From 60a35e4230404b84d4aee8015fb7821b0b194277 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alejandro=20Rodr=C3=ADguez?= <alejorro70@gmail.com>
Date: Mon, 2 Oct 2017 21:52:19 -0300
Subject: Send API parameters as extra data for sentry errors

---
 spec/requests/api/helpers_spec.rb | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

(limited to 'spec/requests/api')

diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index 060c8902471..862920ad7c3 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -1,4 +1,6 @@
 require 'spec_helper'
+require 'raven/transports/dummy'
+require_relative '../../../config/initializers/sentry'
 
 describe API::Helpers do
   include API::APIGuard::HelperMethods
@@ -476,7 +478,7 @@ describe API::Helpers do
       allow(exception).to receive(:backtrace).and_return(caller)
 
       expect_any_instance_of(self.class).to receive(:sentry_context)
-      expect(Raven).to receive(:capture_exception).with(exception)
+      expect(Raven).to receive(:capture_exception).with(exception, extra: {})
 
       handle_api_exception(exception)
     end
@@ -501,6 +503,30 @@ describe API::Helpers do
         expect(json_response['message']).to start_with("\nRuntimeError (Runtime Error!):")
       end
     end
+
+    context 'extra information' do
+      # Sentry events are an array of the form [auth_header, data, options]
+      let(:event_data) { Raven.client.transport.events.first[1] }
+
+      before do
+        stub_application_setting(
+          sentry_enabled: true,
+          sentry_dsn: "dummy://12345:67890@sentry.localdomain/sentry/42"
+        )
+        configure_sentry
+        Raven.client.configuration.encoding = 'json'
+      end
+
+      it 'sends the params, excluding confidential values' do
+        expect(Gitlab::Sentry).to receive(:enabled?).twice.and_return(true)
+        expect(ProjectsFinder).to receive(:new).and_raise('Runtime Error!')
+
+        get api('/projects', user), password: 'dont_send_this', other_param: 'send_this'
+
+        expect(event_data).to include('other_param=send_this')
+        expect(event_data).to include('password=********')
+      end
+    end
   end
 
   describe '.authenticate_non_get!' do
-- 
cgit v1.2.1