Module: Gitlab::ErrorTracking::Processor::SanitizerProcessor
- Defined in:
- lib/gitlab/error_tracking/processor/sanitizer_processor.rb
Constant Summary collapse
- SANITIZED_HTTP_HEADERS =
%w[Authorization Private-Token Job-Token].freeze
- SANITIZED_ATTRIBUTES =
%i[user contexts extra tags].freeze
Class Method Summary collapse
-
.call(event) ⇒ Object
This processor removes sensitive fields or headers from the event before sending.
Class Method Details
.call(event) ⇒ Object
This processor removes sensitive fields or headers from the event before sending. Sentry versions above 4.0 don’t support sanitized_fields and sanitized_http_headers anymore. The official document recommends using before_send instead.
For more information, please visit: docs.sentry.io/platforms/ruby/guides/rails/configuration/filtering/#using-beforesend
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/gitlab/error_tracking/processor/sanitizer_processor.rb', line 17 def self.call(event) # Raven::Event instances don't need this processing. return event unless event.is_a?(Sentry::Event) if event.request.present? event.request. = {} event.request.data = {} end if event.request.present? && event.request.headers.is_a?(Hash) header_filter = ActiveSupport::ParameterFilter.new(SANITIZED_HTTP_HEADERS) event.request.headers = header_filter.filter(event.request.headers) end attribute_filter = ActiveSupport::ParameterFilter.new(Rails.application.config.filter_parameters) SANITIZED_ATTRIBUTES.each do |attribute| event.send("#{attribute}=", attribute_filter.filter(event.send(attribute))) # rubocop:disable GitlabSecurity/PublicSend end if event.request.present? && event.request.query_string.present? query = Rack::Utils.parse_nested_query(event.request.query_string) query = attribute_filter.filter(query) query = Rack::Utils.build_nested_query(query) event.request.query_string = query end event end |