def test_table_and_column_psql_quoted(self):
"""If a name contains a dot, it searches PostgreSQL quoted tables and columns."""
# PostgreSQL-style identifer quoting
# MS SQL uses [brackets], MySQL uses `backticks`
sql = 'SELECT * FROM "table" WHERE "table"."id" = 1'
crumb = {"category": "query", "message": sql}
SanitizeSQLQueryCrumb(("table.id", ))(crumb, {})
assert crumb == {"category": "query", "message": "[filtered]"}
def test_safer_queries_are_untouched(self):
"""Safer queries are passed without modification."""
message = (
'SELECT "crashstats_product"."product_name" FROM "crashstats_product"'
' WHERE "crashstats_product"."is_active" = True'
' ORDER BY "crashstats_product"."sort" ASC')
crumb = {"category": "query", "message": message}
SanitizeSQLQueryCrumb(("secret", ))(crumb, {})
assert crumb["message"] == message
def test_filtered_breadcrumbs(self):
"""The breadcrumb filter is applied to the event breadcrumbs."""
event = {
"id":
"00d47b89-4c7f-49bf-9f08-d0a65fe58b89",
"breadcrumbs": [{
"category":
"query",
"message":
"SELECT * FROM mytable WHERE secret='my_secret'",
}],
}
crumb_filter = SanitizeSQLQueryCrumb(["secret"])
SanitizeBreadcrumbs([crumb_filter])(event, {})
expected = {
"id": "00d47b89-4c7f-49bf-9f08-d0a65fe58b89",
"breadcrumbs": [{
"category": "query",
"message": "[filtered]"
}],
}
assert event == expected
def test_filtered_breadcrumbs(self):
"""The breadcrumb filter is applied to the event breadcrumbs."""
event = {
'id': '00d47b89-4c7f-49bf-9f08-d0a65fe58b89',
'breadcrumbs': [
{
'category': 'query',
'message': "SELECT * FROM mytable WHERE secret='my_secret'"
}
]
}
crumb_filter = SanitizeSQLQueryCrumb(['secret'])
SanitizeBreadcrumbs([crumb_filter])(event, {})
expected = {
'id': '00d47b89-4c7f-49bf-9f08-d0a65fe58b89',
'breadcrumbs': [
{
'category': 'query',
'message': '[filtered]'
}
]
}
assert event == expected
def test_non_queries_are_skipped(self):
"""Non-query breadcrumbs are passed without modification."""
message = "I am a secret"
crumb = {"category": "not query", "message": message}
SanitizeSQLQueryCrumb(("secret", ))(crumb, {})
assert crumb["message"] == message
def test_filtered_queries(self, keyword, sql):
"""Sensitive queries are truncated at the column name."""
crumb = {"category": "query", "message": sql}
SanitizeSQLQueryCrumb((keyword, ))(crumb, {})
assert crumb == {"category": "query", "message": "[filtered]"}
def test_table_and_column_unquoted(self):
"""If a name contains a dot, it searches for a tables and columns."""
sql = "SELECT * FROM table WHERE table.id = 1"
crumb = {"category": "query", "message": sql}
SanitizeSQLQueryCrumb(("table.id", ))(crumb, {})
assert crumb == {"category": "query", "message": "[filtered]"}
def test_non_queries_are_skipped(self):
"""Non-query breadcrumbs are passed without modification."""
message = 'I am a secret'
crumb = {'category': 'not query', 'message': message}
SanitizeSQLQueryCrumb(('secret',))(crumb, {})
assert crumb['message'] == message
def test_filtered_queries(self, keyword, sql):
"""Sensitive queries are truncated at the column name."""
crumb = {'category': 'query', 'message': sql}
SanitizeSQLQueryCrumb((keyword,))(crumb, {})
assert crumb == {'category': 'query', 'message': '[filtered]'}
def test_table_and_column_unquoted(self):
"""If a name contains a dot, it searches for a tables and columns."""
sql = 'SELECT * FROM table WHERE table.id = 1'
crumb = {'category': 'query', 'message': sql}
SanitizeSQLQueryCrumb(('table.id',))(crumb, {})
assert crumb == {'category': 'query', 'message': '[filtered]'}