Normalize the SQL queries before sending them to Sentry

To prevent sending some sensitive information, we need to normalize the SQL queries before we send them to Sentry. To do so, we decided to use the gem called `pg_query` which compiles some parts of the PostgreSQL database to make it possible to parse SQL queries.

Normalize the SQL queries before sending them to Sentry
To prevent sending some sensitive information, we need to normalize the SQL queries before we send them to Sentry. To do so, we decided to use the gem called `pg_query` which compiles some parts of the PostgreSQL database to make it possible to parse SQL queries.
9e7b49b4 · Mehmet Emin INAC · 8fb38237 · 9e7b49b4 · 9e7b49b4 · 9e7b49b4
Commit 9e7b49b4 authored Oct 23, 2020 by Mehmet Emin INAC
Showing with 9 additions and 4 deletions

Gemfile Gemfile +3 -0

Gemfile.lock Gemfile.lock +2 -0

lib/gitlab/error_tracking.rb lib/gitlab/error_tracking.rb +1 -1

spec/lib/gitlab/error_tracking_spec.rb spec/lib/gitlab/error_tracking_spec.rb +3 -3

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -307,6 +307,9 @@ gem 'rack-attack', '~> 6.3.0'
 # Sentry integration
 gem 'sentry-raven', '~> 3.0'

+# PostgreSQL query parsing
+gem 'gitlab-pg_query', '~> 1.3', require: 'pg_query'
+
 gem 'premailer-rails', '~> 1.10.3'

 # LabKit: Tracing and Correlation

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -439,6 +439,7 @@ GEM
    gitlab-mail_room (0.0.7)
    gitlab-markup (1.7.1)
    gitlab-net-dns (0.9.1)
+    gitlab-pg_query (1.3.0)
    gitlab-puma (4.3.5.gitlab.3)
      nio4r (~> 2.0)
    gitlab-puma_worker_killer (0.1.1.gitlab.1)
@@ -1336,6 +1337,7 @@ DEPENDENCIES
  gitlab-mail_room (~> 0.0.7)
  gitlab-markup (~> 1.7.1)
  gitlab-net-dns (~> 0.9.1)
+  gitlab-pg_query (~> 1.3)
  gitlab-puma (~> 4.3.3.gitlab.2)
  gitlab-puma_worker_killer (~> 0.1.1.gitlab.1)
  gitlab-sidekiq-fetcher (= 0.5.2)

--- a/lib/gitlab/error_tracking.rb
+++ b/lib/gitlab/error_tracking.rb
@@ -153,7 +153,7 @@ module Gitlab
      def inject_sql_query_into_extra(exception, extra)
        return unless exception.is_a?(ActiveRecord::StatementInvalid)

-        extra[:sql] = exception.sql
+        extra[:sql] = PgQuery.normalize(exception.sql.to_s)
      end

      def sentry_dsn

--- a/spec/lib/gitlab/error_tracking_spec.rb
+++ b/spec/lib/gitlab/error_tracking_spec.rb
@@ -284,13 +284,13 @@ RSpec.describe Gitlab::ErrorTracking do
    end

    context 'when the error is kind of an `ActiveRecord::StatementInvalid`' do
-      let(:exception) { ActiveRecord::StatementInvalid.new(sql: :foo) }
+      let(:exception) { ActiveRecord::StatementInvalid.new(sql: 'SELECT "users".* FROM "users" WHERE "users"."id" = 1 AND "users"."foo" = $1') }

-      it 'injects the sql query into extra' do
+      it 'injects the normalized sql query into extra' do
        track_exception

        expect(Raven).to have_received(:capture_exception)
-          .with(exception, a_hash_including(extra: a_hash_including(sql: :foo)))
+          .with(exception, a_hash_including(extra: a_hash_including(sql: 'SELECT "users".* FROM "users" WHERE "users"."id" = $2 AND "users"."foo" = $1')))
      end
    end
  end