sentry-sanitizer 0.1.1 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 828e9c8127ee2cf145f56ddd014f1c35f4b4994696cd2b7672e7cd8729a994a4
-  data.tar.gz: 2e26bb264dc53d196f9e601ec1372ea9b791c5c2391380147a3b7f04117c65db
+  metadata.gz: 467bf578a00781bcbd0b1f6e239f9fcdbf9284130bb6e3816d0b772afbb9c910
+  data.tar.gz: 824f019bb5499f1829c188b76f97e63a749d6f6448c2a440a15c05dfe0053e62
 SHA512:
-  metadata.gz: 596f541d0d381bc538f8f8129b2bd34186358f427eccfb9d72f96db140323d52b61dfcdc8d3ab3d43c78485c3cd9b2b85b2a30ed453b2c97e1a695674c010dfe
-  data.tar.gz: adde04a80883da1e655715f40c7a05bf6abf8408ec8deecd2830927f37ca1a556ae148b8fd39251e65791a7ef2362daa8e0e720cd2da97e980384a35baba287b
+  metadata.gz: 3be12a7b4c5043134879e9964d84ba4b0cb7ab3a7dd23898074f83e4679eb509e7badc189367aa9e9d2fb132ef24020bfbe2b3c7668e43b9ee79e169ade871a3
+  data.tar.gz: b81b96a41689cb976137f7c83db0f82687ea09420bd85f826a0d2554b562c5922fdd00c9fc1c461acca3f419eac161a31845c8d546d5ba3cac8bd7ca07128839

data/.github/workflows/ci.yml

@@ -0,0 +1,37 @@
+name: CI
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+jobs:
+  rspec:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - { ruby_version: 2.4 }
+          - { ruby_version: 2.5 }
+          - { ruby_version: 2.4 }
+          - { ruby_version: 2.7 }
+          - { ruby_version: 3.0 }
+          - { ruby_version: jruby }
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Set up Ruby ${{ matrix.ruby_version }}
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler: 2
+          ruby-version: ${{ matrix.ruby_version }}
+
+      - name: Run specs
+        run: |
+          bundle install --jobs 4 --retry 3 --no-cache
+          bundle exec rspec
+
+      - uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+# Changelog
+
+## Unreleased
+
+## 0.2.1
+- Rework header cleaning to adhere to documentation in readme and not crash without configuration [#1](https://github.com/mrexox/sentry-sanitizer/pull/1)

data/Gemfile.lock

@@ -1,20 +1,24 @@
 PATH
   remote: .
   specs:
-    sentry-sanitizer (0.1.0)
+    sentry-sanitizer (0.2.1)
       sentry-ruby (~> 4.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
+    codecov (0.4.3)
+      simplecov (>= 0.15, < 0.22)
     concurrent-ruby (1.1.8)
     diff-lcs (1.4.4)
+    docile (1.3.5)
     faraday (1.3.0)
       faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
     faraday-net_http (1.0.1)
     multipart-post (2.1.1)
+    rack (2.2.3)
     rake (10.5.0)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
@@ -37,15 +41,22 @@ GEM
     sentry-ruby-core (4.2.0)
       concurrent-ruby
       faraday
+    simplecov (0.18.5)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
   bundler (>= 1.17)
+  codecov
+  rack
   rake (~> 10.0)
   rspec (~> 3.0)
   sentry-sanitizer!
+  simplecov (~> 0.18.5)
 
 BUNDLED WITH
    2.1.4

data/LICENSE.txt

@@ -1,21 +1,13 @@
-The MIT License (MIT)
+The BSD-3-Clause license
 
 Copyright (c) 2021 Valentine Kiselev
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -1,15 +1,27 @@
-# Sentry::Sanitizer
+![CI](https://github.com/mrexox/sentry-sanitizer/workflows/CI/badge.svg)
+[![Gem Version](https://badge.fury.io/rb/sentry-sanitizer.svg)](https://badge.fury.io/rb/sentry-sanitizer)
+[![codecov](https://codecov.io/gh/mrexox/sentry-sanitizer/branch/master/graph/badge.svg?token=QW93HCVI0W)](https://codecov.io/gh/mrexox/sentry-sanitizer)
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/sentry/sanitizer`. To experiment with that code, run `bin/console` for an interactive prompt.
+# sentry-sanitizer: sanitizing extension for sentry-ruby
 
-TODO: Delete this and the text above, and describe your gem
+This gem aimed to add sanitizing support to [sentry-ruby](https://rubygems.org/gems/sentry-ruby) gem.
+
+[sentry-raven](https://rubygems.org/gems/sentry-raven) gem had this apportunity but it is no longer supported. Moving from `sentry-raven` to `sentry-ruby` can surprise you with missing this ability. But you can still use `sentry-sanitizer` (with a little change to configuration).
+
+Currently this gem provides following features
+- [x] Sanitizing POST params
+- [x] Sanitizing HTTP headers
+- [x] Sanitizing cookies
+- [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
 
 ## Installation
 
+:warning: Please, don't use `0.1.*` version as it was experimental and not usable at all.
+
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'sentry-sanitizer'
+gem 'sentry-sanitizer', '>= 0.2.0'
 ```
 
 And then execute:
@@ -22,7 +34,30 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+Add following lines to your Sentry configuration:
+
+```ruby
+Sentry.init do |config|
+  # ... your configuration
+
+  # If using Rails
+  config.sanitize.fields = Rails.application.config.filter_parameters
+
+  # You can also pass custom array
+  config.sanitize.fields = %w[password super_secret_token]
+
+  # HTTP headers can be sanitized too (it is case insensitive)
+  config.sanitize.http_headers = %w[Authorization X-Xsrf-Token]
+
+  # You can sanitize all HTTP headers with setting `true` value
+  config.sanitize.http_headers = true
+
+  # You can sanitize all cookies with this setting
+  config.sanitize.cookies = true
+
+  # ...
+end
+```
 
 ## Development
 
@@ -32,8 +67,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/sentry-sanitizer.
+Bug reports and pull requests are welcome on GitHub at https://github.com/mrexox/sentry-sanitizer.
 
 ## License
 
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The gem is available as open source under the terms of the [BSD-3-Clause License](https://opensource.org/licenses/BSD-3-Clause).

data/Rakefile

@@ -1,9 +1,6 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
-require "bundler/gem_helper"
-Bundler::GemHelper.install_tasks(name: "sentry-sanitizer")
-
 RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec

data/lib/sentry/sanitizer/cleaner.rb

@@ -1,12 +1,6 @@
 module Sentry
   module Sanitizer
     class Cleaner
-      HOOK = ->(event, hint) do
-        Sentry::Sanitizer::Cleaner.new(Sentry.configuration.sanitize).call(event)
-
-        event
-      end.freeze
-
       DEFAULT_MASK = '[FILTERED]'.freeze
       DEFAULT_SENSITIVE_HEADERS = %w[
         Authorization
@@ -17,44 +11,74 @@ module Sentry
 
       def initialize(config)
         @fields = config.fields || []
-        @http_headers = config.http_headers || []
-        @cookies = config.cookies || false
+        @http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
+        @do_cookies = config.cookies || false
       end
 
       def call(event)
         if event.is_a?(Sentry::Event)
-          event.request = sanitize_request(event.request) if event.request
-          event.extra = sanitize_hash(event.extra) if event.extra
+          sanitize_request(event, :object) if event.request
+          event.extra = sanitize_data(event.extra)
+        elsif event.is_a?(Hash)
+          sanitize_request(event, :stringified_hash) if event['request']
+          sanitize_request(event, :symbolized_hash) if event[:request]
+          event['extra'] = sanitize_data(event['extra']) if event['extra']
+          event[:extra] = sanitize_data(event[:extra]) if event[:extra]
         end
       end
 
-      def sanitize_request(request)
-        request.data = sanitize_hash(request.data) if fields
-        request.headers = sanitize_headers(request.headers) if http_headers
-        request.cookies = sanitize_cookies(request.cookies) if cookies
+      def sanitize_request(event, type)
+        case type
+        when :object
+          event.request.data = sanitize_data(event.request.data)
+          event.request.headers = sanitize_headers(event.request.headers)
+          event.request.cookies = sanitize_cookies(event.request.cookies)
+        when :stringified_hash
+          event['request']['data'] = sanitize_data(event['request']['data'])
+          event['request']['headers'] = sanitize_headers(event['request']['headers'])
+          event['request']['cookies'] = sanitize_cookies(event['request']['cookies'])
+        when :symbolized_hash
+          event[:request][:data] = sanitize_data(event[:request][:data])
+          event[:request][:headers] = sanitize_headers(event[:request][:headers])
+          event[:request][:cookies] = sanitize_cookies(event[:request][:cookies])
+        end
       end
 
-      def sanitize_hash(hash)
-        return if hash.blank?
+      def sanitize_data(hash)
+        return hash unless hash.is_a? Hash
+        return hash unless fields.size.positive?
 
         sanitize_value(hash, nil)
       end
 
       private
 
-      attr_reader :fields, :http_headers, :cookies
+      attr_reader :fields, :http_headers, :do_cookies
 
       # Sanitize specified headers
       def sanitize_headers(headers)
-        headers.keys.select { |key| key.match?(sensitive_headers) }.each do |key|
-          headers[key] = DEFAULT_MASK
-        end
+        case http_headers
+        when TrueClass
+          headers.transform_values { DEFAULT_MASK }
+        when Array
+          return headers unless http_headers.size.positive?
+          http_headers_regex = sensitive_regexp(http_headers)
+
+          headers.keys.select { |key| key.match?(http_headers_regex) }.each do |key|
+            headers[key] = DEFAULT_MASK
+          end
 
-        headers
+          headers
+        else
+          headers
+        end
       end
 
       # Sanitize all cookies
       def sanitize_cookies(cookies)
+        return cookies unless cookies.is_a? Hash
+        return cookies unless do_cookies
+
         cookies.transform_values { DEFAULT_MASK }
       end
 
@@ -97,10 +121,6 @@ module Sentry
         @sensitive_fields ||= sensitive_regexp(fields)
       end
 
-      def sensitive_headers
-        @sensitive_headers ||= sensitive_regexp(DEFAULT_SENSITIVE_HEADERS | http_headers)
-      end
-
       def sensitive_regexp(fields)
         Regexp.new(fields.map { |field| "\\b#{field}\\b" }.join('|'), 'i')
       end

data/lib/sentry/sanitizer/configuration.rb

@@ -1,57 +1,24 @@
 require 'sentry/configuration'
 require 'sentry/sanitizer/cleaner'
+require 'sentry/sanitizer/configuration_mixin'
 
 module Sentry
   # Monkey-patching Sentry::Configuration
   class Configuration
-    # Allow adding multiple hooks for this extension
-    def before_send=(value)
-      unless value == false || value.respond_to?(:call)
-        raise ArgumentError, "before_send must be callable (or false to disable)"
-      end
-
-      return value if value == false
+    # Add sanitizing configuration
+    attr_reader :sanitize
 
-      @before_send_hook_list ||= []
-      @before_send_hook_list << value
-
-      @before_send = ->(event, hint) {
-        @before_send_hook_list.each do |hook|
-          event = hook.call(event, hint)
-        end
-      }
-    end
+    # Patch before_send method so it could support more than one call
+    prepend Sentry::Sanitizer::ConfigurationMixin
 
-    def sanitize
+    add_post_initialization_callback do
       @sanitize ||= Sentry::Sanitizer::Configuration.new
-    end
 
-    def sanitize_fields=(fields)
-      unless fields.is_a? Array
-        raise ArgumentError, 'sanitize_fields must be array'
-      end
+      self.before_send = ->(event, hint) do
+        Sentry::Sanitizer::Cleaner.new(Sentry.configuration.sanitize).call(event)
 
-      sanitize.fields = fields
-    end
-
-    def sanitize_http_headers=(headers)
-      unless headers.is_a? Array
-        raise ArgumentError, 'sanitize_http_headers must be array'
+        event
       end
-
-      sanitize.http_headers = headers
-    end
-
