-
Notifications
You must be signed in to change notification settings - Fork 167
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix!: Return message when sql is over the obfuscation limit (#1149)
Previously, when a SQL query with a prepended comment exceeded the obfuscation limit, the query would be truncated without obfuscation. Now, when the when the obfuscation limit is hit, a message is returned and obfuscation is not attempted.
- Loading branch information
1 parent
012b2c2
commit 8e778ba
Showing
6 changed files
with
12 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -18,17 +18,9 @@ def test_named_arg_defaults_obfuscates | |
assert_equal(expected, result) | ||
end | ||
|
||
def test_obfuscation_limit_truncates_query_after_first_match | ||
def test_obfuscation_returns_message_when_limit_is_reached | ||
sql = "SELECT * from users where users.id = 1 and users.email = '[email protected]'" | ||
expected = "SELECT * from users where users.id = ...\nSQL truncated (> 42 characters)" | ||
result = OpenTelemetry::Helpers::SqlObfuscation.obfuscate_sql(sql, obfuscation_limit: 42) | ||
|
||
assert_equal(expected, result) | ||
end | ||
|
||
def test_obfuscation_limit_truncates_when_query_not_encoded_with_utf8 | ||
sql = "SELECT * from 😄 where users.id = 1 and users.😄 = '[email protected]'" | ||
expected = "SELECT * from where users.id = ...\nSQL truncated (> 42 characters)" | ||
expected = 'SQL not obfuscated, query exceeds 42 characters' | ||
result = OpenTelemetry::Helpers::SqlObfuscation.obfuscate_sql(sql, obfuscation_limit: 42) | ||
|
||
assert_equal(expected, result) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -236,20 +236,9 @@ | |
describe 'with obfuscation_limit' do | ||
let(:config) { { db_statement: :obfuscate, obfuscation_limit: 10 } } | ||
|
||
it 'truncates SQL using config limit' do | ||
it 'returns a message when the limit is reached' do | ||
sql = "SELECT * from users where users.id = 1 and users.email = '[email protected]'" | ||
obfuscated_sql = "SELECT * from users where users.id = ...\nSQL truncated (> 10 characters)" | ||
expect do | ||
client.query(sql) | ||
end.must_raise Mysql2::Error | ||
|
||
_(span.attributes['db.statement']).must_equal obfuscated_sql | ||
end | ||
|
||
it 'handles regex non-matches' do | ||
sql = 'ALTER TABLE my_table DISABLE TRIGGER ALL;' | ||
obfuscated_sql = 'SQL truncated (> 10 characters)' | ||
|
||
obfuscated_sql = 'SQL not obfuscated, query exceeds 10 characters' | ||
expect do | ||
client.query(sql) | ||
end.must_raise Mysql2::Error | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -297,20 +297,9 @@ | |
describe 'with obfuscation_limit' do | ||
let(:config) { { db_statement: :obfuscate, obfuscation_limit: 10 } } | ||
|
||
it 'truncates SQL using config limit' do | ||
it 'returns a message when the limit is reached' do | ||
sql = "SELECT * from users where users.id = 1 and users.email = '[email protected]'" | ||
obfuscated_sql = "SELECT * from users where users.id = ...\nSQL truncated (> 10 characters)" | ||
expect do | ||
client.exec(sql) | ||
end.must_raise PG::UndefinedTable | ||
|
||
_(span.attributes['db.statement']).must_equal obfuscated_sql | ||
end | ||
|
||
it 'handles regex non-matches' do | ||
sql = 'ALTER TABLE my_table DISABLE TRIGGER ALL;' | ||
obfuscated_sql = 'SQL truncated (> 10 characters)' | ||
|
||
obfuscated_sql = 'SQL not obfuscated, query exceeds 10 characters' | ||
expect do | ||
client.exec(sql) | ||
end.must_raise PG::UndefinedTable | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -323,20 +323,9 @@ | |
describe 'with obfuscation_limit' do | ||
let(:config) { { db_statement: :obfuscate, obfuscation_limit: 10 } } | ||
|
||
it 'truncates SQL using config limit' do | ||
it 'returns a message when the limit is reached' do | ||
sql = "SELECT * from users where users.id = 1 and users.email = '[email protected]'" | ||
obfuscated_sql = "SELECT * from users where users.id = ...\nSQL truncated (> 10 characters)" | ||
expect do | ||
client.query(sql) | ||
end.must_raise Trilogy::Error | ||
|
||
_(span.attributes['db.statement']).must_equal obfuscated_sql | ||
end | ||
|
||
it 'handles regex non-matches' do | ||
sql = 'ALTER TABLE my_table DISABLE TRIGGER ALL;' | ||
obfuscated_sql = 'SQL truncated (> 10 characters)' | ||
|
||
obfuscated_sql = 'SQL not obfuscated, query exceeds 10 characters' | ||
expect do | ||
client.query(sql) | ||
end.must_raise Trilogy::Error | ||
|