-
-
Save dylanwh/02d97f51c4a11d9fc4920e8493ce0d5f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
my $user_data = undef; | |
eval { | |
my $user = Bugzilla->user; | |
if ($user->id) { | |
$user_data = { | |
id => $user->login, | |
name => $user->name, | |
}; | |
} | |
}; | |
my $uri = URI->new(Bugzilla->cgi->self_url); | |
$uri->query(undef); | |
# sanitise | |
# sanitise these query-string params | |
# names are checked as-is as well as prefixed by BUGZILLA_ | |
my @sanitise_params = qw( PASSWORD TOKEN API_KEY ); | |
# remove these ENV vars | |
my @sanitise_vars = qw( HTTP_COOKIE HTTP_X_BUGZILLA_PASSWORD HTTP_X_BUGZILLA_API_KEY HTTP_X_BUGZILLA_TOKEN ); | |
foreach my $var (qw( QUERY_STRING REDIRECT_QUERY_STRING )) { | |
next unless exists $ENV{$var}; | |
my @pairs = split('&', $ENV{$var}); | |
foreach my $pair (@pairs) { | |
next unless $pair =~ /^([^=]+)=(.+)$/; | |
my ($param, $value) = ($1, $2); | |
if (any { uc($param) eq $_ || uc($param) eq "BUGZILLA_$_" } @sanitise_params) { | |
$value = '*'; | |
} | |
$pair = $param . '=' . $value; | |
} | |
$ENV{$var} = join('&', @pairs); | |
} | |
foreach my $var (qw( REQUEST_URI HTTP_REFERER )) { | |
next unless exists $ENV{$var}; | |
my $uri = URI->new($ENV{$var}); | |
foreach my $param ($uri->query_param) { | |
if (any { uc($param) eq $_ || uc($param) eq "BUGZILLA_$_" } @sanitise_params) { | |
$uri->query_param($param, '*'); | |
} | |
} | |
$ENV{$var} = $uri->as_string; | |
} | |
foreach my $var (@sanitise_vars) { | |
delete $ENV{$var}; | |
} | |
my $now = DateTime->now(); | |
my $data = { | |
event_id => $id, | |
message => $message, | |
timestamp => $now->iso8601(), | |
level => $level, | |
platform => 'Other', | |
logger => $logger, | |
server_name => hostname(), | |
'sentry.interfaces.User' => $user_data, | |
'sentry.interfaces.Http' => { | |
url => $uri->as_string, | |
method => $ENV{REQUEST_METHOD}, | |
query_string => $ENV{QUERY_STRING}, | |
env => \%ENV, | |
}, | |
extra => { | |
stacktrace => $traceback, | |
}, | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment