Merge branch 'main' into feat/gh-format-action

getsentry · May 9, 2023 · 3eaea3b · 3eaea3b
2 parents 6f8e7ba + 8cb6557
commit 3eaea3b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 ### Fixes
 
 - Fix `event.origin` and `event.environment` on unhandled exceptions ([#1419](https://github.com/getsentry/sentry-dart/pull/1419))
+- Fix authority redaction ([#1424](https://github.com/getsentry/sentry-dart/pull/1424))
 
 ### Dependencies
 

diff --git a/dart/lib/src/utils/http_sanitizer.dart b/dart/lib/src/utils/http_sanitizer.dart
@@ -5,7 +5,6 @@ import 'url_details.dart';
 
 @internal
 class HttpSanitizer {
-  static final RegExp _authRegExp = RegExp("(.+://)(.*@)(.*)");
   static final List<String> _securityHeaders = [
     "X-FORWARDED-FOR",
     "AUTHORIZATION",
@@ -36,9 +35,9 @@ class HttpSanitizer {
     } else {
       try {
         final uri = Uri.parse(url);
-        final urlWithAuthRemoved = _urlWithAuthRemoved(uri._url());
+        final urlWithRedactedAuth = uri._urlWithRedactedAuth();
         return UrlDetails(
-            url: urlWithAuthRemoved.isEmpty ? null : urlWithAuthRemoved,
+            url: urlWithRedactedAuth.isEmpty ? null : urlWithRedactedAuth,
             query: uri.query.isEmpty ? null : uri.query,
             fragment: uri.fragment.isEmpty ? null : uri.fragment);
       } catch (_) {
@@ -59,29 +58,17 @@ class HttpSanitizer {
     });
     return sanitizedHeaders;
   }
-
-  static String _urlWithAuthRemoved(String url) {
-    final userInfoMatch = _authRegExp.firstMatch(url);
-    if (userInfoMatch != null && userInfoMatch.groupCount == 3) {
-      final userInfoString = userInfoMatch.group(2) ?? '';
-      final replacementString = userInfoString.contains(":")
-          ? "[Filtered]:[Filtered]@"
-          : "[Filtered]@";
-      return '${userInfoMatch.group(1) ?? ''}$replacementString${userInfoMatch.group(3) ?? ''}';
-    } else {
-      return url;
-    }
-  }
 }
 
 extension UriPath on Uri {
-  String _url() {
+  String _urlWithRedactedAuth() {
     var buffer = '';
     if (scheme.isNotEmpty) {
       buffer += '$scheme://';
     }
     if (userInfo.isNotEmpty) {
-      buffer += '$userInfo@';
+      buffer +=
+          userInfo.contains(":") ? "[Filtered]:[Filtered]@" : "[Filtered]@";
     }
     buffer += host;
     if (path.isNotEmpty) {

diff --git a/dart/test/utils/http_sanitizer_test.dart b/dart/test/utils/http_sanitizer_test.dart
@@ -170,6 +170,16 @@ void main() {
     final details = HttpSanitizer.sanitizeUrl('::Not valid URI::');
     expect(details, isNull);
   });
+
+  test('keeps email address', () {
+    final urlDetails = HttpSanitizer.sanitizeUrl(
+        "https://staging.server.com/api/v4/auth/password/reset/email@example.com");
+    expect(
+        "https://staging.server.com/api/v4/auth/password/reset/email@example.com",
+        urlDetails?.url);
+    expect(urlDetails?.query, isNull);
+    expect(urlDetails?.fragment, isNull);
+  });
 }
 
 extension StringExtension on String {