Skip to content

Commit

Permalink
Use allowlist to filter ActiveSupport breadcrumbs' data
Browse files Browse the repository at this point in the history 
Since the number of potentially hard-to-serialise data is growing,
we should use allowlist to filter the data.
  • Loading branch information
@st0012
st0012 committed May 30, 2023
1 parent ff2c29c commit c47788e
Showing 1 changed file with 63 additions and 7 deletions.
70 changes: 63 additions & 7 deletions sentry-rails/lib/sentry/rails/breadcrumb/active_support_logger.rb
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,76 @@
require "sentry/rails/instrument_payload_cleanup_helper"

module Sentry
module Rails
module Breadcrumb
module ActiveSupportLogger
class << self
include InstrumentPayloadCleanupHelper
ALLOWED_LIST = {
# action_controller
"write_fragment.action_controller" => %i[key],
"read_fragment.action_controller" => %i[key],
"exist_fragment?.action_controller" => %i[key],
"expire_fragment.action_controller" => %i[key],
"start_processing.action_controller" => %i[controller action params format method path],
"process_action.action_controller" => %i[controller action params format method path status view_runtime db_runtime],
"send_file.action_controller" => %i[path],
"redirect_to.action_controller" => %i[status location],
"halted_callback.action_controller" => %i[filter],
# action_dispatch
"process_middleware.action_dispatch" => %i[middleware],
# action_view
"render_template.action_view" => %i[identifier layout],
"render_partial.action_view" => %i[identifier],
"render_collection.action_view" => %i[identifier count cache_hits],
"render_layout.action_view" => %i[identifier],
# active_record
"sql.active_record" => %i[sql name statement_name cached],
"instantiation.active_record" => %i[record_count class_name],
# action_mailer
# not including to, from, or subject..etc. because of PII concern
"deliver.action_mailer" => %i[mailer date perform_deliveries],
"process.action_mailer" => %i[mailer action params],
# active_support
"cache_read.active_support" => %i[key store hit],
"cache_generate.active_support" => %i[key store],
"cache_fetch_hit.active_support" => %i[key store],
"cache_write.active_support" => %i[key store],
"cache_delete.active_support" => %i[key store],
"cache_exist?.active_support" => %i[key store],
# active_job
"enqueue_at.active_job" => %i[],
"enqueue.active_job" => %i[],
"enqueue_retry.active_job" => %i[],
"perform_start.active_job" => %i[],
"perform.active_job" => %i[],
"retry_stopped.active_job" => %i[],
"discard.active_job" => %i[],
# action_cable
"perform_action.action_cable" => %i[channel_class action],
"transmit.action_cable" => %i[channel_class],
"transmit_subscription_confirmation.action_cable" => %i[channel_class],
"transmit_subscription_rejection.action_cable" => %i[channel_class],
"broadcast.action_cable" => %i[broadcasting],
# active_storage
"service_upload.active_storage" => %i[service key checksum],
"service_streaming_download.active_storage" => %i[service key],
"service_download_chunk.active_storage" => %i[service key],
"service_download.active_storage" => %i[service key],
"service_delete.active_storage" => %i[service key],
"service_delete_prefixed.active_storage" => %i[service prefix],
"service_exist.active_storage" => %i[service key exist],
"service_url.active_storage" => %i[service key url],
"service_update_metadata.active_storage" => %i[service key],
"preview.active_storage" => %i[key],
"analyze.active_storage" => %i[analyzer],
}.freeze

class << self
def add(name, started, _finished, _unique_id, data)
# skip Rails' internal events
return if name.start_with?("!")

allowed_keys = ALLOWED_LIST[name]

if data.is_a?(Hash)
# we should only mutate the copy of the data
data = data.dup
cleanup_data(data)
data = data.slice(*allowed_keys)
end

crumb = Sentry::Breadcrumb.new(
Expand Down

0 comments on commit c47788e

Please sign in to comment.