From dc1fc4d1a54398194aa9a037a27b15fd5d3870d1 Mon Sep 17 00:00:00 2001
From: jway <james.way@lookout.com>
Date: Fri, 7 Nov 2014 17:30:43 -0800
Subject: [PATCH] add configurable sanitizer fields

---
 lib/raven/configuration.rb                 | 4 ++++
 lib/raven/processor.rb                     | 3 +++
 lib/raven/processor/sanitizedata.rb        | 8 +++++---
 spec/raven/configuration_spec.rb           | 4 ++++
 spec/raven/removecirculareferences_spec.rb | 1 +
 spec/raven/sanitizedata_processor_spec.rb  | 9 +++++++--
 spec/raven/utf8conversion_spec.rb          | 1 +
 7 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/lib/raven/configuration.rb b/lib/raven/configuration.rb
index 496ee0553..c5eae4485 100644
--- a/lib/raven/configuration.rb
+++ b/lib/raven/configuration.rb
@@ -83,6 +83,9 @@ class Configuration
     # Provide a configurable callback to block or send events
     attr_accessor :should_send
 
+    # additional fields to sanitize
+    attr_accessor :sanitize_fields
+
     IGNORE_DEFAULT = ['ActiveRecord::RecordNotFound',
                       'ActionController::RoutingError',
                       'ActionController::InvalidAuthenticityToken',
@@ -105,6 +108,7 @@ def initialize
       self.tags = {}
       self.async = false
       self.catch_debugged_exceptions = true
+      self.sanitize_fields = []
     end
 
     def server=(value)
diff --git a/lib/raven/processor.rb b/lib/raven/processor.rb
index 92a0fca8c..be6c9430d 100644
--- a/lib/raven/processor.rb
+++ b/lib/raven/processor.rb
@@ -2,8 +2,11 @@
 
 module Raven
   class Processor
+    attr_accessor :sanitize_fields
+
     def initialize(client)
       @client = client
+      @sanitize_fields = client.configuration.sanitize_fields
     end
 
     def process(data)
diff --git a/lib/raven/processor/sanitizedata.rb b/lib/raven/processor/sanitizedata.rb
index 10c3b6103..3d742bd78 100644
--- a/lib/raven/processor/sanitizedata.rb
+++ b/lib/raven/processor/sanitizedata.rb
@@ -2,10 +2,12 @@ module Raven
   class Processor::SanitizeData < Processor
     STRING_MASK = '********'
     INT_MASK = 0
-    FIELDS_RE = /(authorization|password|passwd|secret|ssn|social(.*)?sec)/i
+    DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec)
     VALUES_RE = /^\d{16}$/
 
     def process(value)
+      fields_re = /(#{(DEFAULT_FIELDS + @sanitize_fields).join("|")})/i
+
       value.inject(value) do |value,(k,v)|
         v = k if v.nil?
         if v.is_a?(Hash) || v.is_a?(Array)
@@ -13,9 +15,9 @@ def process(value)
         elsif v.is_a?(String) && (json = parse_json_or_nil(v))
           #if this string is actually a json obj, convert and sanitize
           value = modify_in_place(value, [k,v], process(json).to_json)
-        elsif v.is_a?(Integer) && (VALUES_RE.match(v.to_s) || FIELDS_RE.match(k.to_s))
+        elsif v.is_a?(Integer) && (VALUES_RE.match(v.to_s) || fields_re.match(k.to_s))
           value = modify_in_place(value, [k,v], INT_MASK)
-        elsif VALUES_RE.match(v.to_s) || FIELDS_RE.match(k.to_s)
+        elsif VALUES_RE.match(v.to_s) || fields_re.match(k.to_s)
           value = modify_in_place(value, [k,v], STRING_MASK)
         else
           value
diff --git a/spec/raven/configuration_spec.rb b/spec/raven/configuration_spec.rb
index a31662225..77cb7ec1d 100644
--- a/spec/raven/configuration_spec.rb
+++ b/spec/raven/configuration_spec.rb
@@ -49,6 +49,10 @@
     it 'should catch_debugged_exceptions' do
       expect(subject[:catch_debugged_exceptions]).to eq(true)
     end
+
+    it 'should have no sanitize fields' do
+      expect(subject[:sanitize_fields]).to eq([])
+    end
   end
 
   context 'being initialized with a server string' do
diff --git a/spec/raven/removecirculareferences_spec.rb b/spec/raven/removecirculareferences_spec.rb
index cbd9b7f67..b7e30a7b0 100644
--- a/spec/raven/removecirculareferences_spec.rb
+++ b/spec/raven/removecirculareferences_spec.rb
@@ -5,6 +5,7 @@
 describe Raven::Processor::RemoveCircularReferences do
   before do
     @client = double("client")
+    allow(@client).to receive_message_chain(:configuration, :sanitize_fields) { [] }
     @processor = Raven::Processor::RemoveCircularReferences.new(@client)
   end
 
diff --git a/spec/raven/sanitizedata_processor_spec.rb b/spec/raven/sanitizedata_processor_spec.rb
index b983eda0e..36da0f91d 100644
--- a/spec/raven/sanitizedata_processor_spec.rb
+++ b/spec/raven/sanitizedata_processor_spec.rb
@@ -3,6 +3,7 @@
 describe Raven::Processor::SanitizeData do
   before do
     @client = double("client")
+    allow(@client).to receive_message_chain(:configuration, :sanitize_fields) { ['user_field'] }
     @processor = Raven::Processor::SanitizeData.new(@client)
   end
 
@@ -17,7 +18,8 @@
           'mypasswd' => 'hello',
           'test' => 1,
           'ssn' => '123-45-6789',
-          'social_security_number' => 123456789
+          'social_security_number' => 123456789,
+          'user_field' => 'user'
         }
       }
     }
@@ -33,6 +35,7 @@
     expect(vars["test"]).to eq(1)
     expect(vars["ssn"]).to eq(Raven::Processor::SanitizeData::STRING_MASK)
     expect(vars["social_security_number"]).to eq(Raven::Processor::SanitizeData::INT_MASK)
+    expect(vars["user_field"]).to eq(Raven::Processor::SanitizeData::STRING_MASK)
   end
 
   it 'should filter json data' do
@@ -45,7 +48,8 @@
         'mypasswd' => 'hello',
         'test' => 1,
         'ssn' => '123-45-6789',
-        'social_security_number' => 123456789
+        'social_security_number' => 123456789,
+        'user_field' => 'user'
         }.to_json
       }
 
@@ -60,6 +64,7 @@
     expect(vars["test"]).to eq(1)
     expect(vars["ssn"]).to eq(Raven::Processor::SanitizeData::STRING_MASK)
     expect(vars["social_security_number"]).to eq(Raven::Processor::SanitizeData::INT_MASK)
+    expect(vars["user_field"]).to eq(Raven::Processor::SanitizeData::STRING_MASK)
   end
 
   it 'should filter json embedded in a ruby object' do
diff --git a/spec/raven/utf8conversion_spec.rb b/spec/raven/utf8conversion_spec.rb
index 43782d5cc..7e8348a8f 100644
--- a/spec/raven/utf8conversion_spec.rb
+++ b/spec/raven/utf8conversion_spec.rb
@@ -5,6 +5,7 @@
 describe Raven::Processor::UTF8Conversion do
   before do
     @client = double("client")
+    allow(@client).to receive_message_chain(:configuration, :sanitize_fields) { [] }
     @processor = Raven::Processor::UTF8Conversion.new(@client)
   end