Module: Sqreen::Signals::HttpTraceRedaction

Extended by:: Kit::Loggable

Defined in:: lib/sqreen/signals/http_trace_redaction.rb

Class Method Summary collapse

.redact_trace!(trace, redactor) ⇒ Object

Class Method Details

.redact_trace!(trace, redactor) ⇒ `Object`

Parameters:

trace (Sqreen::Kit::Signals::Specialized::HttpTrace)
redactor (Sqreen::SensitiveDataRedactor)

# File 'lib/sqreen/signals/http_trace_redaction.rb', line 18

def redact_trace!(trace, redactor)
  return unless redactor
  # redact headers (keys unsafe)
  # @type [Sqreen::Kit::Signals::Context::HttpContext]
  http_context = trace.context

  all_redacted = []

  # Redact headers; save redacted values
  # headers are encoded as [key, value], not a hash, so
  # they require some transformation
  orig_headers = http_context.headers
  if orig_headers
    headers = orig_headers.map { |(k, v)| { k => v } }
    headers, redacted = redactor.redact(headers)
    http_context.headers = headers.map(&:first)
    all_redacted += redacted
  end

  # Redact params; save redacted values
  Kit::Signals::Context::HttpContext::PARAMS_ATTRS.each do |attr|
    value = http_context.public_send(attr)
    next unless value
    value, redacted = redactor.redact(value)
    all_redacted += redacted
    http_context.public_send(:"#{attr}=", value)
  end

  all_redacted = all_redacted.uniq.map(&:downcase)

  # Redact attacks and exceptions
  # XXX: no redaction for infos in attacks/exceptions except for WAF data
  # Is this the correct behavior?
  redact_attacks!(trace, redactor, all_redacted)
  redact_exceptions!(trace, redactor, all_redacted)
end

Module: Sqreen::Signals::HttpTraceRedaction

Class Method Summary collapse

Class Method Details

.redact_trace!(trace, redactor) ⇒ Object

.redact_trace!(trace, redactor) ⇒ `Object`