Skip to content

Commit

Permalink
Redact URLs in automatic Rails breadcrumbs
Browse files Browse the repository at this point in the history
  • Loading branch information
imjoehaines committed Dec 11, 2023
1 parent bf61828 commit cb76120
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 4 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,13 @@
Changelog
=========

## TBD

### Fixes

* Redact URLs in automatic Rails breadcrumbs
| [#805](https://github.com/bugsnag/bugsnag-ruby/pull/805)

## v6.26.0 (19 July 2023)

### Enhancements
Expand Down
4 changes: 2 additions & 2 deletions features/fixtures/expected_breadcrumbs/request.json
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
"controller": "BreadcrumbsController",
"action": "handled",
"method": "GET",
"path": "/breadcrumbs/handled",
"path": "/breadcrumbs/handled?password=[FILTERED]&abc=xyz",
"event_name": "start_processing.action_controller",
"event_id": ".*"
}
}
}
2 changes: 1 addition & 1 deletion features/rails_features/breadcrumbs.feature
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Feature: Rails automatic breadcrumbs
@rails3 @rails4 @rails5 @rails6 @rails7
Scenario: Request breadcrumb
Given I start the rails service
When I navigate to the route "/breadcrumbs/handled" on the rails app
When I navigate to the route "/breadcrumbs/handled?password=secret&abc=xyz" on the rails app
And I wait to receive an error
Then the error is valid for the error reporting API version "4.0" for the "Ruby Bugsnag Notifier" notifier
And the event contains a breadcrumb matching the JSON fixture in "features/fixtures/expected_breadcrumbs/request.json"
Expand Down
9 changes: 8 additions & 1 deletion lib/bugsnag/integrations/railtie.rb
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ def event_subscription(event)
filtered_data[:event_name] = event[:id]
filtered_data[:event_id] = event_id

if event[:id] == "sql.active_record"
case event[:id]
when "sql.active_record"
if data.key?(:binds)
binds = data[:binds].each_with_object({}) { |bind, output| output[bind.name] = '?' if defined?(bind.name) }
filtered_data[:binds] = JSON.dump(binds) unless binds.empty?
Expand All @@ -36,6 +37,12 @@ def event_subscription(event)
# the connection ID is the object_id of the connection object
filtered_data[:connection_id] = data[:connection].object_id
end

when "start_processing.action_controller"
filtered_data[:path] = Bugsnag.cleaner.clean_url(data[:path]) if data.key?(:path)

when "redirect_to.action_controller"
filtered_data[:location] = Bugsnag.cleaner.clean_url(data[:location]) if data.key?(:location)
end

Bugsnag.leave_breadcrumb(
Expand Down

0 comments on commit cb76120

Please sign in to comment.