sentry-sanitizer 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5e72465155d2d2f7cfca7b160dfced31c2c85543670e7b863fae6cd73c6d0a7
-  data.tar.gz: 0fd2e9911a2a89ff07be1dd899cbf02e000ac277c81bc55f8f09ddab3d3ac5fe
+  metadata.gz: f83f2a0c9bb759f6f43b1b25f3219e403123d8bdade87f5aa8f6838269e432e7
+  data.tar.gz: 9230c77fb3a9a178d457068e2ca03f5e8491f0778ff1cb8d76e8c2a612b6c409
 SHA512:
-  metadata.gz: 32d5b51b6426f5ee5fd808e5cf2c2483170d16128e211091f8040a34364a7f0a6b049ed2d65c96c555ece5825332327e4af6eb5818e94a71f244a85c57af2c41
-  data.tar.gz: 1ba0f966fb062fdf220751af4af907db6a323f3b982051e62ec7b599e3e9f4c95a51003853cee0afcdb8b1b14bacc78861642c4deb8a0a75938e4380fa11cd6a
+  metadata.gz: b7ec44c8b25b101d9fb01ec0472e1e6338db2c9d5385599f91341c911c9754951005d574d86a868fb13a4120c2a517e91d2334e2b9e93e4253adff9d0d77babf
+  data.tar.gz: 52e91220a7cc128f9c02e20889187cf2c2fe23bd7061b2e01e359f12b9da175fdc2a8218891676513b8ccc280da4afc0c3bf39e95dfabfecfaf1416b422fea67

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sentry-sanitizer (0.5.1)
+    sentry-sanitizer (0.6.0)
       sentry-ruby (~> 5.3)
 
 GEM

data/README.md

@@ -12,6 +12,7 @@ Currently this gem provides following features
 - [x] Sanitizing POST params
 - [x] Sanitizing HTTP headers
 - [x] Sanitizing cookies
+- [x] Sanitizing query string
 - [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
 
 ## Installation

data/lib/sentry/sanitizer/cleaner.rb

@@ -13,6 +13,7 @@ module Sentry
         @fields = config.fields || []
         @http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
         @do_cookies = config.cookies || false
+        @do_query_string = config.query_string || false
       end
 
       def call(event)
@@ -33,14 +34,17 @@ module Sentry
           event.request.data = sanitize_data(event.request.data)
           event.request.headers = sanitize_headers(event.request.headers)
           event.request.cookies = sanitize_cookies(event.request.cookies)
+          event.request.query_string = sanitize_query_string(event.request.query_string)
         when :stringified_hash
           event['request']['data'] = sanitize_data(event['request']['data'])
           event['request']['headers'] = sanitize_headers(event['request']['headers'])
           event['request']['cookies'] = sanitize_cookies(event['request']['cookies'])
+          event['request']['query_string'] = sanitize_query_string(event['request']['query_string'])
         when :symbolized_hash
           event[:request][:data] = sanitize_data(event[:request][:data])
           event[:request][:headers] = sanitize_headers(event[:request][:headers])
           event[:request][:cookies] = sanitize_cookies(event[:request][:cookies])
+          event[:request][:query_string] = sanitize_query_string(event[:request][:query_string])
         end
       end
 
@@ -53,7 +57,7 @@ module Sentry
 
       private
 
-      attr_reader :fields, :http_headers, :do_cookies
+      attr_reader :fields, :http_headers, :do_cookies, :do_query_string
 
       # Sanitize specified headers
       def sanitize_headers(headers)
@@ -76,12 +80,26 @@ module Sentry
 
       # Sanitize all cookies
       def sanitize_cookies(cookies)
-        return cookies unless cookies.is_a? Hash
         return cookies unless do_cookies
+        return cookies unless cookies.is_a? Hash
 
         cookies.transform_values { DEFAULT_MASK }
       end
 
+      def sanitize_query_string(query_string)
+        return query_string unless do_query_string
+        return query_string unless query_string.is_a? String
+
+        sanitized_array = query_string.split('&').map do |kv_pair|
+          k, v = kv_pair.split('=')
+          new_v = sanitize_string(k, v)
+
+          "#{k}=#{new_v}"
+        end
+
+        sanitized_array.join('&')
+      end
+
       def sanitize_value(value, key)
         case value
         when Hash

data/lib/sentry/sanitizer/configuration.rb

@@ -24,10 +24,10 @@ module Sentry
 
   module Sanitizer
     class Configuration
-      attr_accessor :fields, :http_headers, :cookies
+      attr_accessor :fields, :http_headers, :cookies, :query_string
 
       def configured?
-        [fields, http_headers, cookies].any? { |setting| !setting.nil? }
+        [fields, http_headers, cookies, query_string].any? { |setting| !setting.nil? }
       end
 
       def fields=(fields)
@@ -48,11 +48,19 @@ module Sentry
 
       def cookies=(cookies)
         unless [TrueClass, FalseClass].include?(cookies.class)
-          raise ArgumentError, 'sanitize_cookies must be boolean'
+          raise ArgumentError, 'cookies must be boolean'
         end
 
         @cookies = cookies
       end
+
+      def query_string=(query_string)
+        unless [TrueClass, FalseClass].include?(query_string.class)
+          raise ArgumentError, 'query_string must be boolean'
+        end
+
+        @query_string = query_string
+      end
     end
   end
 end

data/lib/sentry/sanitizer/version.rb

@@ -1,5 +1,5 @@
 module Sentry
   module Sanitizer
-    VERSION = '0.5.1'
+    VERSION = '0.6.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sentry-sanitizer
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Valentine Kiselev
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-08 00:00:00.000000000 Z
+date: 2022-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codecov
@@ -156,7 +156,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: Sanitizing middleware for sentry-ruby gem