From 17e6957046d41a50e401d5cd70e56b0fa2cb0f95 Mon Sep 17 00:00:00 2001
From: Brian Palmer <brianp@instructure.com>
Date: Thu, 7 May 2015 12:42:06 -0600
Subject: [PATCH] config to allow disabling credit card number sanitization

This allows for still using SanitizeData, while disabling this specific value
sanitizer, which is broad enough to capture any other 13-16 digit numbers as well.
---
 lib/raven/configuration.rb                       |  4 ++++
 lib/raven/processor/sanitizedata.rb              |  7 ++++---
 .../processors/sanitizedata_processor_spec.rb    | 16 ++++++++++++++++
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/lib/raven/configuration.rb b/lib/raven/configuration.rb
index 93dc9bae4..aee2e7863 100644
--- a/lib/raven/configuration.rb
+++ b/lib/raven/configuration.rb
@@ -95,6 +95,9 @@ class Configuration
     # additional fields to sanitize
     attr_accessor :sanitize_fields
 
+    # Sanitize values that look like credit card numbers
+    attr_accessor :sanitize_credit_cards
+
     IGNORE_DEFAULT = ['ActiveRecord::RecordNotFound',
                       'ActionController::RoutingError',
                       'ActionController::InvalidAuthenticityToken',
@@ -119,6 +122,7 @@ def initialize
       self.async = false
       self.catch_debugged_exceptions = true
       self.sanitize_fields = []
+      self.sanitize_credit_cards = true
       self.environments = []
     end
 
diff --git a/lib/raven/processor/sanitizedata.rb b/lib/raven/processor/sanitizedata.rb
index 0b219e793..a0d14f2a2 100644
--- a/lib/raven/processor/sanitizedata.rb
+++ b/lib/raven/processor/sanitizedata.rb
@@ -6,11 +6,12 @@ class Processor::SanitizeData < Processor
     DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec)
     CREDIT_CARD_RE = /^(?:\d[ -]*?){13,16}$/
 
-    attr_accessor :sanitize_fields
+    attr_accessor :sanitize_fields, :sanitize_credit_cards
 
     def initialize(client)
       super
       self.sanitize_fields = client.configuration.sanitize_fields
+      self.sanitize_credit_cards = client.configuration.sanitize_credit_cards
     end
 
     def process(value)
@@ -49,7 +50,8 @@ def sanitize_query_string(query_string)
     end
 
     def matches_regexes?(k, v)
-      CREDIT_CARD_RE.match(v.to_s) || fields_re.match(k.to_s)
+      (sanitize_credit_cards && CREDIT_CARD_RE.match(v.to_s)) ||
+        fields_re.match(k.to_s)
     end
 
     def fields_re
@@ -65,4 +67,3 @@ def parse_json_or_nil(string)
     end
   end
 end
-
diff --git a/spec/raven/processors/sanitizedata_processor_spec.rb b/spec/raven/processors/sanitizedata_processor_spec.rb
index 4f5782e8d..1c4a135f5 100644
--- a/spec/raven/processors/sanitizedata_processor_spec.rb
+++ b/spec/raven/processors/sanitizedata_processor_spec.rb
@@ -4,6 +4,7 @@
   before do
     @client = double("client")
     allow(@client).to receive_message_chain(:configuration, :sanitize_fields) { ['user_field'] }
+    allow(@client).to receive_message_chain(:configuration, :sanitize_credit_cards) { true }
     @processor = Raven::Processor::SanitizeData.new(@client)
   end
 
@@ -109,6 +110,21 @@
     expect(result["ccnumba_int"]).to eq(Raven::Processor::SanitizeData::INT_MASK)
   end
 
+  it 'should pass through credit card values if configured' do
+    @processor.sanitize_credit_cards = false
+    data = {
+      'ccnumba' => '4242424242424242',
+      'ccnumba_13' => '4242424242424',
+      'ccnumba-dash' => '4242-4242-4242-4242',
+      'ccnumba_int' => 4242424242424242,
+    }
+
+    result = @processor.process(data)
+    expect(result["ccnumba"]).to eq('4242424242424242')
+    expect(result["ccnumba_13"]).to eq('4242424242424')
+    expect(result["ccnumba_int"]).to eq(4242424242424242)
+  end
+
   it 'sanitizes hashes nested in arrays' do
     data = {
       "empty_array"=> [],