Merge pull request dependabot#8219 from dependabot/fix-sentry-redaction

Fix sentry redaction issues
yeikel · Oct 17, 2023 · 96202b0 · 96202b0
2 parents 5572637 + 18e43bc
commit 96202b0
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/updater/lib/dependabot/sentry.rb b/updater/lib/dependabot/sentry.rb
@@ -8,18 +8,16 @@ class ExceptionSanitizer < Raven::Processor
   REPO = %r{[\w.\-]+/([\w.\-]+)}
   PATTERNS = {
     auth_token: /(?:authorization|bearer):? (\w+)/i,
-    repo: %r{api\.github\.com/repos/#{REPO}|github\.com/#{REPO}}
+    repo: %r{https://api\.github\.com/repos/#{REPO}|https://github\.com/#{REPO}}
   }.freeze
 
   def process(data)
     return data unless data[:exception] && data[:exception][:values]
 
     data[:exception][:values] = data[:exception][:values].map do |e|
       PATTERNS.each do |key, regex|
-        next unless (matches = e[:value].scan(regex))
-
-        matches.flatten.compact.each do |match|
-          e[:value] = e[:value].gsub(match, "[FILTERED_#{key.to_s.upcase}]")
+        e[:value] = e[:value].gsub(regex) do |match|
+          match.sub(/#{Regexp.last_match.captures.compact.first}\z/, "[FILTERED_#{key.to_s.upcase}]")
         end
       end
       e

diff --git a/updater/spec/dependabot/sentry_spec.rb b/updater/spec/dependabot/sentry_spec.rb
@@ -94,6 +94,26 @@
     end
   end
 
+  context "when docs.github.com URL included" do
+    let(:message) { "https://api.github.com/repos/org/foo/contents/bar: 404 - Not Found // See: https://docs.github.com/rest/repos/contents#get-repository-content" }
+
+    it "filters repo name from an api request" do
+      expect(sanitized_message(data)).to eq(
+        "https://api.github.com/repos/org/[FILTERED_REPO]/contents/bar: 404 - Not Found // See: https://docs.github.com/rest/repos/contents#get-repository-content"
+      )
+    end
+  end
+
+  context "when docs.github.com URL included, and repo name includes 'repo'" do
+    let(:message) { "https://api.github.com/repos/org/repo/contents/bar: 404 - Not Found // See: https://docs.github.com/rest/repos/contents#get-repository-content" }
+
+    it "filters repo name from an api request" do
+      expect(sanitized_message(data)).to eq(
+        "https://api.github.com/repos/org/[FILTERED_REPO]/contents/bar: 404 - Not Found // See: https://docs.github.com/rest/repos/contents#get-repository-content"
+      )
+    end
+  end
+
   private
 
   def sanitized_message(data)