From 8178439bfa03521993ea6d89625c8d2caeb5b0c3 Mon Sep 17 00:00:00 2001 From: Kyrylo Silin Date: Tue, 1 Oct 2019 17:02:45 +0800 Subject: [PATCH] filters/sql: apply more aggressive grouping The number of arguments to `VALUES` or `IN` shouldn't matter. With this change our grouping is more consistent. --- CHANGELOG.md | 3 +++ lib/airbrake-ruby/filters/sql_filter.rb | 13 ++++++++----- spec/filters/sql_filter_spec.rb | 12 ++++++++---- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d8180acb..1de5fc0a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,9 @@ Airbrake Ruby Changelog ### master +* Improved grouping of some SQL queries + ([#504](https://github.com/airbrake/airbrake-ruby/pull/504)) + ### [v4.6.0][v4.6.0] (August 5, 2019) * Added the `query_stats` option that configures SQL performance diff --git a/lib/airbrake-ruby/filters/sql_filter.rb b/lib/airbrake-ruby/filters/sql_filter.rb index 675eebc9..3769d0de 100644 --- a/lib/airbrake-ruby/filters/sql_filter.rb +++ b/lib/airbrake-ruby/filters/sql_filter.rb @@ -37,29 +37,31 @@ class SqlFilter # rubocop:enable Metrics/LineLength }.freeze + POST_FILTER = /(?<=[values|in ]\().+(?=\))/i + # @return [Hash{Symbol=>Array}] a set of features that corresponds # to a certain dialect DIALECT_FEATURES = { default: ALL_FEATURES.keys, mysql: %i[ single_quotes double_quotes numeric_literals boolean_literals - hexadecimal_literals comments multi_line_comments + hexadecimal_literals comments multi_line_comments filtered_values ].freeze, postgres: %i[ single_quotes dollar_quotes uuids numeric_literals boolean_literals - comments multi_line_comments + comments multi_line_comments filtered_values ].freeze, sqlite: %i[ single_quotes numeric_literals boolean_literals hexadecimal_literals - comments multi_line_comments + comments multi_line_comments filtered_values ].freeze, oracle: %i[ single_quotes oracle_quoted_strings numeric_literals comments - multi_line_comments + multi_line_comments filtered_values ].freeze, cassandra: %i[ single_quotes uuids numeric_literals boolean_literals - hexadecimal_literals comments multi_line_comments + hexadecimal_literals comments multi_line_comments filtered_values ].freeze }.freeze @@ -96,6 +98,7 @@ def call(resource) return unless resource.respond_to?(:query) q = resource.query.gsub(@regexp, FILTERED) + q.gsub!(POST_FILTER, FILTERED) if q =~ POST_FILTER q = ERROR_MSG if UNMATCHED_PAIR[@dialect] =~ q resource.query = q end diff --git a/spec/filters/sql_filter_spec.rb b/spec/filters/sql_filter_spec.rb index 20935f71..1e311cf2 100644 --- a/spec/filters/sql_filter_spec.rb +++ b/spec/filters/sql_filter_spec.rb @@ -60,7 +60,11 @@ dialects: %i[postgres] }, { input: "INSERT INTO `X` values(\"test\",0, 1 , 2, 'test')", - output: "INSERT INTO `X` values(?,?, ? , ?, ?)", + output: "INSERT INTO `X` values(?)", + dialects: %i[mysql] + }, { + input: "INSERT INTO `X` values(\"test\",0, 1 , 2, 'test')", + output: "INSERT INTO `X` values(?)", dialects: %i[mysql] }, { input: "SELECT c11.col1, c22.col2 FROM table c11, table c22 WHERE value='nothing'", @@ -68,7 +72,7 @@ dialects: ALL_DIALECTS }, { input: "INSERT INTO X VALUES(1, 23456, 123.456, 99+100)", - output: "INSERT INTO X VALUES(?, ?, ?, ?+?)", + output: "INSERT INTO X VALUES(?)", dialects: ALL_DIALECTS }, { input: "SELECT * FROM table WHERE name=\"foo\" AND value=\"don't\"", @@ -117,7 +121,7 @@ dialects: ALL_DIALECTS }, { input: "INSERT INTO X values('', 'a''b c',0, 1 , 'd''e f''s h')", - output: "INSERT INTO X values(?, ?,?, ? , ?)", + output: "INSERT INTO X values(?)", dialects: ALL_DIALECTS }, { input: "SELECT * FROM t WHERE -- '\n bar='baz' -- '", @@ -153,7 +157,7 @@ dialects: %i[postgres] }, { input: "INSERT INTO \"foo\" (\"bar\", \"baz\", \"qux\") VALUES ($1, $2, $3) RETURNING \"id\"", - output: "INSERT INTO \"foo\" (\"bar\", \"baz\", \"qux\") VALUES ($?, $?, $?) RETURNING \"id\"", + output: "INSERT INTO \"foo\" (?) RETURNING \"id\"", dialects: %i[postgres] }, { input: "select * from foo where bar = 'some\\tthing' and baz = 10",