Merge pull request #116 from MindscapeHQ/fix-rack-request-data-reading

Correctly record raw request data for Rack based apps

Author: UberMouse

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 2.0.0 (20/04/2017)
+
+Bugfixes:
+  - Fix broken handling of raw request body reading in Rack applications ([#116](https://github.com/MindscapeHQ/raygun4ruby/pull/116))
+    - This is a breaking change to how raw data was being read before so it requires a major version bump
+    - Raw request data reading is now disabled by default and can be enabled via the `record_raw_data` configuration option
 ## 1.5.0 (16/03/2017)
 
 Features

lib/raygun/client.rb

@@ -132,9 +132,21 @@ def rack_params(env)
       end
 
       def raw_data(rack_env)
+        return unless Raygun.configuration.record_raw_data
+
         request = Rack::Request.new(rack_env)
-        unless request.form_data?
-          form_params(rack_env)
+        input = rack_env['rack.input']
+
+        if input && !request.form_data?
+          current_position = input.pos
+          input.rewind
+
+          body = (input.read || '').slice(0, 4096)
+          input.seek(current_position)
+
+          body
+        else
+          {}
         end
       end
 

lib/raygun/configuration.rb

@@ -70,6 +70,10 @@ def self.proc_config_option(name)
     # Override this if you wish to connect to a different Raygun API than the standard one
     config_option :api_url
 
+    # Should Raygun include the raw request body in the payload? This will not include
+    # form submissions and will not be filtered by the blacklist
+    config_option :record_raw_data
+
     # Exception classes to ignore by default
     IGNORE_DEFAULT = ['ActiveRecord::RecordNotFound',
                       'ActionController::RoutingError',
@@ -119,7 +123,8 @@ def initialize
         whitelist_payload_shape:          DEFAULT_WHITELIST_PAYLOAD_SHAPE,
         proxy_settings:                   {},
         debug:                            false,
-        api_url:                          'https://api.raygun.io/'
+        api_url:                          'https://api.raygun.io/',
+        record_raw_data:                  false
       })
     end
 

lib/raygun/version.rb

@@ -1,3 +1,3 @@
 module Raygun
-  VERSION = "1.5.0"
+  VERSION = "2.0.0"
 end

test/unit/client_test.rb

@@ -29,6 +29,7 @@ def to_s
   def setup
     super
     @client = Raygun::Client.new
+    Raygun.configuration.record_raw_data = true
     fake_successful_entry
 
     # Force NZ time zone for utcOffset tests
@@ -222,15 +223,36 @@ def test_getting_request_information_with_nil_env
     assert_equal({}, @client.send(:request_information, nil))
   end
 
-  def test_non_form_parameters
-    put_body_env_hash = sample_env_hash.merge({
-      "REQUEST_METHOD"=>"PUT",
-      "action_dispatch.request.parameters"=> { "a" => "b", "c" => "4945438", "password" => "swordfish" }
+  def test_raw_post_body
+    env_hash = sample_env_hash.merge({
+      "CONTENT_TYPE" => "application/json",
+      "REQUEST_METHOD" => "POST",
+      "rack.input" => StringIO.new('{"foo": "bar"}')
     })
 
-    expected_form_hash = { "a" => "b", "c" => "4945438", "password" => "[FILTERED]" }
+    assert_equal '{"foo": "bar"}', @client.send(:request_information, env_hash)[:rawData]
+  end
+
+  def test_raw_post_body_with_more_than_4096_chars
+    input = "0" * 5000;
+    env_hash = sample_env_hash.merge({
+      "CONTENT_TYPE" => "application/json",
+      "REQUEST_METHOD" => "POST",
+      "rack.input" => StringIO.new(input)
+    })
 
-    assert_equal expected_form_hash, @client.send(:request_information, put_body_env_hash)[:rawData]
+    assert_equal input.slice(0, 4096), @client.send(:request_information, env_hash)[:rawData]
+  end
+
+  def test_raw_post_body_with_config_disabled
+    Raygun.configuration.record_raw_data = false
+    env_hash = sample_env_hash.merge({
+      "CONTENT_TYPE" => "application/json",
+      "REQUEST_METHOD" => "POST",
+      "rack.input" => StringIO.new('{"foo": "bar"}')
+    })
+
+    assert_equal(nil, @client.send(:request_information, env_hash)[:rawData])
   end
 
   def test_error_raygun_custom_data
@@ -461,6 +483,7 @@ def test_filter_payload_with_whitelist_default_request_post
     Raygun.configuration.filter_payload_with_whitelist = true
 
     post_body_env_hash = sample_env_hash.merge(
+      "CONTENT_TYPE" => 'application/x-www-form-urlencoded',
       "REQUEST_METHOD" => "POST",
       "rack.input"=>StringIO.new("a=b&c=4945438&password=swordfish")
     )
@@ -475,7 +498,7 @@ def test_filter_payload_with_whitelist_default_request_post
       queryString: { },
       headers:     { "Version"=>"HTTP/1.1", "Host"=>"localhost:3000", "Cookie"=>"cookieval" },
       form:        { "a" => "[FILTERED]", "c" => "[FILTERED]", "password" => "[FILTERED]" },
-      rawData:     nil
+      rawData:     {}
     }
 
     assert_equal expected_hash, details[:request]
@@ -506,7 +529,7 @@ def test_filter_payload_with_whitelist_request_post_except_formkey
       queryString: { },
       headers:     { "Version"=>"HTTP/1.1", "Host"=>"localhost:3000", "Cookie"=>"cookieval" },
       form:        { "username" => "foo", "password" => "[FILTERED]" },
-      rawData:     nil
+      rawData:     {}
     }
 
     assert_equal expected_hash, details[:request]

test/unit/configuration_test.rb

@@ -129,4 +129,8 @@ def test_setting_custom_data_to_hash
   def test_api_url_default
     assert_equal "https://api.raygun.io/", Raygun.configuration.api_url
   end
+
+  def test_record_raw_data_default
+    assert_equal false, Raygun.configuration.record_raw_data
+  end
 end