fix: Sanitize SentryMechanism.data on serialize (#947)

When serializing SentryMechanism, the SDK didn't sanitize the data dictionary. This is fixed now.
getsentry · Feb 12, 2021 · 9c04875 · 9c04875
1 parent 9e67662
commit 9c04875
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 
 ## unreleased
 
+- fix: Sanitize SentryMechanism.data on serialize #947
 - feat: Add error to SentryEvent #944
 - fix: Mark SentryEvent.message as Nullable #943
 - fix: Stacktrace inApp marking on Simulators #942

diff --git a/Sources/Sentry/SentryMechanism.m b/Sources/Sentry/SentryMechanism.m
@@ -1,4 +1,5 @@
 #import "SentryMechanism.h"
+#import "NSDictionary+SentrySanitize.h"
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -20,7 +21,7 @@ - (instancetype)initWithType:(NSString *)type
     [serializedData setValue:self.handled forKey:@"handled"];
     [serializedData setValue:self.desc forKey:@"description"];
     [serializedData setValue:self.meta forKey:@"meta"];
-    [serializedData setValue:self.data forKey:@"data"];
+    [serializedData setValue:[self.data sentry_sanitize] forKey:@"data"];
     [serializedData setValue:self.helpLink forKey:@"help_link"];
 
     return serializedData;

diff --git a/Tests/SentryTests/Protocol/SentryMechanismTests.swift b/Tests/SentryTests/Protocol/SentryMechanismTests.swift
@@ -9,14 +9,22 @@ class SentryMechanismTests: XCTestCase {
 
         // Changing the original doesn't modify the serialized
         mechanism.data?["other"] = "object"
-        mechanism.meta?["other"] = "object"
+        mechanism.meta?["data"] = "object"
 
         let expected = TestData.mechanism
         XCTAssertEqual(expected.type, actual["type"] as! String)
-        XCTAssertEqual(1, (actual["data"] as! [String: Any]).count)
         XCTAssertEqual(expected.desc, actual["description"] as? String)
         XCTAssertEqual(expected.handled, actual["handled"] as? NSNumber)
         XCTAssertEqual(expected.helpLink, actual["help_link"] as? String)
         XCTAssertEqual(1, (actual["meta"] as! [String: Any]).count)
+
+        guard let something = (actual["data"] as? [String: Any])?["something"] as? [String: Any] else {
+            XCTFail("Serialized SentryMechanism doesn't contain something.")
+            return
+        }
+
+        let currentDateProvider = TestCurrentDateProvider()
+        let date = currentDateProvider.date() as NSDate
+        XCTAssertEqual(date.sentry_toIso8601String(), something["date"] as? String)
     }
 }
diff --git a/Tests/SentryTests/Protocol/TestData.swift b/Tests/SentryTests/Protocol/TestData.swift
@@ -83,8 +83,9 @@ class TestData {
     }
 
     static var mechanism: Mechanism {
+        let currentDateProvider = TestCurrentDateProvider()
         let mechanism = Mechanism(type: "type")
-        mechanism.data = ["data": ["any": "some"]]
+        mechanism.data = ["something": ["date": currentDateProvider.date()]]
         mechanism.desc = "desc"
         mechanism.handled = true
         mechanism.helpLink = "https://www.sentry.io"