-    def sanitize_cookies=(cookies)
-      unless [TrueClass, FalseClass].include?(cookies.class)
-        raise ArgumentError, 'sanitize_cookies must be boolean'
-      end
-
-      sanitize.cookies = cookies
-    end
-
-    add_post_initialization_callback do
-      self.before_send = Sentry::Sanitizer::Cleaner::HOOK if sanitize.configured?
     end
   end
 
@@ -62,6 +29,30 @@ module Sentry
       def configured?
         [fields, http_headers, cookies].any? { |setting| !setting.nil? }
       end
+
+      def fields=(fields)
+        unless fields.is_a? Array
+          raise ArgumentError, 'sanitize_fields must be array'
+        end
+
+        @fields = fields
+      end
+
+      def http_headers=(headers)
+        unless [Array, TrueClass, FalseClass].include?(headers.class)
+          raise ArgumentError, 'sanitize_http_headers must be array'
+        end
+
+        @http_headers = headers
+      end
+
+      def cookies=(cookies)
+        unless [TrueClass, FalseClass].include?(cookies.class)
+          raise ArgumentError, 'sanitize_cookies must be boolean'
+        end
+
+        @cookies = cookies
+      end
     end
   end
 end

data/lib/sentry/sanitizer/configuration_mixin.rb

@@ -0,0 +1,25 @@
+module Sentry
+  module Sanitizer
+    module ConfigurationMixin
+      # Allow adding multiple hooks for this extension
+      def before_send=(value)
+        unless value == false || value.respond_to?(:call)
+          raise ArgumentError, "before_send must be callable (or false to disable)"
+        end
+
+        return value if value == false
+
+        @before_send_hook_list ||= []
+        @before_send_hook_list << value
+
+        @before_send = ->(event, hint) {
+          @before_send_hook_list.each do |hook|
+            event = hook.call(event, hint)
+          end
+
+          event
+        }
+      end
+    end
+  end
+end

data/lib/sentry/sanitizer/version.rb

@@ -1,5 +1,5 @@
 module Sentry
   module Sanitizer
-    VERSION = "0.1.1"
+    VERSION = '0.2.1'
   end
 end

data/sentry-sanitizer.gemspec

@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['mrexox@outlook.com']
 
   spec.summary       = %q{Sanitizing middleware for sentry-ruby gem}
-  spec.description   = %q{Add missing sanitizing support for sentry-ruby (previous sentry-rav)}
+  spec.description   = %q{Add missing sanitizing support for sentry-ruby (previous sentry-raven)}
   spec.homepage      = 'https://github.com/mrexox/sentry-sanitizer'
   spec.license       = 'BSD'
 
@@ -27,9 +27,14 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ['lib']
 
+  # Codecov
+  spec.add_development_dependency 'codecov'
+  spec.add_development_dependency 'simplecov', '~> 0.18.5'
+
   spec.add_development_dependency 'bundler', '>= 1.17'
   spec.add_development_dependency 'rake', '~> 10.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'rack'
 
   spec.add_runtime_dependency 'sentry-ruby', '~> 4.2.0'
 end

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: sentry-sanitizer
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Valentine Kiselev
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-05 00:00:00.000000000 Z
+date: 2021-02-27 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: codecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.18.5
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sentry-ruby
   requirement: !ruby/object:Gem::Requirement
@@ -66,16 +108,18 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 4.2.0
-description: Add missing sanitizing support for sentry-ruby (previous sentry-rav)
+description: Add missing sanitizing support for sentry-ruby (previous sentry-raven)
 email:
 - mrexox@outlook.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -87,6 +131,7 @@ files:
 - lib/sentry/sanitizer.rb
 - lib/sentry/sanitizer/cleaner.rb
 - lib/sentry/sanitizer/configuration.rb
+- lib/sentry/sanitizer/configuration_mixin.rb
 - lib/sentry/sanitizer/version.rb
 - sentry-sanitizer.gemspec
 homepage: https://github.com/mrexox/sentry-sanitizer