feature: Add query_string config to filter query string

README.md

@@ -12,6 +12,7 @@ Currently this gem provides following features
 - [x] Sanitizing POST params
 - [x] Sanitizing HTTP headers
 - [x] Sanitizing cookies
+- [x] Sanitizing query string
 - [x] Sanitizing extras ([see](https://docs.sentry.io/platforms/ruby/enriching-events/context/#additional-data) `Sentry.set_extras`)
 
 ## Installation

lib/sentry/sanitizer/cleaner.rb

@@ -13,6 +13,7 @@ def initialize(config)
         @fields = config.fields || []
         @http_headers = config.http_headers || DEFAULT_SENSITIVE_HEADERS
         @do_cookies = config.cookies || false
+        @do_query_string = config.query_string || false
       end
 
       def call(event)
@@ -33,14 +34,17 @@ def sanitize_request(event, type)
           event.request.data = sanitize_data(event.request.data)
           event.request.headers = sanitize_headers(event.request.headers)
           event.request.cookies = sanitize_cookies(event.request.cookies)
+          event.request.query_string = sanitize_query_string(event.request.query_string)
         when :stringified_hash
           event['request']['data'] = sanitize_data(event['request']['data'])
           event['request']['headers'] = sanitize_headers(event['request']['headers'])
           event['request']['cookies'] = sanitize_cookies(event['request']['cookies'])
+          event['request']['query_string'] = sanitize_query_string(event['request']['query_string'])
         when :symbolized_hash
           event[:request][:data] = sanitize_data(event[:request][:data])
           event[:request][:headers] = sanitize_headers(event[:request][:headers])
           event[:request][:cookies] = sanitize_cookies(event[:request][:cookies])
+          event[:request][:query_string] = sanitize_query_string(event[:request][:query_string])
         end
       end
 
@@ -53,7 +57,7 @@ def sanitize_data(hash)
 
       private
 
-      attr_reader :fields, :http_headers, :do_cookies
+      attr_reader :fields, :http_headers, :do_cookies, :do_query_string
 
       # Sanitize specified headers
       def sanitize_headers(headers)
@@ -76,12 +80,26 @@ def sanitize_headers(headers)
 
       # Sanitize all cookies
       def sanitize_cookies(cookies)
-        return cookies unless cookies.is_a? Hash
         return cookies unless do_cookies
+        return cookies unless cookies.is_a? Hash
 
         cookies.transform_values { DEFAULT_MASK }
       end
 
+      def sanitize_query_string(query_string)
+        return query_string unless do_query_string
+        return query_string unless query_string.is_a? String
+
+        sanitized_array = query_string.split('&').map do |kv_pair|
+          k, v = kv_pair.split('=')
+          new_v = sanitize_string(k, v)
+
+          "#{k}=#{new_v}"
+        end
+
+        sanitized_array.join('&')
+      end
+
       def sanitize_value(value, key)
         case value
         when Hash

lib/sentry/sanitizer/configuration.rb

@@ -24,10 +24,10 @@ class Configuration
 
   module Sanitizer
     class Configuration
-      attr_accessor :fields, :http_headers, :cookies
+      attr_accessor :fields, :http_headers, :cookies, :query_string
 
       def configured?
-        [fields, http_headers, cookies].any? { |setting| !setting.nil? }
+        [fields, http_headers, cookies, query_string].any? { |setting| !setting.nil? }
       end
 
       def fields=(fields)
@@ -48,11 +48,19 @@ def http_headers=(headers)
 
       def cookies=(cookies)
         unless [TrueClass, FalseClass].include?(cookies.class)
-          raise ArgumentError, 'sanitize_cookies must be boolean'
+          raise ArgumentError, 'cookies must be boolean'
         end
 
         @cookies = cookies
       end
+
+      def query_string=(query_string)
+        unless [TrueClass, FalseClass].include?(query_string.class)
+          raise ArgumentError, 'query_string must be boolean'
+        end
+
+        @query_string = query_string
+      end
     end
   end
 end

lib/sentry/sanitizer/version.rb

@@ -1,5 +1,5 @@
 module Sentry
   module Sanitizer
-    VERSION = '0.5.1'
+    VERSION = '0.6.0'
   end
 end