diff options
author | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2018-09-21 10:35:49 +0300 |
---|---|---|
committer | Zeger-Jan van de Weg <zegerjan@gitlab.com> | 2018-09-21 10:35:49 +0300 |
commit | 26c80352bd885bc948c48f1f1eb5c86577132fd8 (patch) | |
tree | fb9189fa20c409010a45aff130ab99c9f75b66c4 | |
parent | 406f42381126ad7721fb0653734b049311acf8b6 (diff) | |
parent | e70287aca57cafc28d9d38ab363019b046dc51f7 (diff) |
Merge branch 'zj-patch-0-111' into '0-111-stable'
Sanitize sentry events' logentry messages
See merge request gitlab/gitaly!8
-rw-r--r-- | changelogs/unreleased/sanitizing-v2.yml | 5 | ||||
-rw-r--r-- | ruby/lib/gitaly_server/sentry.rb | 8 | ||||
-rw-r--r-- | ruby/spec/lib/gitaly_server/sentry/url_sanitizer_spec.rb | 1 |
3 files changed, 14 insertions, 0 deletions
diff --git a/changelogs/unreleased/sanitizing-v2.yml b/changelogs/unreleased/sanitizing-v2.yml new file mode 100644 index 000000000..8d43717c6 --- /dev/null +++ b/changelogs/unreleased/sanitizing-v2.yml @@ -0,0 +1,5 @@ +--- +title: "Sanitize sentry events' logentry messages" +merge_request: +author: +type: security diff --git a/ruby/lib/gitaly_server/sentry.rb b/ruby/lib/gitaly_server/sentry.rb index 4367f7f0f..bd1d8e6b0 100644 --- a/ruby/lib/gitaly_server/sentry.rb +++ b/ruby/lib/gitaly_server/sentry.rb @@ -15,12 +15,20 @@ class GitalyServer::Sentry::URLSanitizer < Raven::Processor sanitize_message(data) sanitize_fingerprint(data) sanitize_exceptions(data) + sanitize_logentry(data) data end private + def sanitize_logentry(data) + logentry = data[:logentry] + return unless logentry.is_a?(Hash) + + logentry[:message] = sanitize_url(logentry[:message]) + end + def sanitize_fingerprint(data) fingerprint = data[:fingerprint] return unless fingerprint.is_a?(Array) diff --git a/ruby/spec/lib/gitaly_server/sentry/url_sanitizer_spec.rb b/ruby/spec/lib/gitaly_server/sentry/url_sanitizer_spec.rb index 8d3d12427..2363bba9d 100644 --- a/ruby/spec/lib/gitaly_server/sentry/url_sanitizer_spec.rb +++ b/ruby/spec/lib/gitaly_server/sentry/url_sanitizer_spec.rb @@ -30,6 +30,7 @@ describe GitalyServer::Sentry::URLSanitizer do data = JSON.parse(last_sentry_event[1]) expect(data['message']).to eq("StandardError: #{ex_sanitized_message}") + expect(data['logentry']['message']).to eq("StandardError: #{ex_sanitized_message}") expect(data['fingerprint'].last).to eq(ex_sanitized_message) expect(data['exception']['values'][0]['value']).to eq(ex_sanitized_message) end |