appsignal-ruby icon indicating copy to clipboard operation
appsignal-ruby copied to clipboard

Published 20 hours ago • verified publisher icon appsignal

Less restrictive Redis sanitization

Open luismiramirez opened this issue 3 years ago • 1 comments

We recently changed how MongoDB queries are sanitized to show more information to our users. (https://github.com/appsignal/appsignal-ruby/pull/819)

We can do the same to Redis commands. Currently, we are sanitizing the whole query and only showing the called command.

Example:

SET key value

SET ? ?

The idea is not to remove the command's first argument to know which keys are set up or retrieved.

https://github.com/appsignal/appsignal-ruby/blob/d73905d3b28404638a8aa1e8de3909eff0b8cfb6/lib/appsignal/integrations/redis.rb#L7-L16

ToDo

  • [ ] Allow the first argument of Redis commands
  • [ ] Test properly with an alpha release to make sure we don't flood the DB with the new unique events

luismiramirez avatar Feb 16 '22 11:02 luismiramirez

First step: can we track which command is run, not just "eval". Can we stop replacing keys with ? as well, but only replace values? Can we distinguish between them?

tombruijn avatar Feb 22 '22 09:02 tombruijn