From 8f00dbc2be611e561cda42883f30c2fe6dba2a20 Mon Sep 17 00:00:00 2001 From: Daniel Morell Date: Fri, 17 Jan 2025 11:34:14 -0600 Subject: [PATCH] Fixed #344 not checking `include_request_body` setting for various frameworks. --- rollbar/__init__.py | 63 ++++++++++++++------------ rollbar/test/flask_tests/test_flask.py | 19 ++++++++ rollbar/test/test_rollbar.py | 15 ++++++ 3 files changed, 68 insertions(+), 29 deletions(-) diff --git a/rollbar/__init__.py b/rollbar/__init__.py index 2a3a62d7..1f3c0781 100644 --- a/rollbar/__init__.py +++ b/rollbar/__init__.py @@ -1264,11 +1264,12 @@ def _build_werkzeug_request_data(request): 'files_keys': list(request.files.keys()), } - try: - if request.json: - request_data['body'] = request.json - except Exception: - pass + if SETTINGS['include_request_body']: + try: + if request.json: + request_data['body'] = request.json + except Exception: + pass return request_data @@ -1296,13 +1297,15 @@ def _build_bottle_request_data(request): 'GET': dict(request.query) } - if request.json: - try: - request_data['body'] = request.body.getvalue() - except: - pass - else: - request_data['POST'] = dict(request.forms) + + if SETTINGS['include_request_body']: + if request.json: + try: + request_data['body'] = request.body.getvalue() + except: + pass + else: + request_data['POST'] = dict(request.forms) return request_data @@ -1316,13 +1319,14 @@ def _build_sanic_request_data(request): 'GET': dict(request.args) } - if request.json: - try: - request_data['body'] = request.json - except: - pass - else: - request_data['POST'] = request.form + if SETTINGS['include_request_body']: + if request.json: + try: + request_data['body'] = request.json + except: + pass + else: + request_data['POST'] = request.form return request_data @@ -1353,16 +1357,17 @@ def _build_wsgi_request_data(request): request_data['headers'] = _extract_wsgi_headers(request.items()) - try: - length = int(request.get('CONTENT_LENGTH', 0)) - except ValueError: - length = 0 - input = request.get('wsgi.input') - if length and input and hasattr(input, 'seek') and hasattr(input, 'tell'): - pos = input.tell() - input.seek(0, 0) - request_data['body'] = input.read(length) - input.seek(pos, 0) + if SETTINGS['include_request_body']: + try: + length = int(request.get('CONTENT_LENGTH', 0)) + except ValueError: + length = 0 + input = request.get('wsgi.input') + if length and input and hasattr(input, 'seek') and hasattr(input, 'tell'): + pos = input.tell() + input.seek(0, 0) + request_data['body'] = input.read(length) + input.seek(pos, 0) return request_data diff --git a/rollbar/test/flask_tests/test_flask.py b/rollbar/test/flask_tests/test_flask.py index b97227bb..43874bc8 100644 --- a/rollbar/test/flask_tests/test_flask.py +++ b/rollbar/test/flask_tests/test_flask.py @@ -82,6 +82,7 @@ def assertStringEqual(self, left, right): @mock.patch('rollbar.send_payload') def test_uncaught(self, send_payload): + rollbar.SETTINGS['include_request_body'] = True resp = self.client.get('/cause_error?foo=bar', headers={'X-Real-Ip': '1.2.3.4', 'User-Agent': 'Flask Test'}) self.assertEqual(resp.status_code, 500) @@ -115,6 +116,7 @@ def test_uncaught(self, send_payload): @mock.patch('rollbar.send_payload') def test_uncaught_json_request(self, send_payload): + rollbar.SETTINGS['include_request_body'] = True json_body = {"hello": "world"} json_body_str = json.dumps(json_body) resp = self.client.post('/cause_error', data=json_body_str, @@ -178,3 +180,20 @@ def test_uncaught_no_username_no_email(self, send_payload): rollbar.SETTINGS['capture_email'] = True rollbar.SETTINGS['capture_username'] = True + + @mock.patch('rollbar.send_payload') + def test_uncaught_no_body(self, send_payload): + rollbar.SETTINGS['include_request_body'] = False + + resp = self.client.get('/cause_error?foo=bar', + headers={'X-Real-Ip': '1.2.3.4', 'User-Agent': 'Flask Test'}) + self.assertEqual(resp.status_code, 500) + + self.assertEqual(send_payload.called, True) + payload = send_payload.call_args[0][0] + data = payload['data'] + + self.assertIn('request', data) + self.assertNotIn('body', data['request']) + + rollbar.SETTINGS['include_request_body'] = True diff --git a/rollbar/test/test_rollbar.py b/rollbar/test/test_rollbar.py index 29daf3d1..51e2a617 100644 --- a/rollbar/test/test_rollbar.py +++ b/rollbar/test/test_rollbar.py @@ -86,6 +86,7 @@ def test_server_data(self): self.assertEqual(server_data['root'], '/home/test/') def test_wsgi_request_data(self): + rollbar.SETTINGS['include_request_body'] = True request = { 'CONTENT_LENGTH': str(len('body body body')), 'CONTENT_TYPE': '', @@ -118,6 +119,20 @@ def test_wsgi_request_data(self): self.assertDictEqual(data['GET'], {'format': 'json', 'param1': 'value1', 'param2': 'value2'}) self.assertDictEqual(data['headers'], {'Connection': 'close', 'Host': 'example.com', 'User-Agent': 'Agent'}) + def test_wsgi_request_data_no_body(self): + rollbar.SETTINGS['include_request_body'] = False + request = { + 'CONTENT_LENGTH': str(len('body body body')), + 'REMOTE_ADDR': '127.0.0.1', + 'SERVER_NAME': 'example.com', + 'SERVER_PORT': '80', + 'wsgi.input': StringIO('body body body'), + 'wsgi.url_scheme': 'http', + } + data = rollbar._build_wsgi_request_data(request) + self.assertNotIn('body', data) + rollbar.SETTINGS['include_request_body'] = True + def test_starlette_request_data(self): try: from starlette.requests import Request