-
-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize event data before they are sent to async job. #936
Sanitize event data before they are sent to async job. #936
Conversation
Hi guys, is there a possibility to address this issue? Your proposed solution in the readme for the async job: config.async = lambda { |event| SentryJob.perform_later(event) }
class SentryJob < ActiveJob::Base
queue_as :default
def perform(event)
Raven.send_event(event)
end
end leads to writing the sensitive informations (passwords, Authorizatino headers, tokens, etc) to the log in readable form in probably hundreds maybe even thousands of apps (according to |
@edariedl But all the processors would run twice then? |
@HazAT Thank you for the reply. You are right, processor would run twice in my proposed solution. They would run for the first time before the data will be sent to the async job and second time in the background job before the data are sent to the sentry. But it shouldn't be a problem second run is not necessary but it also does not do any harm. Active job is alway logging all of the parameters when the job is Enqueued and again when the job is started. Steps to simulate the problemI created a new rails 6.0.2 application, added sentry gem and one scaffold controller with parameters class UsersController < ApplicationController
before_action :set_user, only: [:show, :edit, :update, :destroy]
def index
@users = User.all
end
def new
@user = User.new
end
def create
@user = User.new(user_params)
raise "Something bad happend" # <------------ Exception
if @user.save
redirect_to @user, notice: 'User was successfully created.'
else
render :new
end
end
private
def set_user
@user = User.find(params[:id])
end
def user_params
params.require(:user).permit(:name, :password)
end
end SentryJob class SentryJob < ApplicationJob
def perform(event)
Raven.send_event(event)
end
end Sentry configuration: Raven.configure do |config|
environments = %w(production development)
# dns is just some random characters
config.dsn = "https://adfvuopasdnfjbasajfsfdsd:adfvuopasdnfjbasajfsfdsd@sentry.io/112576"
config.environments = environments
config.current_environment = Rails.env
config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
config.async = lambda { |event|
SentryJob.perform_later(event.to_hash)
}
config.silence_ready = true
end Filtered params initializer: # Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [:password] I started the rails server and performed the following request to the
This is ActiveJob part of the log:
ActiveJob log is super long so here is just the relevant part:
As you can see, the password is in the log in the plain text even if it definitely shouldn't be. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will merge it, thanks for your explanation!
Awesome, thanks! |
All of the error parameters should be sanitized before they are passed to the async job.
When sentry is configured to send data asynchronously, all the data passed to the async job are not sanitized. This can cause potential security problems. If you are using background job processing to send data to sentry, unsanitized parameters are send to the background job and sometimes they are logged to the application log.
Eg. ActiveJob is logging all of the data captured by sentry, currently including passwords, tokens, cookies, Authorization headers, etc.. Sanitization is done during background job processing just before data are sent to Sentry.
Changes proposed by this pull request should fix it.