Skip to content

Commit

Permalink
fix: Return message when obfuscation limit hit
Browse files Browse the repository at this point in the history
When the obfusaction limit is hit, return a message stating this and
do not attempt to obfuscate
  • Loading branch information
kaylareopelle committed Sep 6, 2024
1 parent 9a4fe90 commit 74ffb88
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -62,8 +62,6 @@ module SqlObfuscation
hexadecimal_literals comments multi_line_comments]
}.freeze

PREPENDED_COMMENT_REGEX = %r{^/\*.*\*/}

PLACEHOLDER = '?'

# We use these to check whether the query contains any quote characters
Expand Down Expand Up @@ -116,8 +114,8 @@ def obfuscate_sql(sql, obfuscation_limit: 2000, adapter: :default)
# Original MySQL UTF-8 Encoding Fixes:
# https://github.com/open-telemetry/opentelemetry-ruby-contrib/pull/160
# https://github.com/open-telemetry/opentelemetry-ruby-contrib/pull/345
return "SQL truncated (> #{obfuscation_limit} characters)" if sql.size > obfuscation_limit
sql = OpenTelemetry::Common::Utilities.utf8_encode(sql, binary: true)
return truncate_statement(sql, regex, obfuscation_limit) if sql.size > obfuscation_limit

sql = sql.gsub(regex, PLACEHOLDER)
return 'Failed to obfuscate SQL query - quote characters remained after obfuscation' if CLEANUP_REGEX[adapter].match(sql)
Expand All @@ -126,18 +124,6 @@ def obfuscate_sql(sql, obfuscation_limit: 2000, adapter: :default)
rescue StandardError => e
OpenTelemetry.handle_error(message: 'Failed to obfuscate SQL', exception: e)
end

# @api private
def truncate_statement(sql, regex, limit)
sql = sql.gsub(PREPENDED_COMMENT_REGEX, PLACEHOLDER) if sql.match?(PREPENDED_COMMENT_REGEX)

first_match_index = sql.index(regex)
truncation_message = "SQL truncated (> #{limit} characters)"
return truncation_message unless first_match_index

truncated_sql = sql[..first_match_index - 1]
"#{truncated_sql}...\n#{truncation_message}"
end
end
end
end
12 changes: 6 additions & 6 deletions helpers/sql-obfuscation/test/helpers/sql_obfuscation_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,26 +18,26 @@ def test_named_arg_defaults_obfuscates
assert_equal(expected, result)
end

def test_obfuscation_limit_truncates_query_after_first_match
def test_obfuscation_limit_returns_truncation_message
sql = "SELECT * from users where users.id = 1 and users.email = 'test@test.com'"
expected = "SELECT * from users where users.id = ...\nSQL truncated (> 42 characters)"
expected = "SQL truncated (> 42 characters)"
result = OpenTelemetry::Helpers::SqlObfuscation.obfuscate_sql(sql, obfuscation_limit: 42)

assert_equal(expected, result)
end

def test_obfuscation_limit_obfuscates_and_truncates_when_query_has_prepended_comment
def test_obfuscation_limit_returns_truncation_message_when_query_has_prepended_comment
comment = '/*service.name:foo,deployment.environtment:production,tracecontext:00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-00,rails.route:examples/bars#index,host.name:baz-abc123.example.com*/'
sql = "#{comment} SELECT user.id FROM users where user.login = 'secretUserNameThatShouldBeObfuscated'"
expected = "? SELECT user.id FROM users where user.login = ...\nSQL truncated (> 42 characters)"
expected = "SQL truncated (> 42 characters)"
result = OpenTelemetry::Helpers::SqlObfuscation.obfuscate_sql(sql, obfuscation_limit: 42)

assert_equal(expected, result)
end

def test_obfuscation_limit_truncates_when_query_not_encoded_with_utf8
def test_obfuscation_limit_returns_truncation_message_when_not_utf8
sql = "SELECT * from 😄 where users.id = 1 and users.😄 = 'test@test.com'"
expected = "SELECT * from where users.id = ...\nSQL truncated (> 42 characters)"
expected = "SQL truncated (> 42 characters)"
result = OpenTelemetry::Helpers::SqlObfuscation.obfuscate_sql(sql, obfuscation_limit: 42)

assert_equal(expected, result)
Expand Down

0 comments on commit 74ffb88

Please sign in to comment.