Merge pull request #634 from nateberkopec/fix-async-proc

nateberkopec · web-flow · commit 1d70d9cab603 · 2017-02-20T09:40:57.000-07:00
Temporarily accept string keys in processors.
diff --git a/lib/raven/processor/cookies.rb b/lib/raven/processor/cookies.rb
@@ -1,16 +1,26 @@
 module Raven
   class Processor::Cookies < Processor
     def process(data)
-      if data[:request]
-        # Remove possibly sensitive cookies
-        data[:request][:cookies] = STRING_MASK if data[:request][:cookies]
-
-        if data[:request][:headers] && data[:request][:headers]["Cookie"]
-          data[:request][:headers]["Cookie"] = STRING_MASK
-        end
-      end
+      process_if_symbol_keys(data) if data[:request]
+      process_if_string_keys(data) if data["request"]
 
       data
     end
+
+    private
+
+    def process_if_symbol_keys(data)
+      data[:request][:cookies] = STRING_MASK if data[:request][:cookies]
+
+      return unless data[:request][:headers] && data[:request][:headers]["Cookie"]
+      data[:request][:headers]["Cookie"] = STRING_MASK
+    end
+
+    def process_if_string_keys(data)
+      data["request"]["cookies"] = STRING_MASK if data["request"]["cookies"]
+
+      return unless data["request"]["headers"] && data["request"]["headers"]["Cookie"]
+      data["request"]["headers"]["Cookie"] = STRING_MASK
+    end
   end
 end
diff --git a/lib/raven/processor/http_headers.rb b/lib/raven/processor/http_headers.rb
@@ -10,17 +10,30 @@ def initialize(client)
     end
 
     def process(data)
-      if data[:request] && data[:request][:headers]
-        data[:request][:headers].keys.select { |k| fields_re.match(k.to_s) }.each do |k|
-          data[:request][:headers][k] = STRING_MASK
-        end
-      end
+      process_if_symbol_keys(data) if data[:request]
+      process_if_string_keys(data) if data["request"]
 
       data
     end
 
     private
 
+    def process_if_symbol_keys(data)
+      return unless data[:request][:headers]
+
+      data[:request][:headers].keys.select { |k| fields_re.match(k.to_s) }.each do |k|
+        data[:request][:headers][k] = STRING_MASK
+      end
+    end
+
+    def process_if_string_keys(data)
+      return unless data["request"]["headers"]
+
+      data["request"]["headers"].keys.select { |k| fields_re.match(k) }.each do |k|
+        data["request"]["headers"][k] = STRING_MASK
+      end
+    end
+
     def matches_regexes?(k)
       fields_re.match(k.to_s)
     end
diff --git a/lib/raven/processor/post_data.rb b/lib/raven/processor/post_data.rb
@@ -1,11 +1,22 @@
 module Raven
   class Processor::PostData < Processor
     def process(data)
-      if data[:request] && data[:request][:method] == "POST"
-        data[:request][:data] = STRING_MASK # Remove possibly sensitive POST data
-      end
+      process_if_symbol_keys(data) if data[:request]
+      process_if_string_keys(data) if data["request"]
 
       data
     end
+
+    private
+
+    def process_if_symbol_keys(data)
+      return unless data[:request][:method] == "POST"
+      data[:request][:data] = STRING_MASK
+    end
+
+    def process_if_string_keys(data)
+      return unless data["request"]["method"] == "POST"
+      data["request"]["data"] = STRING_MASK
+    end
   end
 end
diff --git a/lib/raven/processor/removestacktrace.rb b/lib/raven/processor/removestacktrace.rb
@@ -1,13 +1,24 @@
 module Raven
   class Processor::RemoveStacktrace < Processor
-    def process(value)
-      if value[:exception]
-        value[:exception][:values].map do |single_exception|
-          single_exception.delete(:stacktrace) if single_exception[:stacktrace]
-        end
+    def process(data)
+      process_if_symbol_keys(data) if data[:exception]
+      process_if_string_keys(data) if data["exception"]
+
+      data
+    end
+
+    private
+
+    def process_if_symbol_keys(data)
+      data[:exception][:values].map do |single_exception|
+        single_exception.delete(:stacktrace) if single_exception[:stacktrace]
       end
+    end
 
