summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb')
-rw-r--r--spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb114
1 files changed, 114 insertions, 0 deletions
diff --git a/spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb b/spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb
new file mode 100644
index 00000000000..9673bfc5cd3
--- /dev/null
+++ b/spec/lib/gitlab/error_tracking/processor/sanitizer_processor_spec.rb
@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::ErrorTracking::Processor::SanitizerProcessor, :sentry do
+ describe '.call' do
+ let(:event) { Sentry.get_current_client.event_from_exception(exception) }
+ let(:result_hash) { described_class.call(event).to_hash }
+
+ before do
+ data.each do |key, value|
+ event.send("#{key}=", value)
+ end
+ end
+
+ after do
+ Sentry.get_current_scope.clear
+ end
+
+ context 'when event attributes contains sensitive information' do
+ let(:exception) { RuntimeError.new }
+ let(:data) do
+ {
+ contexts: {
+ jwt: 'abcdef',
+ controller: 'GraphController#execute'
+ },
+ tags: {
+ variables: %w[some sensitive information'],
+ deep_hash: {
+ sharedSecret: 'secret123'
+ }
+ },
+ user: {
+ email: 'a@a.com',
+ password: 'nobodyknows'
+ },
+ extra: {
+ issue_url: 'http://gitlab.com/gitlab-org/gitlab-foss/-/issues/1',
+ my_token: '[FILTERED]',
+ another_token: '[FILTERED]'
+ }
+ }
+ end
+
+ it 'filters sensitive attributes' do
+ expect_next_instance_of(ActiveSupport::ParameterFilter) do |instance|
+ expect(instance).to receive(:filter).exactly(4).times.and_call_original
+ end
+
+ expect(result_hash).to include(
+ contexts: {
+ jwt: '[FILTERED]',
+ controller: 'GraphController#execute'
+ },
+ tags: {
+ variables: '[FILTERED]',
+ deep_hash: {
+ sharedSecret: '[FILTERED]'
+ }
+ },
+ user: {
+ email: 'a@a.com',
+ password: '[FILTERED]'
+ },
+ extra: {
+ issue_url: 'http://gitlab.com/gitlab-org/gitlab-foss/-/issues/1',
+ my_token: '[FILTERED]',
+ another_token: '[FILTERED]'
+ }
+ )
+ end
+ end
+
+ context 'when request contains sensitive information' do
+ let(:exception) { RuntimeError.new }
+ let(:data) { {} }
+
+ before do
+ event.rack_env = {
+ 'HTTP_AUTHORIZATION' => 'Bearer 123456',
+ 'HTTP_PRIVATE_TOKEN' => 'abcdef',
+ 'HTTP_JOB_TOKEN' => 'secret123',
+ 'HTTP_GITLAB_WORKHORSE_PROXY_START' => 123456,
+ 'HTTP_COOKIE' => 'yummy_cookie=choco; tasty_cookie=strawberry',
+ 'QUERY_STRING' => 'token=secret&access_token=secret&job_token=secret&private_token=secret',
+ 'Content-Type' => 'application/json',
+ 'rack.input' => StringIO.new('{"name":"new_project", "some_token":"value"}')
+ }
+ end
+
+ it 'filters sensitive headers' do
+ expect(result_hash[:request][:headers]).to include(
+ 'Authorization' => '[FILTERED]',
+ 'Private-Token' => '[FILTERED]',
+ 'Job-Token' => '[FILTERED]',
+ 'Gitlab-Workhorse-Proxy-Start' => '123456'
+ )
+ end
+
+ it 'filters query string parameters' do
+ expect(result_hash[:request][:query_string]).not_to include('secret')
+ end
+
+ it 'removes cookies' do
+ expect(result_hash[:request][:cookies]).to be_empty
+ end
+
+ it 'removes data' do
+ expect(result_hash[:request][:data]).to be_empty
+ end
+ end
+ end
+end
View Lorry Controller Status