Also filter field results and objects

Author: rmosolgo

lib/graphql/tracing/perfetto_trace.rb

@@ -270,9 +270,9 @@ def end_execute_field(field, object, arguments, query, app_result)
         if @create_debug_annotations
           start_field.track_event = dup_with(start_field.track_event,{
             debug_annotations: [
-                payload_to_debug(nil, object.object, iid: DA_OBJECT_IID, intern_value: true),
-                payload_to_debug(nil, filter_arguments(arguments), iid: DA_ARGUMENTS_IID),
-                payload_to_debug(nil, app_result, iid: DA_RESULT_IID, intern_value: true)
+                payload_to_debug(nil, filter_if_hash(object.object), iid: DA_OBJECT_IID, intern_value: true),
+                payload_to_debug(nil, filter_if_hash(arguments), iid: DA_ARGUMENTS_IID),
+                payload_to_debug(nil, filter_if_hash(app_result), iid: DA_RESULT_IID, intern_value: true)
               ]
             })
         end
@@ -606,8 +606,12 @@ def fid
         Fiber.current.object_id
       end
 
-      def filter_arguments(args)
-        @arguments_filter.filter(args)
+      def filter_if_hash(args)
+        if args.is_a?(Hash)
+          @arguments_filter.filter(args)
+        else
+          args
+        end
       end
 
       class ActiveSupportArgumentsFilter

spec/graphql/tracing/perfetto_trace_spec.rb

@@ -6,6 +6,11 @@
   describe GraphQL::Tracing::PerfettoTrace do
     include PerfettoSnapshot
 
+    def trace_includes?(json_str, test_str)
+      json_str.include?(Base64.encode64(test_str).strip) ||
+        json_str.include?(test_str)
+    end
+
     class PerfettoSchema < GraphQL::Schema
       class BaseObject < GraphQL::Schema::Object
       end
@@ -110,14 +115,21 @@ class SecretInput < GraphQL::Schema::InputObject
           argument :password, String
         end
 
-        field :secret_field, String do
+        class SecretThing < GraphQL::Schema::Object
+          field :greeting, String
+        end
+        field :secret_field, SecretThing do
           argument :cipher, String, required: false
           argument :password, String, required: false
           argument :input, [[SecretInput]], required: false
         end
 
         def secret_field(cipher: nil, password: nil, input: nil)
-          cipher || password || input[0][0][:password]
+          {
+            greeting: "Hello!",
+            cipher: cipher || "FALLBACK_CIPHER",
+            password: password || (input ? input[0][0][:password] : "FALLBACK_PASSWORD"),
+          }
         end
       end
 
@@ -174,40 +186,43 @@ def self.detailed_trace?(q)
     end
 
     it "filters params with ActiveSupport" do
-      query_str = 'query getStuff { secretField(cipher: "abcdef") }'
+      query_str = 'query getStuff { secretField(cipher: "abcdef") { greeting } }'
       res = PerfettoSchema.execute(query_str, validate: false)
       json = res.context.query.current_trace.write(file: nil, debug_json: true)
-      assert_includes json, "abcdef"
-      refute_includes json, "FILTERED"
+      assert trace_includes?(json, "abcdef")
+      refute trace_includes?(json, "FILTERED")
 
       prev_fp = ActiveSupport.filter_parameters
       ActiveSupport.filter_parameters = ["cipher"]
       res = PerfettoSchema.execute(query_str)
       json = res.context.query.current_trace.write(file: nil, debug_json: true)
-      refute_includes json, "abcdef"
-      assert_includes json, "[FILTERED]"
+      refute trace_includes?(json, "abcdef")
+      assert trace_includes?(json, "[FILTERED]")
 
       ActiveSupport.filter_parameters = ["password"]
-      res = PerfettoSchema.execute('query getStuff { secretField(input: [[{ password: "jklmn" }]]) }')
+      res = PerfettoSchema.execute('query getStuff { secretField(input: [[{ password: "jklmn" }]]) { greeting } }')
       json = res.context.query.current_trace.write(file: nil, debug_json: true)
-      refute json.include?("jklmn"), "Value is removed"
+      assert trace_includes?(json, "password"), "Name is retained"
+      refute trace_includes?(json, "jklmn"), "Value is removed"
       assert_includes json, "[FILTERED]"
     ensure
       ActiveSupport.filter_parameters = prev_fp
     end
 
     it "filters params without ActiveSupport" do
-      query_str = 'query getStuff { secretField(password: "qrstuv") }'
+      query_str = 'query getStuff { secretField(password: "qrstuv") { greeting } }'
       res = PerfettoSchema.execute(query_str, context: { detailed_trace_filter: GraphQL::Tracing::PerfettoTrace::ArgumentsFilter.new })
       json = res.context.query.current_trace.write(file: nil, debug_json: true)
-      assert_includes json, "[FILTERED]"
-      refute_includes json, "qrstuv"
+      assert trace_includes?(json, "FILTERED"), "The replacement string is present"
+      assert trace_includes?(json, "FALLBACK_CIPHER"), "Unfiltered values are present"
+      refute trace_includes?(json, "qrstuv"), "The password is obscured"
 
-      query_str = 'query getStuff { secretField(input: [[{ password: "lmnop" }]]) }'
+      query_str = 'query getStuff { secretField(input: [[{ password: "lmnop" }]]) { greeting } }'
       res = PerfettoSchema.execute(query_str, context: { detailed_trace_filter: GraphQL::Tracing::PerfettoTrace::ArgumentsFilter.new })
       json = res.context.query.current_trace.write(file: nil, debug_json: true)
-      refute json.include?("lmnop"), "The password is obscured"
-      assert json.include?("[FILTERED]"), "The replacement string is present"
+      assert trace_includes?(json, "password"), "Name is retained"
+      refute trace_includes?(json, "lmnop"), "The password is obscured"
+      assert trace_includes?(json, "[FILTERED]"), "The replacement string is present"
     end
 
     it "provides an error when google-protobuf isn't available" do