sentry-sanitizer 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -2
- data/Gemfile.lock +19 -22
- data/README.md +1 -0
- data/lib/sentry/sanitizer/cleaner.rb +20 -2
- data/lib/sentry/sanitizer/configuration.rb +11 -3
- data/lib/sentry/sanitizer/version.rb +1 -1
- data/sentry-sanitizer.gemspec +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f83f2a0c9bb759f6f43b1b25f3219e403123d8bdade87f5aa8f6838269e432e7
|
|
4
|
+
data.tar.gz: 9230c77fb3a9a178d457068e2ca03f5e8491f0778ff1cb8d76e8c2a612b6c409
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7ec44c8b25b101d9fb01ec0472e1e6338db2c9d5385599f91341c911c9754951005d574d86a868fb13a4120c2a517e91d2334e2b9e93e4253adff9d0d77babf
|
|
7
|
+
data.tar.gz: 52e91220a7cc128f9c02e20889187cf2c2fe23bd7061b2e01e359f12b9da175fdc2a8218891676513b8ccc280da4afc0c3bf39e95dfabfecfaf1416b422fea67
|
data/.github/workflows/ci.yml
CHANGED
|
@@ -12,11 +12,10 @@ jobs:
|
|
|
12
12
|
strategy:
|
|
13
13
|
matrix:
|
|
14
14
|
include:
|
|
15
|
-
- { ruby_version: 2.4 }
|
|
16
15
|
- { ruby_version: 2.5 }
|
|
17
|
-
- { ruby_version: 2.4 }
|
|
18
16
|
- { ruby_version: 2.7 }
|
|
19
17
|
- { ruby_version: 3.0 }
|
|
18
|
+
- { ruby_version: 3.1 }
|
|
20
19
|
- { ruby_version: jruby }
|
|
21
20
|
steps:
|
|
22
21
|
- uses: actions/checkout@v1
|
data/Gemfile.lock
CHANGED
|
@@ -1,37 +1,34 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
sentry-sanitizer (0.
|
|
5
|
-
sentry-ruby (~> 5.3
|
|
4
|
+
sentry-sanitizer (0.6.0)
|
|
5
|
+
sentry-ruby (~> 5.3)
|
|
6
6
|
|
|
7
7
|
GEM
|
|
8
8
|
remote: https://rubygems.org/
|
|
9
9
|
specs:
|
|
10
|
-
codecov (0.
|
|
10
|
+
codecov (0.6.0)
|
|
11
11
|
simplecov (>= 0.15, < 0.22)
|
|
12
12
|
concurrent-ruby (1.1.10)
|
|
13
|
-
diff-lcs (1.
|
|
14
|
-
docile (1.
|
|
15
|
-
rack (2.2.3)
|
|
13
|
+
diff-lcs (1.5.0)
|
|
14
|
+
docile (1.4.0)
|
|
15
|
+
rack (2.2.3.1)
|
|
16
16
|
rake (10.5.0)
|
|
17
|
-
rspec (3.
|
|
18
|
-
rspec-core (~> 3.
|
|
19
|
-
rspec-expectations (~> 3.
|
|
20
|
-
rspec-mocks (~> 3.
|
|
21
|
-
rspec-core (3.
|
|
22
|
-
rspec-support (~> 3.
|
|
23
|
-
rspec-expectations (3.
|
|
17
|
+
rspec (3.11.0)
|
|
18
|
+
rspec-core (~> 3.11.0)
|
|
19
|
+
rspec-expectations (~> 3.11.0)
|
|
20
|
+
rspec-mocks (~> 3.11.0)
|
|
21
|
+
rspec-core (3.11.0)
|
|
22
|
+
rspec-support (~> 3.11.0)
|
|
23
|
+
rspec-expectations (3.11.0)
|
|
24
24
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
25
|
-
rspec-support (~> 3.
|
|
26
|
-
rspec-mocks (3.
|
|
25
|
+
rspec-support (~> 3.11.0)
|
|
26
|
+
rspec-mocks (3.11.1)
|
|
27
27
|
diff-lcs (>= 1.2.0, < 2.0)
|
|
28
|
-
rspec-support (~> 3.
|
|
29
|
-
rspec-support (3.
|
|
30
|
-
sentry-ruby (5.
|
|
28
|
+
rspec-support (~> 3.11.0)
|
|
29
|
+
rspec-support (3.11.0)
|
|
30
|
+
sentry-ruby (5.4.1)
|
|
31
31
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
32
|
-
sentry-ruby-core (= 5.3.1)
|
|
33
|
-
sentry-ruby-core (5.3.1)
|
|
34
|
-
concurrent-ruby
|
|
35
32
|
simplecov (0.18.5)
|
|
36
33
|
docile (~> 1.1)
|
|
37
34
|
simplecov-html (~> 0.11)
|
|
@@ -50,4 +47,4 @@ DEPENDENCIES
|
|
|
50
47
|
simplecov (~> 0.18.5)
|
|
51
48
|
|
|
52
49
|
BUNDLED WITH
|
|
53
|
-
2.
