sentry-sanitizer 0.5.1 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +4 -0
- data/lib/sentry/sanitizer/cleaner.rb +37 -14
- data/lib/sentry/sanitizer/configuration.rb +28 -3
- data/lib/sentry/sanitizer/configuration_mixin.rb +5 -2
- data/lib/sentry/sanitizer/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 28b8d09f046de5bcc8a49a8d45bb6085fcd8cc7a75b45c124d3852ed10d0d6a8
|
4
|
+
data.tar.gz: 81ca424f2d0621de3145ce51e33b832eae035b0a47b3d1e34ef12405e9635682
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7d0071d14501f30602faf1a8f9cbd66616a5f8f466f452e0e6d2f7c60c6fc5728b8bfcf9a29fb114945096b90b1b8d62fe44c4379372f724884c9e8820f6b2ff
|
7
|
+
data.tar.gz: 7bc07680b68c911b4ac150a3aeb7896ed7494700d74f9d5f6da2a2476e682d5fad35609e517c1aee3097f2f9994a2f54600966c201bcc0263475de964f41ccb7
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -12,6 +12,7 @@ Currently this gem provides following features
|
|
12
12
|
- [x] Sanitizing POST params
|
13
13
|
- [x] Sanitizing HTTP headers
|
14
14
|
- [x] Sanitizing cookies
|
15
|
+
- [x] Sanitizing query string
|
15
16
|
- [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
|
16
17
|
|
17
18
|
## Installation
|
@@ -55,6 +56,9 @@ Sentry.init do |config|
|
|
55
56
|
# You can sanitize all cookies with this setting
|
56
57
|
config.sanitize.cookies = true
|
57
58
|
|
59
|
+
# You can sanitize query string params for GET requests
|
60
|
+
config.sanitize.query_string = true
|
61
|
+
|
58
62
|
# ...
|
59
63
|
end
|
60
64
|
```
|
@@ -13,34 +13,39 @@ module Sentry
|
|
13
13
|
@fields = config.fields || []
|
14
14
|
@http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
|
15
15
|
@do_cookies = config.cookies || false
|
16
|
+
@do_query_string = config.query_string || false
|
17
|
+
@mask = config.mask || DEFAULT_MASK
|
16
18
|
end
|
17
19
|
|
18
20
|
def call(event)
|
19
21
|
if event.is_a?(Sentry::Event)
|
20
|
-
|
21
|
-
event.extra = sanitize_data(event.extra)
|
22
|
+
sanitize(event, :object) if event.request
|
22
23
|
elsif event.is_a?(Hash)
|
23
|
-
|
24
|
-
|
25
|
-
event['extra'] = sanitize_data(event['extra']) if event['extra']
|
26
|
-
event[:extra] = sanitize_data(event[:extra]) if event[:extra]
|
24
|
+
sanitize(event, :stringified_hash) if event['request']
|
25
|
+
sanitize(event, :symbolized_hash) if event[:request]
|
27
26
|
end
|
28
27
|
end
|
29
28
|
|
30
|
-
def
|
29
|
+
def sanitize(event, type)
|
31
30
|
case type
|
32
31
|
when :object
|
33
32
|
event.request.data = sanitize_data(event.request.data)
|
34
33
|
event.request.headers = sanitize_headers(event.request.headers)
|
35
34
|
event.request.cookies = sanitize_cookies(event.request.cookies)
|
35
|
+
event.request.query_string = sanitize_query_string(event.request.query_string)
|
36
|
+
event.extra = sanitize_data(event.extra)
|
36
37
|
when :stringified_hash
|
37
38
|
event['request']['data'] = sanitize_data(event['request']['data'])
|
38
39
|
event['request']['headers'] = sanitize_headers(event['request']['headers'])
|
39
40
|
event['request']['cookies'] = sanitize_cookies(event['request']['cookies'])
|
41
|
+
event['request']['query_string'] = sanitize_query_string(event['request']['query_string'])
|
42
|
+
event['extra'] = sanitize_data(event['extra'])
|
40
43
|
when :symbolized_hash
|
41
44
|
event[:request][:data] = sanitize_data(event[:request][:data])
|
42
45
|
event[:request][:headers] = sanitize_headers(event[:request][:headers])
|
43
46
|
event[:request][:cookies] = sanitize_cookies(event[:request][:cookies])
|
47
|
+
event[:request][:query_string] = sanitize_query_string(event[:request][:query_string])
|
48
|
+
event[:extra] = sanitize_data(event[:extra])
|
44
49
|
end
|
45
50
|
end
|
46
51
|
|
@@ -53,19 +58,23 @@ module Sentry
|
|
53
58
|
|
54
59
|
private
|
55
60
|
|
56
|
-
attr_reader :fields,
|
61
|
+
attr_reader :fields,
|
62
|
+
:http_headers,
|
63
|
+
:do_cookies,
|
64
|
+
:do_query_string,
|
65
|
+
:mask
|
57
66
|
|
58
67
|
# Sanitize specified headers
|
59
68
|
def sanitize_headers(headers)
|
60
69
|
case http_headers
|
61
70
|
when TrueClass
|
62
|
-
headers.transform_values {
|
71
|
+
headers.transform_values { mask }
|
63
72
|
when Array
|
64
73
|
return headers unless http_headers.size.positive?
