Sha256: 22bea2753e9d1f579ba3cf1315cda6fe9ddaa748ac6684da4e0d86cc3e70e94d

Contents?: true

Size: 1.09 KB

Versions: 6

Compression:

Stored size: 1.09 KB

Contents

# encoding: utf-8
# This file is distributed under New Relic's license terms.
# See https://github.com/newrelic/rpm/blob/master/LICENSE for complete details.

require 'erb'

module NewRelic
  module Agent
    module BrowserToken

      def self.get_token(request)
        return nil unless request

        agent_flag = request.cookies['NRAGENT']
        if agent_flag and agent_flag.instance_of? String
          s = agent_flag.split("=")
          if s.length == 2
            if s[0] == "tk" && s[1]
              sanitized = sanitize_token(s[1])
              return nil unless sanitized
              ERB::Util.h(sanitized)
            end
          end
        else
          nil
        end
      end

      # Remove any non-alphanumeric characters from the token to avoid XSS attacks.
      def self.sanitize_token(token)
        if token.match(/[^a-zA-Z0-9]/)
          ::NewRelic::Agent.logger.log_once(:warn, :invalid_browser_token,
                                           "Invalid characters found in browser token.")
          nil
        else
          token
        end
      end
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
newrelic_rpm-3.9.6.257 lib/new_relic/agent/browser_token.rb
newrelic_rpm-3.9.5.251 lib/new_relic/agent/browser_token.rb
newrelic_rpm-3.9.4.245 lib/new_relic/agent/browser_token.rb
newrelic_rpm-3.9.3.241 lib/new_relic/agent/browser_token.rb
newrelic_rpm-3.9.2.239 lib/new_relic/agent/browser_token.rb
newrelic_rpm-3.9.1.236 lib/new_relic/agent/browser_token.rb