class Airbrake::Filters::SqlFilter

SqlFilter filters out sensitive data from {Airbrake::Query}. Sensitive data is everything that is not table names or fields (e.g. column values and such).

Supports the following SQL dialects:

@api private @since v3.2.0

Constants

ALL_FEATURES

@return [Hash{Symbol=>Regexp}] matchers for certain features of SQL

DIALECT_FEATURES

@return [Hash{Symbol=>Array<Symbol>}] a set of features that corresponds

to a certain dialect
ERROR_MSG

@return [String] the string that will replace the query in case we

cannot filter it
FILTERED

@return [String] the label to replace real values of filtered query

IGNORED_QUERIES

@return [Array<Regexp>] the list of queries to be ignored

POST_FILTER

@return [Regexp] the regexp that is applied after the feature regexps

were used
UNMATCHED_PAIR

@return [Hash{Symbol=>Regexp}] a set of regexps to check for unmatches

quotes after filtering (should be none)

Public Class Methods

new(dialect) click to toggle source
# File lib/airbrake-ruby/filters/sql_filter.rb, line 95
def initialize(dialect)
  @dialect =
    case dialect
    when /mysql/i then :mysql
    when /postgres/i then :postgres
    when /sqlite/i then :sqlite
    when /oracle/i then :oracle
    when /cassandra/i then :cassandra
    else
      :default
    end

  features = DIALECT_FEATURES[@dialect].map { |f| ALL_FEATURES[f] }
  @regexp = Regexp.union(features)
end

Public Instance Methods

call(resource) click to toggle source

@param [Airbrake::Query] resource

# File lib/airbrake-ruby/filters/sql_filter.rb, line 112
def call(resource)
  return unless resource.respond_to?(:query)

  query = resource.query
  if IGNORED_QUERIES.any? { |q| q =~ query }
    resource.ignore!
    return
  end

  q = query.gsub(@regexp, FILTERED)
  q.gsub!(POST_FILTER, FILTERED) if q =~ POST_FILTER
  q = ERROR_MSG if UNMATCHED_PAIR[@dialect] =~ q
  resource.query = q
end