Merge pull request #228 from getsentry/fix-issue-227

nateberkopec · nateberkopec · commit 8aede7eabb53 · 2014-11-04T14:17:20.000-05:00
Fix issue #227, where JSON arrays were blowing up SanitizeData
diff --git a/lib/raven/processor/sanitizedata.rb b/lib/raven/processor/sanitizedata.rb
@@ -6,20 +6,34 @@ class Processor::SanitizeData < Processor
     VALUES_RE = /^\d{16}$/
 
     def process(value)
-      value.merge(value) do |k, v|
-        if v.is_a?(Hash)
+      value.inject(value) do |value,(k,v)|
+        v = k if v.nil?
+        if v.is_a?(Hash) || v.is_a?(Array)
           process(v)
-        elsif v.is_a?(String) && (json_hash = parse_json_or_nil(v))
+        elsif v.is_a?(String) && (json = parse_json_or_nil(v))
           #if this string is actually a json obj, convert and sanitize
-          process(json_hash).to_json
-        elsif v.is_a?(Integer) && (VALUES_RE.match(v.to_s) || FIELDS_RE.match(k))
-          INT_MASK
-        elsif VALUES_RE.match(v.to_s) || FIELDS_RE.match(k)
-          STRING_MASK
+          value = modify_in_place(value, [k,v], process(json).to_json)
+        elsif v.is_a?(Integer) && (VALUES_RE.match(v.to_s) || FIELDS_RE.match(k.to_s))
+          value = modify_in_place(value, [k,v], INT_MASK)
+        elsif VALUES_RE.match(v.to_s) || FIELDS_RE.match(k.to_s)
+          value = modify_in_place(value, [k,v], STRING_MASK)
         else
-          v
+          value
         end
       end
+      value
+    end
+
+    private
+
+    def modify_in_place(original_parent, original_child, new_child)
+      if original_parent.is_a?(Array)
+        index = original_parent.index(original_child[0])
+        original_parent[index] = new_child
+      elsif original_parent.is_a?(Hash)
+        original_parent[original_child[0]] = new_child
+      end
+      original_parent
     end
   end
 end
diff --git a/spec/raven/sanitizedata_processor_spec.rb b/spec/raven/sanitizedata_processor_spec.rb
@@ -62,6 +62,22 @@
     expect(vars["social_security_number"]).to eq(Raven::Processor::SanitizeData::INT_MASK)
   end
 
+  it 'should filter json embedded in a ruby object' do
+    data_with_embedded_json = {
+      'data' => {
+        'json' => ['foo','bar'].to_json,
+        'json_hash' => {'foo' => 'bar'}.to_json,
+        'sensitive' => {'password' => 'secret'}.to_json
+        }
+      }
+
+    result = @processor.process(data_with_embedded_json)
+
+    expect(JSON.parse(result["data"]["json"])).to eq(['foo','bar'])
+    expect(JSON.parse(result["data"]["json_hash"])).to eq({'foo' => 'bar'})
+    expect(JSON.parse(result["data"]["sensitive"])).to eq({'password' => Raven::Processor::SanitizeData::STRING_MASK})
+  end
+
   it 'should filter credit card values' do
     data = {
       'ccnumba' => '4242424242424242',
