RubyGems - scout_apm - Versions diffs - 5.1.0 → 5.1.1 - Mend

scout_apm 5.1.0 → 5.1.1

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.markdown +4 -0
data/lib/scout_apm/utils/sql_sanitizer.rb +4 -2
data/lib/scout_apm/version.rb +1 -1
data/test/unit/sql_sanitizer_test.rb +9 -9
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a569967a27143fe36a506e8757eeda10f2de6cf85567cb2af8c08993b558abb
-  data.tar.gz: 49a5277948f6dab053268af7f912f8905b78d2173c79cfb1c3e9a87288e33113
+  metadata.gz: 5a1da3776ca231a4d81c9ab5935e6b644ab46ae5609cef60402ccd5258e07795
+  data.tar.gz: f583776f39fa426aa43d1942bd83e4bcd23ca3a6f71a2e883df22a74cb2db868
 SHA512:
-  metadata.gz: 523767ea43b634748ff16ee974fd6bb659ddced673fbd9106e6f3a07ed8e9d78ec30b88094dac2aff4a374af719691249534aa471a7fc993813018d92bf71333
-  data.tar.gz: f67a78084a1280b497422f4dc35ea3ed5afb1cfbde55c79c4020b11e407674f803ea8d1dec8803bb6bf1fcc8a4e11ac728621cf2f45b8d2d35956497d55a78d7
+  metadata.gz: bc2f10c76ea8abbb6f74cbe86cbd0e0d1265143a19008307609be35adb57737f474c9a2f59545e2f36b00b5006c5f1b9726f59e70c3e327e6487eb2445e07df6
+  data.tar.gz: 8863c891bbd5f1e87d56a06f8275cbcf711b15964116cbddbb648398825eed65fa6ce73cd3848815e8ab8a1eec1f8a2e4a878682e2d47d457778786532ee3db4

data/CHANGELOG.markdown CHANGED Viewed

@@ -1,5 +1,9 @@
 # Unreleased
+# 5.1.1
+* Improvements to SqlServer scrubbing in SqlSanitizer (#422)
 # 5.1.0
 * Specify correct (MIT) license in Gemspec (#430)

data/lib/scout_apm/utils/sql_sanitizer.rb CHANGED Viewed

@@ -34,7 +34,8 @@ module ScoutApm
       SQLITE_REMOVE_INTEGERS = /(?<!LIMIT )\b\d+\b/.freeze
       # => "EXEC sp_executesql N'SELECT  [users].* FROM [users] WHERE (age > 50)  ORDER BY [users].[id] ASC OFFSET 0 ROWS FETCH NEXT @0 ROWS ONLY', N'@0 int', @0 = 10"
-      SQLSERVER_EXECUTESQL = /EXEC sp_executesql N'(.*?)'.*/
+      SQLSERVER_REMOVE_EXECUTESQL = /EXEC sp_executesql (N')?/.freeze
+      SQLSERVER_REMOVE_STRINGS = /'(?:[^']|'')*'/.freeze
       SQLSERVER_REMOVE_INTEGERS = /(?<!LIMIT )\b(?<!@)\d+\b/.freeze
       SQLSERVER_IN_CLAUSE = /IN\s+\(\?[^\)]*\)/.freeze
@@ -67,7 +68,8 @@ module ScoutApm
       private
       def to_s_sqlserver
-        sql.gsub!(SQLSERVER_EXECUTESQL, '\1')
+        sql.gsub!(SQLSERVER_REMOVE_EXECUTESQL, '')
+        sql.gsub!(SQLSERVER_REMOVE_STRINGS, '?')
         sql.gsub!(SQLSERVER_REMOVE_INTEGERS, '?')
         sql.gsub!(SQLSERVER_IN_CLAUSE, 'IN (?)')
         sql

data/lib/scout_apm/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ScoutApm
-  VERSION = "5.1.0"
+  VERSION = "5.1.1"
 end