|
|
50
|
+
2.3.16
|
data/README.md
CHANGED
|
@@ -12,6 +12,7 @@ Currently this gem provides following features
|
|
|
12
12
|
- [x] Sanitizing POST params
|
|
13
13
|
- [x] Sanitizing HTTP headers
|
|
14
14
|
- [x] Sanitizing cookies
|
|
15
|
+
- [x] Sanitizing query string
|
|
15
16
|
- [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
|
|
16
17
|
|
|
17
18
|
## Installation
|
|
@@ -13,6 +13,7 @@ module Sentry
|
|
|
13
13
|
@fields = config.fields || []
|
|
14
14
|
@http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
|
|
15
15
|
@do_cookies = config.cookies || false
|
|
16
|
+
@do_query_string = config.query_string || false
|
|
16
17
|
end
|
|
17
18
|
|
|
18
19
|
def call(event)
|
|
@@ -33,14 +34,17 @@ module Sentry
|
|
|
33
34
|
event.request.data = sanitize_data(event.request.data)
|
|
34
35
|
event.request.headers = sanitize_headers(event.request.headers)
|
|
35
36
|
event.request.cookies = sanitize_cookies(event.request.cookies)
|
|
37
|
+
event.request.query_string = sanitize_query_string(event.request.query_string)
|
|
36
38
|
when :stringified_hash
|
|
37
39
|
event['request']['data'] = sanitize_data(event['request']['data'])
|
|
38
40
|
event['request']['headers'] = sanitize_headers(event['request']['headers'])
|
|
39
41
|
event['request']['cookies'] = sanitize_cookies(event['request']['cookies'])
|
|
42
|
+
event['request']['query_string'] = sanitize_query_string(event['request']['query_string'])
|
|
40
43
|
when :symbolized_hash
|
|
41
44
|
event[:request][:data] = sanitize_data(event[:request][:data])
|
|
42
45
|
event[:request][:headers] = sanitize_headers(event[:request][:headers])
|
|
43
46
|
event[:request][:cookies] = sanitize_cookies(event[:request][:cookies])
|
|
47
|
+
event[:request][:query_string] = sanitize_query_string(event[:request][:query_string])
|
|
44
48
|
end
|
|
45
49
|
end
|
|
46
50
|
|
|
@@ -53,7 +57,7 @@ module Sentry
|
|
|
53
57
|
|
|
54
58
|
private
|
|
55
59
|
|
|
56
|
-
attr_reader :fields, :http_headers, :do_cookies
|
|
60
|
+
attr_reader :fields, :http_headers, :do_cookies, :do_query_string
|
|
57
61
|
|
|
58
62
|
# Sanitize specified headers
|
|
59
63
|
def sanitize_headers(headers)
|
|
@@ -76,12 +80,26 @@ module Sentry
|
|
|
76
80
|
|
|
77
81
|
# Sanitize all cookies
|
|
78
82
|
def sanitize_cookies(cookies)
|
|
79
|
-
return cookies unless cookies.is_a? Hash
|
|
80
83
|
return cookies unless do_cookies
|
|
84
|
+
return cookies unless cookies.is_a? Hash
|
|
81
85
|
|
|
82
86
|
cookies.transform_values { DEFAULT_MASK }
|
|
83
87
|
end
|
|
84
88
|
|
|
89
|
+
def sanitize_query_string(query_string)
|
|
90
|
+
return query_string unless do_query_string
|
|
91
|
+
return query_string unless query_string.is_a? String
|
|
92
|
+
|
|
93
|
+
sanitized_array = query_string.split('&').map do |kv_pair|
|
|
94
|
+
k, v = kv_pair.split('=')
|
|
95
|
+
new_v = sanitize_string(k, v)
|
|
96
|
+
|
|
97
|
+
"#{k}=#{new_v}"
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
sanitized_array.join('&')
|
|
101
|
+
end
|
|
102
|
+
|
|
85
103
|
def sanitize_value(value, key)
|
|
86
104
|
case value
|
|
87
105
|
when Hash
|
|
@@ -24,10 +24,10 @@ module Sentry
|
|
|
24
24
|
|
|
25
25
|
module Sanitizer
|
|
26
26
|
class Configuration
|
|
27
|
-
attr_accessor :fields, :http_headers, :cookies
|
|
27
|
+
attr_accessor :fields, :http_headers, :cookies, :query_string
|
|
28
28
|
|
|
29
29
|
def configured?
|
|
30
|
-
[fields, http_headers, cookies].any? { |setting| !setting.nil? }
|
|
30
|
+
[fields, http_headers, cookies, query_string].any? { |setting| !setting.nil? }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
def fields=(fields)
|
|
@@ -48,11 +48,19 @@ module Sentry
|
|
|
48
48
|
|
|
49
49
|
def cookies=(cookies)
|
|
50
50
|
unless [TrueClass, FalseClass].include?(cookies.class)
|
|
51
|
-
raise ArgumentError, '
|
|
51
|
+
raise ArgumentError, 'cookies must be boolean'
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
@cookies = cookies
|
|
55
55
|
end
|
|
56
|
+
|
|
57
|
+
def query_string=(query_string)
|
|
58
|
+
unless [TrueClass, FalseClass].include?(query_string.class)
|
|
59
|
+
raise ArgumentError, 'query_string must be boolean'
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
@query_string = query_string
|
|
63
|
+
end
|
|
56
64
|
end
|
|
57
65
|
end
|
|
58
66
|
end
|
data/sentry-sanitizer.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sentry-sanitizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Valentine Kiselev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-09-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: codecov
|
|
@@ -100,14 +100,14 @@ dependencies:
|
|
|
100
100
|
requirements:
|
|
101
101
|
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 5.3
|
|
103
|
+
version: '5.3'
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 5.3
|
|
110
|
+
version: '5.3'
|
|
111
111
|
description: Add missing sanitizing support for sentry-ruby (previous sentry-raven)
|
|
112
112
|
email:
|
|
113
113
|
- mrexox@outlook.com
|
|
@@ -156,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
156
156
|
- !ruby/object:Gem::Version
|
|
157
157
|
version: '0'
|
|
158
158
|
requirements: []
|
|
159
|
-
rubygems_version: 3.
|
|
159
|
+
rubygems_version: 3.2.3
|
|
160
160
|
signing_key:
|
|
161
161
|
specification_version: 4
|
|
162
162
|
summary: Sanitizing middleware for sentry-ruby gem
|