Commit 4abc7fcd authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Normalize the SQL queries before sending them to Sentry

To prevent sending some sensitive information, we need to normalize the
SQL queries before we send them to Sentry. To do so, we decided to use
the gem called `pg_query` which compiles some parts of the PostgreSQL
database to make it possible to parse SQL queries.
parent 07f406d5
...@@ -307,6 +307,9 @@ gem 'rack-attack', '~> 6.3.0' ...@@ -307,6 +307,9 @@ gem 'rack-attack', '~> 6.3.0'
# Sentry integration # Sentry integration
gem 'sentry-raven', '~> 3.0' gem 'sentry-raven', '~> 3.0'
# PostgreSQL query parsing
gem 'pg_query', '~> 1.2'
gem 'premailer-rails', '~> 1.10.3' gem 'premailer-rails', '~> 1.10.3'
# LabKit: Tracing and Correlation # LabKit: Tracing and Correlation
......
...@@ -828,6 +828,7 @@ GEM ...@@ -828,6 +828,7 @@ GEM
peek (1.1.0) peek (1.1.0)
railties (>= 4.0.0) railties (>= 4.0.0)
pg (1.2.3) pg (1.2.3)
pg_query (1.2.0)
png_quantizator (0.2.1) png_quantizator (0.2.1)
po_to_json (1.0.1) po_to_json (1.0.1)
json (>= 1.6.0) json (>= 1.6.0)
...@@ -1424,6 +1425,7 @@ DEPENDENCIES ...@@ -1424,6 +1425,7 @@ DEPENDENCIES
parallel (~> 1.19) parallel (~> 1.19)
peek (~> 1.1) peek (~> 1.1)
pg (~> 1.1) pg (~> 1.1)
pg_query (~> 1.2)
png_quantizator (~> 0.2.1) png_quantizator (~> 0.2.1)
premailer-rails (~> 1.10.3) premailer-rails (~> 1.10.3)
prometheus-client-mmap (~> 0.12.0) prometheus-client-mmap (~> 0.12.0)
......
...@@ -153,7 +153,7 @@ module Gitlab ...@@ -153,7 +153,7 @@ module Gitlab
def inject_sql_query_into_extra(exception, extra) def inject_sql_query_into_extra(exception, extra)
return unless exception.is_a?(ActiveRecord::StatementInvalid) return unless exception.is_a?(ActiveRecord::StatementInvalid)
extra[:sql] = exception.sql extra[:sql] = PgQuery.normalize(exception.sql.to_s)
end end
def sentry_dsn def sentry_dsn
......
...@@ -284,13 +284,13 @@ RSpec.describe Gitlab::ErrorTracking do ...@@ -284,13 +284,13 @@ RSpec.describe Gitlab::ErrorTracking do
end end
context 'when the error is kind of an `ActiveRecord::StatementInvalid`' do context 'when the error is kind of an `ActiveRecord::StatementInvalid`' do
let(:exception) { ActiveRecord::StatementInvalid.new(sql: :foo) } let(:exception) { ActiveRecord::StatementInvalid.new(sql: 'SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."foo" = $1') }
it 'injects the sql query into extra' do it 'injects the normalized sql query into extra' do
track_exception track_exception
expect(Raven).to have_received(:capture_exception) expect(Raven).to have_received(:capture_exception)
.with(exception, a_hash_including(extra: a_hash_including(sql: :foo))) .with(exception, a_hash_including(extra: a_hash_including(sql: 'SELECT "users".* FROM "users" WHERE "users"."id" = $2 AND "users"."foo" = $1')))
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment