Handle mailto links in Cleaner#clean_url

bugsnag · Jan 23, 2024 · 86808df · 86808df
1 parent c052209
commit 86808df
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 12 deletions.
diff --git a/lib/bugsnag/cleaner.rb b/lib/bugsnag/cleaner.rb
@@ -36,19 +36,11 @@ def clean_url(url)
         return "#{pre_query_string}?#{FILTERED}"
       end
 
-      return url unless uri.query
-
-      query_params = uri.query.split('&').map { |pair| pair.split('=') }
-      query_params.map! do |key, val|
-        if filters_match?(key)
-          "#{key}=#{FILTERED}"
-        else
-          "#{key}=#{val}"
-        end
+      if uri.is_a?(URI::MailTo)
+        clean_mailto_url(url, uri)
+      else
+        clean_generic_url(url, uri)
       end
-
-      uri.query = query_params.join('&')
-      uri.to_s
     end
 
     ##
@@ -209,5 +201,33 @@ def scope_should_be_filtered?(scope)
         scope.start_with?("#{scope_to_filter}.")
       end
     end
+
+    def clean_generic_url(original_url, uri)
+      return original_url unless uri.query
+
+      query_params = uri.query.split('&').map { |pair| pair.split('=') }
+
+      uri.query = filter_uri_parameter_array(query_params).join('&')
+      uri.to_s
+    end
+
+    def clean_mailto_url(original_url, uri)
+      return original_url unless uri.headers
+
+      # headers in mailto links can't contain square brackets so we replace
+      # filtered parameters with 'FILTERED' instead of '[FILTERED]'
+      uri.headers = filter_uri_parameter_array(uri.headers, 'FILTERED').join('&')
+      uri.to_s
+    end
+
+    def filter_uri_parameter_array(parameters, replacement = FILTERED)
+      parameters.map do |key, value|
+        if filters_match?(key)
+          "#{key}=#{replacement}"
+        else
+          "#{key}=#{value}"
+        end
+      end
+    end
   end
 end
diff --git a/spec/cleaner_spec.rb b/spec/cleaner_spec.rb
@@ -552,5 +552,29 @@ def to_s
       let(:url) { "https://host.example/a b c d e f g" }
       it { should eq "https://host.example/a b c d e f g" }
     end
+
+    context "with a mailto URL" do
+      let(:filters) { [/token/] }
+      let(:url) { "mailto:[email protected]?token=secret&subject=Hello" }
+      it { should eq "mailto:[email protected]?token=FILTERED&subject=Hello" }
+    end
+
+    context "with a mailto URL without a to address" do
+      let(:filters) { [/token/] }
+      let(:url) { "mailto:?subject=Hello&token=password" }
+      it { should eq "mailto:?subject=Hello&token=FILTERED" }
+    end
+
+    context "with a websocket URL" do
+      let(:filters) { [/secret/] }
+      let(:url) { "ws://example.com?abc=xyz&secret=password" }
+      it { should eq "ws://example.com?abc=xyz&secret=[FILTERED]" }
+    end
+
+    context "with a websocket over TLS URL" do
+      let(:filters) { [/secret/] }
+      let(:url) { "wss://example.com?abc=xyz&secret=password" }
+      it { should eq "wss://example.com?abc=xyz&secret=[FILTERED]" }
+    end
   end
 end