-      value
+    def process_if_string_keys(data)
+      data["exception"]["values"].map do |single_exception|
+        single_exception.delete("stacktrace") if single_exception["stacktrace"]
+      end
     end
   end
 end
diff --git a/spec/raven/processors/cookies_spec.rb b/spec/raven/processors/cookies_spec.rb
@@ -9,7 +9,7 @@
   end
 
   it 'should remove cookies' do
-    data = {
+    test_data = {
       :request => {
         :headers => {
           "Cookie" => "_sentry-testapp_session=SlRKVnNha2Z",
@@ -20,11 +20,31 @@
       }
     }
 
-    result = @processor.process(data)
+    result = @processor.process(test_data)
 
     expect(result[:request][:cookies]).to eq("********")
     expect(result[:request][:headers]["Cookie"]).to eq("********")
     expect(result[:request][:some_other_data]).to eq("still_here")
     expect(result[:request][:headers]["AnotherHeader"]).to eq("still_here")
   end
+
+  it 'should remove cookies even if keys are strings' do
+    test_data = {
+      "request" => {
+        "headers" => {
+          "Cookie" => "_sentry-testapp_session=SlRKVnNha2Z",
+          "AnotherHeader" => "still_here"
+        },
+        "cookies" => "_sentry-testapp_session=SlRKVnNha2Z",
+        "some_other_data" => "still_here"
+      }
+    }
+
+    result = @processor.process(test_data)
+
+    expect(result["request"]["cookies"]).to eq("********")
+    expect(result["request"]["headers"]["Cookie"]).to eq("********")
+    expect(result["request"]["some_other_data"]).to eq("still_here")
+    expect(result["request"]["headers"]["AnotherHeader"]).to eq("still_here")
+  end
 end
diff --git a/spec/raven/processors/http_headers_spec.rb b/spec/raven/processors/http_headers_spec.rb
@@ -38,4 +38,20 @@
     expect(result[:request][:headers]["User-Defined-Header"]).to eq("********")
     expect(result[:request][:headers]["AnotherHeader"]).to eq("still_here")
   end
+
+  it "should remove headers even if the keys are strings" do
+    data = {
+      "request" => {
+        "headers" => {
+          "Authorization" => "dontseeme",
+          "AnotherHeader" => "still_here"
+        }
+      }
+    }
+
+    result = @processor.process(data)
+
+    expect(result["request"]["headers"]["Authorization"]).to eq("********")
+    expect(result["request"]["headers"]["AnotherHeader"]).to eq("still_here")
+  end
 end
diff --git a/spec/raven/processors/post_data_spec.rb b/spec/raven/processors/post_data_spec.rb
@@ -37,4 +37,19 @@
 
     expect(result[:request][:data]).to eq("sensitive_stuff" => "TOP_SECRET-GAMMA")
   end
+
+  it 'should remove post data when HTTP method is POST and keys are strings' do
+    data = {
+      "request" => {
+        "method" => "POST",
+        "data" => {
+          "sensitive_stuff" => "TOP_SECRET-GAMMA"
+        }
+      }
+    }
+
+    result = @processor.process(data)
+
+    expect(result["request"]["data"]).to eq("********")
+  end
 end
diff --git a/spec/raven/processors/removestacktrace_spec.rb b/spec/raven/processors/removestacktrace_spec.rb
@@ -1,5 +1,6 @@
 require 'spec_helper'
 require 'raven/processor/removestacktrace'
+require 'active_support/core_ext/hash/keys'
 
 describe Raven::Processor::RemoveStacktrace do
   before do
@@ -42,4 +43,13 @@
       expect(result[:exception][:values][2][:stacktrace]).to eq(nil)
     end
   end
+
+  it 'should remove stacktraces even when keys are strings' do
+    data = Raven::Event.capture_exception(build_exception).to_hash.deep_stringify_keys
+
+    expect(data["exception"]["values"][0]["stacktrace"]).to_not eq(nil)
+    result = @processor.process(data)
+
+    expect(result["exception"]["values"][0]["stacktrace"]).to eq(nil)
+  end
 end
