lib/raven/processor/sanitizedata.rb in sentry-raven-0.14.0 vs lib/raven/processor/sanitizedata.rb in sentry-raven-0.15.0
- old
+ new
@@ -3,10 +3,11 @@
class Processor::SanitizeData < Processor
STRING_MASK = '********'
INT_MASK = 0
DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec)
CREDIT_CARD_RE = /^(?:\d[ -]*?){13,16}$/
+ REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?)
attr_accessor :sanitize_fields, :sanitize_credit_cards
def initialize(client)
super
@@ -21,11 +22,11 @@
def sanitize(k,v)
if v.is_a?(Hash)
process(v)
elsif v.is_a?(Array)
v.map{|a| sanitize(k, a)}
- elsif k == 'query_string'
+ elsif k.to_s == 'query_string'
sanitize_query_string(v)
elsif v.is_a?(Integer) && matches_regexes?(k,v)
INT_MASK
elsif v.is_a?(String)
if fields_re.match(v.to_s) && (json = parse_json_or_nil(v))
@@ -53,10 +54,20 @@
(sanitize_credit_cards && CREDIT_CARD_RE.match(v.to_s)) ||
fields_re.match(k.to_s)
end
def fields_re
- @fields_re ||= /(#{(DEFAULT_FIELDS | sanitize_fields).join("|")})/i
+ @fields_re ||= /#{(DEFAULT_FIELDS | sanitize_fields).map do |f|
+ use_boundary?(f) ? "\\b#{f}\\b" : f
+ end.join("|")}/i
+ end
+
+ def use_boundary?(string)
+ !DEFAULT_FIELDS.include?(string) && !special_characters?(string)
+ end
+
+ def special_characters?(string)
+ REGEX_SPECIAL_CHARACTERS.select { |r| string.include?(r) }.any?
end
def parse_json_or_nil(string)
begin
OkJson.decode(string)