Commit ac3d7a09 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'sh-sanitize-api-request-parameters' into 'master'

Sanitize request parameters in exceptions_json.log

Closes #202132

See merge request gitlab-org/gitlab!24625
parents 53ae8c83 727a07c5
---
title: Sanitize request parameters in exceptions_json.log
merge_request: 24625
author:
type: fixed
...@@ -97,6 +97,8 @@ module Gitlab ...@@ -97,6 +97,8 @@ module Gitlab
extra = extra.merge(data) if data.is_a?(Hash) extra = extra.merge(data) if data.is_a?(Hash)
end end
extra = sanitize_request_parameters(extra)
if sentry && Raven.configuration.server if sentry && Raven.configuration.server
Raven.capture_exception(exception, tags: default_tags, extra: extra) Raven.capture_exception(exception, tags: default_tags, extra: extra)
end end
...@@ -117,6 +119,11 @@ module Gitlab ...@@ -117,6 +119,11 @@ module Gitlab
end end
end end
def sanitize_request_parameters(parameters)
filter = ActiveSupport::ParameterFilter.new(::Rails.application.config.filter_parameters)
filter.filter(parameters)
end
def sentry_dsn def sentry_dsn
return unless Rails.env.production? || Rails.env.development? return unless Rails.env.production? || Rails.env.development?
return unless Gitlab.config.sentry.enabled return unless Gitlab.config.sentry.enabled
......
...@@ -145,6 +145,17 @@ describe Gitlab::ErrorTracking do ...@@ -145,6 +145,17 @@ describe Gitlab::ErrorTracking do
) )
end end
context 'with filterable parameters' do
let(:extra) { { test: 1, my_token: 'test' } }
it 'filters parameters' do
expect(Gitlab::ErrorTracking::Logger).to receive(:error).with(
hash_including({ 'extra.test' => 1, 'extra.my_token' => '[FILTERED]' }))
described_class.track_exception(exception, extra)
end
end
context 'the exception implements :sentry_extra_data' do context 'the exception implements :sentry_extra_data' do
let(:extra_info) { { event: 'explosion', size: :massive } } let(:extra_info) { { event: 'explosion', size: :massive } }
let(:exception) { double(message: 'bang!', sentry_extra_data: extra_info, backtrace: caller) } let(:exception) { double(message: 'bang!', sentry_extra_data: extra_info, backtrace: caller) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment