expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+        end
+      end
+    end
+
+    context 'with :scrub_all option' do
+      let(:scrub_config) { :scrub_all }
+      let(:params) do
+        {
+          :foo => 'bar',
+          :password => 'the-password',
+          :bar => 'foo',
+          :extra => {
+            :foo => 'more-foo',
+            :bar => 'more-bar'
+          }
+        }
+      end
+      let(:result) do
+        {
+          :foo => /\*+/,
+          :password => /\*+/,
+          :bar => /\*+/,
+          :extra => {
+            :foo => /\*+/,
+            :bar => /\*+/
+          }
+        }
+      end
+
+      it 'scrubs the required parameters' do
+        expect(subject.call(params)).to be_eql_hash_with_regexes(result)
+      end
+    end
+  end
+end
+
+describe Rollbar::Scrubbers::Params::ATTACHMENT_CLASSES do
+  it 'has the correct values' do
+    expect(described_class).to be_eql(%w(ActionDispatch::Http::UploadedFile Rack::Multipart::UploadedFile).freeze)
+  end
+end
+
+describe Rollbar::Scrubbers::Params::SKIPPED_CLASSES do
+  it 'has the correct values' do
+    expect(described_class).to be_eql([Tempfile])
+  end
+end