data/test/unit/sql_sanitizer_test.rb CHANGED Viewed

@@ -123,27 +123,27 @@ module ScoutApm
       end
       def test_sqlserver_integers
-        skip "SQLServer Support requires Ruby 1.9+ For Regexes"
         sql = "EXEC sp_executesql N'SELECT  [users].* FROM [users] WHERE (age > 50)  ORDER BY [users].[id] ASC OFFSET 0 ROWS FETCH NEXT @0 ROWS ONLY', N'@0 int', @0 = 10"
         ss = SqlSanitizer.new(sql).tap{ |it| it.database_engine = :sqlserver }
-        assert_equal %q|SELECT  [users].* FROM [users] WHERE (age > ?)  ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @0 ROWS ONLY|, ss.to_s
+        assert_equal "SELECT  [users].* FROM [users] WHERE (age > ?)  ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @0 ROWS ONLY?@0 int', @0 = ?", ss.to_s
       end
       def test_sqlserver_strings
-        skip "SQLServer Support requires Ruby 1.9+ For Regexes"
+        sql = "EXEC sp_executesql N'SELECT  [users].* FROM [users] WHERE first_name = N'john' AND last_name = N'doe' ORDER BY [users].[id] ASC OFFSET 0 ROWS FETCH NEXT @0 ROWS ONLY', N'@0 int', @0 = 10"
+        ss = SqlSanitizer.new(sql).tap{ |it| it.database_engine = :sqlserver }
+        assert_equal "SELECT  [users].* FROM [users] WHERE first_name = N? AND last_name = N? ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @0 ROWS ONLY?@0 int', @0 = ?", ss.to_s
+      end
-        sql = "EXEC sp_executesql N'SELECT  [users].* FROM [users] WHERE [users].[email] = @0  ORDER BY [users].[id] ASC OFFSET 0 ROWS FETCH NEXT @1 ROWS ONLY', N'@0 nvarchar(4000), @1 int', @0 = N'foo', @1 = 10"
+      def test_sqlserver_strings_no_executesql
+        sql = "EXEC Authenticate @username = N'abraham.lincoln', @password = N'somepassword!', @token = NULL, @app_name = N'Central Auth Service', @log_login = true, @ip_address = N'127.0.0.1', @external_type = NULL, @external_success = NULL"
         ss = SqlSanitizer.new(sql).tap{ |it| it.database_engine = :sqlserver }
-        assert_equal %q|SELECT  [users].* FROM [users] WHERE [users].[email] = @0  ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @1 ROWS ONLY|, ss.to_s
+        assert_equal "EXEC Authenticate @username = N?, @password = N?, @token = NULL, @app_name = N?, @log_login = true, @ip_address = N?, @external_type = NULL, @external_success = NULL", ss.to_s
       end
       def test_sqlserver_in_clause
-        skip "SQLServer Support requires Ruby 1.9+ For Regexes"
         sql = "EXEC sp_executesql N'SELECT  [users].* FROM [users] WHERE (id IN (1,2,3))  ORDER BY [users].[id] ASC OFFSET 0 ROWS FETCH NEXT @0 ROWS ONLY', N'@0 int', @0 = 10"
         ss = SqlSanitizer.new(sql).tap{ |it| it.database_engine = :sqlserver }
-        assert_equal %q|SELECT  [users].* FROM [users] WHERE (id IN (?))  ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @0 ROWS ONLY|, ss.to_s
+        assert_equal "SELECT  [users].* FROM [users] WHERE (id IN (?))  ORDER BY [users].[id] ASC OFFSET ? ROWS FETCH NEXT @0 ROWS ONLY?@0 int', @0 = ?", ss.to_s
       end
       def test_scrubs_invalid_encoding

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: scout_apm
 version: !ruby/object:Gem::Version
-  version: 5.1.0
+  version: 5.1.1
 platform: ruby
 authors:
 - Derek Haynes
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-11-18 00:00:00.000000000 Z
+date: 2021-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest