sentry-sanitize 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f15481201515e0e87778ada1e44fd5851379d7ae4e8897a0b23a28892ac500ac
-  data.tar.gz: 0f0af15d52b8894b5ba4ec9a37f3fd8134c721dab38009a888ce32a14d1c363f
+  metadata.gz: c334e976d9f260a013086dc61180d889e594d64cb32bebda6c5352610c3646fe
+  data.tar.gz: f763783ce3f4fdfc5d12cf126f487cb08d25108dd6bb84baf954b12a782d81f2
 SHA512:
-  metadata.gz: f4c5f936a5e0e4d3a08461ba2ce0db9b56668266f850f541a6a6c769238a04382ce7f9bf2e4070874b1b9bb3374c3abeba393788e216788bc67662449ec352f3
-  data.tar.gz: 911aa9c502d8fcef4fe2e9457ce1028148d282c3d99d514bffe8cd54c72ddf383a14cc9298a3029732e20b9566a2e6564365c389a6c5560bd1c8be55691dbd20
+  metadata.gz: 4f0390a5238cac85411e54293d6091e2b6c6ca1042c9cf701d27766afd8b77924ef4b7633aa71055a4fd236be797d2d489e1af8b575213e5962b029d6ada55f8
+  data.tar.gz: b282cc0b410b405a75765d1198ee2c0694e1834761a584f611fa5f215c4cd0d41a88a9fef1fe7967aba0d3e65ee9c053924202911e2d33e7383500b51dbec2f3

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sentry-sanitize (0.3.0)
+    sentry-sanitize (0.4.0)
 
 GEM
   remote: https://rubygems.org/

data/lib/sentry/sanitize/processor/custom_sanitize_data.rb

@@ -5,11 +5,13 @@ require 'sentry/sanitize/processor/sanitize_data'
 require 'sentry/sanitize/processor/utf8conversion'
 
 module Sentry
-  class Processor::CustomSanitizeData < Processor::SanitizeData
-    def initialize(sanitize_fields)
-      self.sanitize_fields = sanitize_fields
-      self.sanitize_credit_cards = true
-      self.sanitize_fields_excluded = []
+  module Sanitize
+    class Processor::CustomSanitizeData < Processor::SanitizeData
+      def initialize(sanitize_fields)
+        self.sanitize_fields = sanitize_fields
+        self.sanitize_credit_cards = true
+        self.sanitize_fields_excluded = []
+      end
     end
   end
 end

data/lib/sentry/sanitize/processor/sanitize_data.rb

@@ -3,134 +3,136 @@
 require 'json'
 
 module Sentry
-  class Processor::SanitizeData < Processor
-    DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec).freeze
-    CREDIT_CARD_RE = /\b(?:3[47]\d|(?:4\d|5[1-5]|65)\d{2}|6011)\d{12}\b/.freeze
-    QUERY_STRING = ['query_string', :query_string].freeze
-    JSON_STARTS_WITH = ["[", "{"].freeze
-
-    attr_accessor :sanitize_fields, :sanitize_credit_cards, :sanitize_fields_excluded
-
-    def initialize(client)
-      super
-      self.sanitize_fields = client.configuration.sanitize_fields
-      self.sanitize_credit_cards = client.configuration.sanitize_credit_cards
-      self.sanitize_fields_excluded = client.configuration.sanitize_fields_excluded
-    end
+  module Sanitize
+    class Processor::SanitizeData < Processor
+      DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec).freeze
+      CREDIT_CARD_RE = /\b(?:3[47]\d|(?:4\d|5[1-5]|65)\d{2}|6011)\d{12}\b/.freeze
+      QUERY_STRING = ['query_string', :query_string].freeze
+      JSON_STARTS_WITH = ["[", "{"].freeze
+
+      attr_accessor :sanitize_fields, :sanitize_credit_cards, :sanitize_fields_excluded
+
+      def initialize(client)
+        super
+        self.sanitize_fields = client.configuration.sanitize_fields
+        self.sanitize_credit_cards = client.configuration.sanitize_credit_cards
+        self.sanitize_fields_excluded = client.configuration.sanitize_fields_excluded
+      end
 
-    def process(value, key = nil)
-      case value
-      when Hash
-        sanitize_hash_value(key, value)
-      when Array
-        sanitize_array_value(key, value)
-      when Integer
-        matches_regexes?(key, value.to_s) ? INT_MASK : value
-      when String
-        sanitize_string_value(key, value)
-      else
-        value
+      def process(value, key = nil)
+        case value
+        when Hash
+          sanitize_hash_value(key, value)
+        when Array
+          sanitize_array_value(key, value)
+        when Integer
+          matches_regexes?(key, value.to_s) ? INT_MASK : value
+        when String
+          sanitize_string_value(key, value)
+        else
+          value
+        end
       end
-    end
 
-    private
+      private
 
-    # CGI.parse takes our nice UTF-8 strings and converts them back to ASCII,
-    # so we have to convert them back, again.
-    def utf8_processor
-      @utf8_processor ||= Processor::UTF8Conversion.new
-    end
+      # CGI.parse takes our nice UTF-8 strings and converts them back to ASCII,
+      # so we have to convert them back, again.
+      def utf8_processor
+        @utf8_processor ||= Processor::UTF8Conversion.new
+      end
 
-    def sanitize_hash_value(key, value)
-      if key =~ sensitive_fields
-        STRING_MASK
-      elsif value.frozen?
-        value.merge(value) { |k, v| process v, k }
-      else
-        value.merge!(value) { |k, v| process v, k }
+      def sanitize_hash_value(key, value)
+        if key =~ sensitive_fields
+          STRING_MASK
+        elsif value.frozen?
+          value.merge(value) { |k, v| process v, k }
+        else
+          value.merge!(value) { |k, v| process v, k }
+        end
       end
-    end
 
-    def sanitize_array_value(key, value)
-      if value.frozen?
-        value.map { |v| process v, key }
-      else
-        value.map! { |v| process v, key }
+      def sanitize_array_value(key, value)
+        if value.frozen?
+          value.map { |v| process v, key }
+        else
+          value.map! { |v| process v, key }
+        end
       end
-    end
 
-    def sanitize_string_value(key, value)
-      if value =~ sensitive_fields && (json = parse_json_or_nil(value))
-        # if this string is actually a json obj, convert and sanitize
-        process(json).to_json
-      elsif matches_regexes?(key, value)
-        STRING_MASK
-      elsif QUERY_STRING.include?(key)
-        sanitize_query_string(value)
-      elsif value =~ sensitive_fields
-        sanitize_sensitive_string_content(value)
-      else
-        value
+      def sanitize_string_value(key, value)
+        if value =~ sensitive_fields && (json = parse_json_or_nil(value))
+          # if this string is actually a json obj, convert and sanitize
+          process(json).to_json
+        elsif matches_regexes?(key, value)
+          STRING_MASK
+        elsif QUERY_STRING.include?(key)
+          sanitize_query_string(value)
+        elsif value =~ sensitive_fields
+          sanitize_sensitive_string_content(value)
+        else
+          value
+        end
       end
-    end
 
-    def sanitize_query_string(query_string)
-      query_hash = CGI.parse(query_string)
-      sanitized = utf8_processor.process(query_hash)
-      processed_query_hash = process(sanitized)
-      URI.encode_www_form(processed_query_hash)
-    end
+      def sanitize_query_string(query_string)
+        query_hash = CGI.parse(query_string)
+        sanitized = utf8_processor.process(query_hash)
+        processed_query_hash = process(sanitized)
+        URI.encode_www_form(processed_query_hash)
+      end
 
-    # this scrubs some sensitive info from the string content. for example:
-    #
-    # ```
-    # unexpected token at '{
-    # "role": "admin","password": "Abc@123","foo": "bar"
-    # }'
-    # ```
-    #
-    # will become
-    #
-    # ```
-    # unexpected token at '{
-    # "role": "admin","password": *******,"foo": "bar"
-    # }'
-    # ```
-    #
-    # it's particularly useful in hash or param-parsing related errors
-    def sanitize_sensitive_string_content(value)
-      value.gsub(/(#{sensitive_fields}['":]\s?(:|=>)?\s?)(".*?"|'.*?')/, '\1' + STRING_MASK)
-    end
+      # this scrubs some sensitive info from the string content. for example:
+      #
+      # ```
+      # unexpected token at '{
+      # "role": "admin","password": "Abc@123","foo": "bar"
+      # }'
+      # ```
+      #
+      # will become
+      #
+      # ```
+      # unexpected token at '{
+      # "role": "admin","password": *******,"foo": "bar"
+      # }'
+      # ```
+      #
+      # it's particularly useful in hash or param-parsing related errors
+      def sanitize_sensitive_string_content(value)
+        value.gsub(/(#{sensitive_fields}['":]\s?(:|=>)?\s?)(".*?"|'.*?')/, '\1' + STRING_MASK)
+      end
 
-    def matches_regexes?(k, v)
-      (sanitize_credit_cards && v =~ CREDIT_CARD_RE) ||
-        k =~ sensitive_fields
-    end
+      def matches_regexes?(k, v)
+        (sanitize_credit_cards && v =~ CREDIT_CARD_RE) ||
+          k =~ sensitive_fields
+      end
 
-    def sensitive_fields
-      return @sensitive_fields if instance_variable_defined?(:@sensitive_fields)
+      def sensitive_fields
+        return @sensitive_fields if instance_variable_defined?(:@sensitive_fields)
 
-      fields = DEFAULT_FIELDS | sanitize_fields
-      fields -= sanitize_fields_excluded
-      @sensitive_fields = /#{fields.map do |f|
-        use_boundary?(f) ? "\\b#{f}\\b" : f
-      end.join("|")}/i
-    end
+        fields = DEFAULT_FIELDS | sanitize_fields
+        fields -= sanitize_fields_excluded
+        @sensitive_fields = /#{fields.map do |f|
+          use_boundary?(f) ? "\\b#{f}\\b" : f
+        end.join("|")}/i
+      end
 
-    def use_boundary?(string)
-      !DEFAULT_FIELDS.include?(string) && !special_characters?(string)
-    end
+      def use_boundary?(string)
+        !DEFAULT_FIELDS.include?(string) && !special_characters?(string)
+      end
 
-    def special_characters?(string)
-      REGEX_SPECIAL_CHARACTERS.select { |r| string.include?(r) }.any?
-    end
+      def special_characters?(string)
+        REGEX_SPECIAL_CHARACTERS.select { |r| string.include?(r) }.any?
+      end
 
-    def parse_json_or_nil(string)
-      return unless string.start_with?(*JSON_STARTS_WITH)
+      def parse_json_or_nil(string)
+        return unless string.start_with?(*JSON_STARTS_WITH)
 
-      JSON.parse(string)
-    rescue JSON::ParserError, NoMethodError
-      nil
+        JSON.parse(string)
+      rescue JSON::ParserError, NoMethodError
+        nil
+      end
     end
   end
 end

data/lib/sentry/sanitize/processor/utf8conversion.rb

@@ -1,53 +1,55 @@
 module Sentry
-  class Processor::UTF8Conversion < Processor
-    # Slightly misnamed - actually just removes any bytes with invalid encoding
-    # Previously, our JSON backend required UTF-8. Since we now use the built-in
-    # JSON, we can use any encoding, but it must be valid anyway so we can do
-    # things like call #match and #slice on strings
-    REPLACE = "".freeze
+  module Sanitize
+    class Processor::UTF8Conversion < Processor
+      # Slightly misnamed - actually just removes any bytes with invalid encoding
+      # Previously, our JSON backend required UTF-8. Since we now use the built-in
+      # JSON, we can use any encoding, but it must be valid anyway so we can do
+      # things like call #match and #slice on strings
+      REPLACE = "".freeze
 
-    def process(value)
-      case value
-      when Hash
-        !value.frozen? ? value.merge!(value) { |_, v| process v } : value.merge(value) { |_, v| process v }
-      when Array
-        !value.frozen? ? value.map! { |v| process v } : value.map { |v| process v }
-      when Exception
-        return value if value.message.valid_encoding?
+      def process(value)
+        case value
+        when Hash
+          !value.frozen? ? value.merge!(value) { |_, v| process v } : value.merge(value) { |_, v| process v }
+        when Array
+          !value.frozen? ? value.map! { |v| process v } : value.map { |v| process v }
+        when Exception
+          return value if value.message.valid_encoding?
 
-        clean_exc = value.class.new(remove_invalid_bytes(value.message))
-        clean_exc.set_backtrace(value.backtrace)
-        clean_exc
-      when String
-        # Encoding::BINARY / Encoding::ASCII_8BIT is a special binary encoding.
-        # valid_encoding? will always return true because it contains all codepoints,
-        # so instead we check if it only contains actual ASCII codepoints, and if
-        # not we assume it's actually just UTF8 and scrub accordingly.
-        if value.encoding == Encoding::BINARY && !value.ascii_only?
-          value = value.dup
-          value.force_encoding(Encoding::UTF_8)
-        end
-        return value if value.valid_encoding?
+          clean_exc = value.class.new(remove_invalid_bytes(value.message))
+          clean_exc.set_backtrace(value.backtrace)
+          clean_exc
+        when String
+          # Encoding::BINARY / Encoding::ASCII_8BIT is a special binary encoding.
+          # valid_encoding? will always return true because it contains all codepoints,
+          # so instead we check if it only contains actual ASCII codepoints, and if
+          # not we assume it's actually just UTF8 and scrub accordingly.
+          if value.encoding == Encoding::BINARY && !value.ascii_only?
+            value = value.dup
+            value.force_encoding(Encoding::UTF_8)
+          end
+          return value if value.valid_encoding?
 
-        remove_invalid_bytes(value)
-      else
-        value
+          remove_invalid_bytes(value)
+        else
+          value
+        end
       end
-    end
 
-    private
+      private
 
-    # Stolen from RSpec
-    # https://github.com/rspec/rspec-support/blob/f0af3fd74a94ff7bb700f6ba06dbdc67bba17fbf/lib/rspec/support/encoded_string.rb#L120-L139
-    if String.method_defined?(:scrub) # 2.1+
-      def remove_invalid_bytes(string)
-        string.scrub(REPLACE)
-      end
-    else
-      def remove_invalid_bytes(string)
-        string.chars.map do |char|
-          char.valid_encoding? ? char : REPLACE
-        end.join
+      # Stolen from RSpec
+      # https://github.com/rspec/rspec-support/blob/f0af3fd74a94ff7bb700f6ba06dbdc67bba17fbf/lib/rspec/support/encoded_string.rb#L120-L139
+      if String.method_defined?(:scrub) # 2.1+
+        def remove_invalid_bytes(string)
+          string.scrub(REPLACE)
+        end
+      else
+        def remove_invalid_bytes(string)
+          string.chars.map do |char|
+            char.valid_encoding? ? char : REPLACE
+          end.join
+        end
       end
     end
   end

data/lib/sentry/sanitize/processor.rb

@@ -1,15 +1,17 @@
-module Raven
-  class Processor
-    STRING_MASK = '********'.freeze
-    INT_MASK = 0
-    REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
+module Sentry
+  module Sanitize
+    class Processor
+      STRING_MASK = '********'.freeze
+      INT_MASK = 0
+      REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
 
-    def initialize(client = nil)
-      @client = client
-    end
+      def initialize(client = nil)
+        @client = client
+      end
 
-    def process(_data)
-      raise NotImplementedError
+      def process(_data)
+        raise NotImplementedError
+      end
     end
   end
 end

data/lib/sentry/sanitize/version.rb

@@ -1,5 +1,5 @@
 module Sentry
   module Sanitize
-    VERSION = "0.3.0"
+    VERSION = "0.4.0"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sentry-sanitize
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Niko Roberts