|
65
74
|
http_headers_regex = sensitive_regexp(http_headers)
|
66
75
|
|
67
76
|
headers.keys.select { |key| key.match?(http_headers_regex) }.each do |key|
|
68
|
-
headers[key] =
|
77
|
+
headers[key] = mask
|
69
78
|
end
|
70
79
|
|
71
80
|
headers
|
@@ -76,10 +85,24 @@ module Sentry
|
|
76
85
|
|
77
86
|
# Sanitize all cookies
|
78
87
|
def sanitize_cookies(cookies)
|
79
|
-
return cookies unless cookies.is_a? Hash
|
80
88
|
return cookies unless do_cookies
|
89
|
+
return cookies unless cookies.is_a? Hash
|
90
|
+
|
91
|
+
cookies.transform_values { mask }
|
92
|
+
end
|
93
|
+
|
94
|
+
def sanitize_query_string(query_string)
|
95
|
+
return query_string unless do_query_string
|
96
|
+
return query_string unless query_string.is_a? String
|
97
|
+
|
98
|
+
sanitized_array = query_string.split('&').map do |kv_pair|
|
99
|
+
k, v = kv_pair.split('=')
|
100
|
+
new_v = sanitize_string(k, v)
|
101
|
+
|
102
|
+
"#{k}=#{new_v}"
|
103
|
+
end
|
81
104
|
|
82
|
-
|
105
|
+
sanitized_array.join('&')
|
83
106
|
end
|
84
107
|
|
85
108
|
def sanitize_value(value, key)
|
@@ -97,7 +120,7 @@ module Sentry
|
|
97
120
|
|
98
121
|
def sanitize_hash(key, value)
|
99
122
|
if key&.match?(sensitive_fields)
|
100
|
-
|
123
|
+
mask
|
101
124
|
elsif value.frozen?
|
102
125
|
value.merge(value) { |k, v| sanitize_value(v, k) }
|
103
126
|
else
|
@@ -114,7 +137,7 @@ module Sentry
|
|
114
137
|
end
|
115
138
|
|
116
139
|
def sanitize_string(key, value)
|
117
|
-
key&.match?(sensitive_fields) ?
|
140
|
+
key&.match?(sensitive_fields) ? mask : value
|
118
141
|
end
|
119
142
|
|
120
143
|
def sensitive_fields
|
@@ -24,10 +24,19 @@ module Sentry
|
|
24
24
|
|
25
25
|
module Sanitizer
|
26
26
|
class Configuration
|
27
|
-
attr_accessor :fields,
|
27
|
+
attr_accessor :fields,
|
28
|
+
:http_headers,
|
29
|
+
:cookies,
|
30
|
+
:query_string,
|
31
|
+
:mask
|
28
32
|
|
29
33
|
def configured?
|
30
|
-
[
|
34
|
+
[
|
35
|
+
fields,
|
36
|
+
http_headers,
|
37
|
+
cookies,
|
38
|
+
query_string
|
39
|
+
].any? { |setting| !setting.nil? }
|
31
40
|
end
|
32
41
|
|
33
42
|
def fields=(fields)
|
@@ -48,11 +57,27 @@ module Sentry
|
|
48
57
|
|
49
58
|
def cookies=(cookies)
|
50
59
|
unless [TrueClass, FalseClass].include?(cookies.class)
|
51
|
-
raise ArgumentError, '
|
60
|
+
raise ArgumentError, 'cookies must be boolean'
|
52
61
|
end
|
53
62
|
|
54
63
|
@cookies = cookies
|
55
64
|
end
|
65
|
+
|
66
|
+
def query_string=(query_string)
|
67
|
+
unless [TrueClass, FalseClass].include?(query_string.class)
|
68
|
+
raise ArgumentError, 'query_string must be boolean'
|
69
|
+
end
|
70
|
+
|
71
|
+
@query_string = query_string
|
72
|
+
end
|
73
|
+
|
74
|
+
def mask=(mask)
|
75
|
+
unless mask.is_a?(String)
|
76
|
+
raise ArgumentError, 'mask must be string'
|
77
|
+
end
|
78
|
+
|
79
|
+
@mask = mask
|
80
|
+
end
|
56
81
|
end
|
57
82
|
end
|
58
83
|
end
|
@@ -2,12 +2,15 @@ module Sentry
|
|
2
2
|
module Sanitizer
|
3
3
|
module ConfigurationMixin
|
4
4
|
# Allow adding multiple hooks for this extension
|
5
|
+
#
|
6
|
+
# @param [nil, false, #call] value
|
7
|
+
#
|
5
8
|
def before_send=(value)
|
6
|
-
unless value == nil || value.respond_to?(:call)
|
9
|
+
unless value == nil || value == false || value.respond_to?(:call)
|
7
10
|
raise ArgumentError, "before_send must be callable (or false to disable)"
|
8
11
|
end
|
9
12
|
|
10
|
-
return
|
13
|
+
return unless value
|
11
14
|
|
12
15
|
@before_send_hook_list ||= []
|
13
16
|
@before_send_hook_list << value
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sentry-sanitizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Valentine Kiselev
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: codecov
|
@@ -156,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
156
156
|
- !ruby/object:Gem::Version
|
157
157
|
version: '0'
|
158
158
|
requirements: []
|
159
|
-
rubygems_version: 3.
|
159
|
+
rubygems_version: 3.2.32
|
160
160
|
signing_key:
|
161
161
|
specification_version: 4
|
162
162
|
summary: Sanitizing middleware for sentry-ruby gem
|