Improve raven header blacklisting

dbd9bbfd · Jacob Vosmaer · 0a5245e5 · dbd9bbfd · dbd9bbfd · dbd9bbfd
Commit dbd9bbfd authored Sep 23, 2016 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 15 deletions

internal/helper/raven.go internal/helper/raven.go +12 -4

main.go main.go +0 -11

raven.go raven.go +35 -0

No files found.
--- a/internal/helper/raven.go
+++ b/internal/helper/raven.go
@@ -3,11 +3,15 @@ package helper
 import (
 	"net/http"
 	"reflect"
-	"strings"

 	"github.com/getsentry/raven-go"
 )

+var ravenHeaderBlacklist = []string{
+	"Authorization",
+	"Private-Token",
+}
+
 func captureRavenError(r *http.Request, err error) {
 	client := raven.DefaultClient

@@ -29,9 +33,13 @@ func captureRavenError(r *http.Request, err error) {
 }

 func CleanHeadersForRaven(r *http.Request) {
-	if auth := r.Header.Get("Authorization"); auth != "" {
-		if authSplit := strings.Split(auth, " "); authSplit != nil {
-			r.Header.Set("Authorization", authSplit[0]+" [redacted]")
+	if r == nil {
+		return
+	}
+
+	for _, key := range ravenHeaderBlacklist {
+		if r.Header.Get(key) != "" {
+			r.Header.Set(key, "[redacted]")
 		}
 	}
 }
--- a/main.go
+++ b/main.go
@@ -25,8 +25,6 @@ import (
 	"time"

 	"gitlab.com/gitlab-org/gitlab-workhorse/internal/upstream"
-
-	"github.com/getsentry/raven-go"
 )

 // Current version of GitLab Workhorse
@@ -91,11 +89,6 @@ func main() {
 		}()
 	}

-	// Use a custom environment variable (not SENTRY_DSN) to prevent
-	// clashes with gitlab-rails.
-	raven.SetDSN(os.Getenv("GITLAB_WORKHORSE_SENTRY_DSN"))
-	raven.DefaultClient.SetRelease(Version)
-
 	up := wrapRaven(
 		upstream.NewUpstream(
 			backendURL,
@@ -109,7 +102,3 @@ func main() {

 	log.Fatal(http.Serve(listener, up))
 }
-
-func wrapRaven(h http.Handler) http.Handler {
-	return http.HandlerFunc(raven.RecoveryHandler(h.ServeHTTP))
-}
--- a/raven.go
+++ b/raven.go
+package main
+
+import (
+	"net/http"
+	"os"
+
+	"gitlab.com/gitlab-org/gitlab-workhorse/internal/helper"
+
+	"github.com/getsentry/raven-go"
+)
+
+func wrapRaven(h http.Handler) http.Handler {
+	// Use a custom environment variable (not SENTRY_DSN) to prevent
+	// clashes with gitlab-rails.
+	sentryDSN := os.Getenv("GITLAB_WORKHORSE_SENTRY_DSN")
+	raven.SetDSN(sentryDSN) // sentryDSN may be empty
+
+	if sentryDSN == "" {
+		return h
+	}
+
+	raven.DefaultClient.SetRelease(Version)
+
+	return http.HandlerFunc(raven.RecoveryHandler(
+		func(w http.ResponseWriter, r *http.Request) {
+			defer func() {
+				if p := recover(); p != nil {
+					helper.CleanHeadersForRaven(r)
+					panic(p)
+				}
+			}()
+
+			h.ServeHTTP(w, r)
+		}))
+}