sql-obfuscation
does not sanitize SQL that exceed size limits
#1146
Labels
bug
Something isn't working
sql-obfuscation
does not sanitize SQL that exceed size limits
#1146
Description of the bug
A recent change to how SQL query comments are pre-prepended to the statement has resulted in triggering logic in the SQL obfuscation helper that bypasses executing the regular expression to sanitize the substring of query.
opentelemetry-ruby-contrib/helpers/sql-obfuscation/lib/opentelemetry/helpers/sql_obfuscation.rb
Line 118 in f817d6b
The regular expression does not seem to match on the comments index and ends up returning the raw contents of the SQL:
We must ensure that SQL is sanitized or omit the statement entirely.
Share details about your runtime
Operating system details: Linux, Ubuntu 20.04 LTS
RUBY_ENGINE: "ruby"
RUBY_VERSION: "3.3.4"
RAILS_VERSION: "8.0.0.alpha"
Share a simplified reproduction if possible
The text was updated successfully, but these errors were encountered: