bugsnag 6.12.0 → 6.14.0

data/lib/bugsnag.rb

@@ -33,6 +33,7 @@ require "bugsnag/breadcrumbs/validator"
 require "bugsnag/breadcrumbs/breadcrumb"
 require "bugsnag/breadcrumbs/breadcrumbs"
 
+# rubocop:todo Metrics/ModuleLength
 module Bugsnag
   LOCK = Mutex.new
   INTEGRATIONS = [:resque, :sidekiq, :mailman, :delayed_job, :shoryuken, :que, :mongo]
@@ -63,7 +64,7 @@ module Bugsnag
         auto_notify = false
       end
 
-      return unless deliver_notification?(exception, auto_notify)
+      return unless should_deliver_notification?(exception, auto_notify)
 
       exception = NIL_EXCEPTION_DESCRIPTION if exception.nil?
 
@@ -71,6 +72,7 @@ module Bugsnag
 
       # If this is an auto_notify we yield the block before the any middleware is run
       yield(report) if block_given? && auto_notify
+
       if report.ignore?
         configuration.debug("Not notifying #{report.exceptions.last[:errorClass]} due to ignore being signified in auto_notify block")
         return
@@ -97,6 +99,7 @@ module Bugsnag
         # If this is not an auto_notify then the block was provided by the user. This should be the last
         # block that is run as it is the users "most specific" block.
         yield(report) if block_given? && !auto_notify
+
         if report.ignore?
           configuration.debug("Not notifying #{report.exceptions.last[:errorClass]} due to ignore being signified in user provided block")
           return
@@ -111,13 +114,7 @@ module Bugsnag
           report.severity_reason = initial_reason
         end
 
-        # Deliver
-        configuration.info("Notifying #{configuration.notify_endpoint} of #{report.exceptions.last[:errorClass]}")
-        options = {:headers => report.headers}
-        payload = ::JSON.dump(Bugsnag::Helpers.trim_if_needed(report.as_json))
-        Bugsnag::Delivery[configuration.delivery_method].deliver(configuration.notify_endpoint, payload, configuration, options)
-        report_summary = report.summary
-        leave_breadcrumb(report_summary[:error_class], report_summary, Bugsnag::Breadcrumbs::ERROR_BREADCRUMB_TYPE, :auto)
+        deliver_notification(report)
       end
     end
 
@@ -147,6 +144,7 @@ module Bugsnag
     # Configuration getters
     ##
     # Returns the client's Configuration object, or creates one if not yet created.
+    # @return [Configuration]
     def configuration
       @configuration = nil unless defined?(@configuration)
       @configuration || LOCK.synchronize { @configuration ||= Bugsnag::Configuration.new }
@@ -211,27 +209,40 @@ module Bugsnag
       validator.validate(breadcrumb)
 
       # Skip if it's already invalid
-      unless breadcrumb.ignore?
-        # Run callbacks
-        configuration.before_breadcrumb_callbacks.each do |c|
-          c.arity > 0 ? c.call(breadcrumb) : c.call
-          break if breadcrumb.ignore?
-        end
+      return if breadcrumb.ignore?
 
-        # Return early if ignored
-        return if breadcrumb.ignore?
+      # Run callbacks
+      configuration.before_breadcrumb_callbacks.each do |c|
+        c.arity > 0 ? c.call(breadcrumb) : c.call
+        break if breadcrumb.ignore?
+      end
+
+      # Return early if ignored
+      return if breadcrumb.ignore?
 
-        # Validate again in case of callback alteration
-        validator.validate(breadcrumb)
+      # Validate again in case of callback alteration
+      validator.validate(breadcrumb)
 
-        # Add to breadcrumbs buffer if still valid
-        configuration.breadcrumbs << breadcrumb unless breadcrumb.ignore?
+      # Add to breadcrumbs buffer if still valid
+      configuration.breadcrumbs << breadcrumb unless breadcrumb.ignore?
+    end
+
+    ##
+    # Returns the client's Cleaner object, or creates one if not yet created.
+    #
+    # @api private
+    #
+    # @return [Cleaner]
+    def cleaner
+      @cleaner = nil unless defined?(@cleaner)
+      @cleaner || LOCK.synchronize do
+        @cleaner ||= Bugsnag::Cleaner.new(configuration)
       end
     end
 
     private
 
-    def deliver_notification?(exception, auto_notify)
+    def should_deliver_notification?(exception, auto_notify)
       reason = abort_reason(exception, auto_notify)
       configuration.debug(reason) unless reason.nil?
       reason.nil?
@@ -249,6 +260,32 @@ module Bugsnag
       end
     end
 
+    ##
+    # Deliver the notification to Bugsnag
+    #
+    # @param report [Report]
+    # @return void
+    def deliver_notification(report)
+      configuration.info("Notifying #{configuration.notify_endpoint} of #{report.exceptions.last[:errorClass]}")
+
+      payload = report_to_json(report)
+      options = {:headers => report.headers}
+
+      Bugsnag::Delivery[configuration.delivery_method].deliver(
+        configuration.notify_endpoint,
+        payload,
+        configuration,
+        options
+      )
+
+      leave_breadcrumb(
+        report.summary[:error_class],
+        report.summary,
+        Bugsnag::Breadcrumbs::ERROR_BREADCRUMB_TYPE,
+        :auto
+      )
+    end
+
     # Check if the API key is valid and warn (once) if it is not
     def check_key_valid
       @key_warning = false unless defined?(@key_warning)
@@ -273,7 +310,23 @@ module Bugsnag
         raise ArgumentError, "The session endpoint cannot be modified without the notify endpoint"
       end
     end
+
+    ##
+    # Convert the Report object to JSON
+    #
+    # We ensure the report is safe to send by removing recursion, fixing
+    # encoding errors and redacting metadata according to "meta_data_filters"
+    #
+    # @param report [Report]
+    # @return string
+    def report_to_json(report)
+      cleaned = cleaner.clean_object(report.as_json)
+      trimmed = Bugsnag::Helpers.trim_if_needed(cleaned)
+
+      ::JSON.dump(trimmed)
+    end
   end
 end
+# rubocop:enable Metrics/ModuleLength
 
 Bugsnag.load_integrations unless ENV["BUGSNAG_DISABLE_AUTOCONFIGURE"]

data/lib/bugsnag/breadcrumbs/breadcrumbs.rb

@@ -1,6 +1,4 @@
 module Bugsnag::Breadcrumbs
-  MAX_NAME_LENGTH = 30
-
   VALID_BREADCRUMB_TYPES = [
     ERROR_BREADCRUMB_TYPE = "error",
     MANUAL_BREADCRUMB_TYPE = "manual",

data/lib/bugsnag/breadcrumbs/validator.rb

@@ -15,12 +15,6 @@ module Bugsnag::Breadcrumbs
     #
     # @param breadcrumb [Bugsnag::Breadcrumbs::Breadcrumb] the breadcrumb to be validated
     def validate(breadcrumb)
-      # Check name length
-      if breadcrumb.name.size > Bugsnag::Breadcrumbs::MAX_NAME_LENGTH
-        @configuration.debug("Breadcrumb name trimmed to length #{Bugsnag::Breadcrumbs::MAX_NAME_LENGTH}.  Original name: #{breadcrumb.name}")
-        breadcrumb.name = breadcrumb.name.slice(0...Bugsnag::Breadcrumbs::MAX_NAME_LENGTH)
-      end
-
       # Check meta_data hash doesn't contain complex values
       breadcrumb.meta_data = breadcrumb.meta_data.select do |k, v|
         if valid_meta_data_type?(v)

data/lib/bugsnag/cleaner.rb

@@ -1,20 +1,76 @@
 require 'uri'
 
 module Bugsnag
+  # @api private
   class Cleaner
-    ENCODING_OPTIONS = {:invalid => :replace, :undef => :replace}.freeze
     FILTERED = '[FILTERED]'.freeze
     RECURSION = '[RECURSION]'.freeze
     OBJECT = '[OBJECT]'.freeze
     RAISED = '[RAISED]'.freeze
+    OBJECT_WITH_ID_AND_CLASS = '[OBJECT]: [Class]: %<class_name>s [ID]: %<id>d'.freeze
 
-    def initialize(filters)
-      @filters = Array(filters)
-      @deep_filters = @filters.any? {|f| f.kind_of?(Regexp) && f.to_s.include?("\\.".freeze) }
+    ##
+    # @param configuration [Configuration]
+    def initialize(configuration)
+      @configuration = configuration
     end
 
-    def clean_object(obj)
-      traverse_object(obj, {}, nil)
+    def clean_object(object)
+      @deep_filters = deep_filters?
+
+      traverse_object(object, {}, nil)
+    end
+
+    ##
+    # @param url [String]
+    # @return [String]
+    def clean_url(url)
+      return url if @configuration.meta_data_filters.empty?
+
+      uri = URI(url)
+      return url unless uri.query
+
+      query_params = uri.query.split('&').map { |pair| pair.split('=') }
+      query_params.map! do |key, val|
+        if filters_match?(key)
+          "#{key}=#{FILTERED}"
+        else
+          "#{key}=#{val}"
+        end
+      end
+
+      uri.query = query_params.join('&')
+      uri.to_s
+    end
+
+    private
+
+    ##
+    # This method calculates whether we need to filter deeply or not; i.e. whether
+    # we should match both with and without 'request.params'
+    #
+    # This is cached on the instance variable '@deep_filters' for performance
+    # reasons
+    #
+    # @return [Boolean]
+    def deep_filters?
+      @configuration.meta_data_filters.any? do |filter|
+        filter.is_a?(Regexp) && filter.to_s.include?("\\.".freeze)
+      end
+    end
+
+    def clean_string(str)
+      if defined?(str.encoding) && defined?(Encoding::UTF_8)
+        if str.encoding == Encoding::UTF_8
+          str.valid_encoding? ? str : str.encode('utf-16', invalid: :replace, undef: :replace).encode('utf-8')
+        else
+          str.encode('utf-8', invalid: :replace, undef: :replace)
+        end
+      elsif defined?(Iconv)
+        Iconv.conv('UTF-8//IGNORE', 'UTF-8', str) || str
+      else
+        str
+      end
     end
 
     def traverse_object(obj, seen, scope)
@@ -29,11 +85,22 @@ module Bugsnag
       value = case obj
       when Hash
         clean_hash = {}
-        obj.each do |k,v|
-          if filters_match_deeply?(k, scope)
-            clean_hash[k] = FILTERED
-          else
-            clean_hash[k] = traverse_object(v, seen, [scope, k].compact.join('.'))
+        obj.each do |k, v|
+          begin
+            current_scope = [scope, k].compact.join('.')
+
+            if filters_match_deeply?(k, current_scope)
+              clean_hash[k] = FILTERED
+            else
+              clean_hash[k] = traverse_object(v, seen, current_scope)
+            end
+          # If we get an error here, we assume the key needs to be filtered
+          # to avoid leaking things we shouldn't. We also remove the key itself
+          # because it may cause issues later e.g. when being converted to JSON
+          rescue StandardError
+            clean_hash[RAISED] = FILTERED
+          rescue SystemStackError
+            clean_hash[RECURSION] = FILTERED
           end
         end
         clean_hash
@@ -44,10 +111,23 @@ module Bugsnag
       when String
         clean_string(obj)
       else
-        str = obj.to_s rescue RAISED
+        # guard against objects that raise or blow the stack when stringified
+        begin
+          str = obj.to_s
+        rescue StandardError
+          str = RAISED
+        rescue SystemStackError
+          str = RECURSION
+        end
+
         # avoid leaking potentially sensitive data from objects' #inspect output
         if str =~ /#<.*>/
-          OBJECT
+          # Use id of the object if available
+          if obj.respond_to?(:id)
+            format(OBJECT_WITH_ID_AND_CLASS, class_name: obj.class, id: obj.id)
+          else
+            OBJECT
+          end
         else
           clean_string(str)
         end
@@ -57,67 +137,56 @@ module Bugsnag
       value
     end
 
-    def clean_string(str)
-      if defined?(str.encoding) && defined?(Encoding::UTF_8)
-        if str.encoding == Encoding::UTF_8
-          str.valid_encoding? ? str : str.encode('utf-16', ENCODING_OPTIONS).encode('utf-8')
+    ##
+    # @param key [String, #to_s]
+    # @return [Boolean]
+    def filters_match?(key)
+      str = key.to_s
+
+      @configuration.meta_data_filters.any? do |filter|
+        case filter
+        when Regexp
+          str.match(filter)
         else
-          str.encode('utf-8', ENCODING_OPTIONS)
+          str.include?(filter.to_s)
         end
-      elsif defined?(Iconv)
-        Iconv.conv('UTF-8//IGNORE', 'UTF-8', str) || str
-      else
-        str
       end
     end
 
-    def self.clean_object_encoding(obj)
-      new(nil).clean_object(obj)
-    end
+    ##
+    # If someone has a Rails filter like /^stuff\.secret/, it won't match
+    # "request.params.stuff.secret", so we try it both with and without the
+    # "request.params." bit.
+    #
+    # @param key [String, #to_s]
+    # @param scope [String]
+    # @return [Boolean]
+    def filters_match_deeply?(key, scope)
+      return false unless scope_should_be_filtered?(scope)
 
-    def clean_url(url)
-      return url if @filters.empty?
+      return true if filters_match?(key)
+      return false unless @deep_filters
 
-      uri = URI(url)
-      return url unless uri.query
+      return true if filters_match?(scope)
 
-      query_params = uri.query.split('&').map { |pair| pair.split('=') }
-      query_params.map! do |key, val|
-        if filters_match?(key)
-          "#{key}=#{FILTERED}"
+      @configuration.scopes_to_filter.any? do |scope_to_filter|
+        if scope.start_with?("#{scope_to_filter}.request.params.")
+          filters_match?(scope.sub("#{scope_to_filter}.request.params.", ''))
         else
-          "#{key}=#{val}"
+          filters_match?(scope.sub("#{scope_to_filter}.", ''))
         end
       end
-
-      uri.query = query_params.join('&')
-      uri.to_s
     end
 
-    private
-
-    def filters_match?(key)
-      str = key.to_s
-
-      @filters.any? do |f|
-        case f
-        when Regexp
-          str.match(f)
-        else
-          str.include?(f.to_s)
-        end
+    ##
+    # Should the given scope be filtered?
+    #
+    # @param scope [String]
+    # @return [Boolean]
+    def scope_should_be_filtered?(scope)
+      @configuration.scopes_to_filter.any? do |scope_to_filter|
+        scope.start_with?("#{scope_to_filter}.")
       end
     end
-
-    # If someone has a Rails filter like /^stuff\.secret/, it won't match "request.params.stuff.secret",
-    # so we try it both with and without the "request.params." bit.
-    def filters_match_deeply?(key, scope)
-      return true if filters_match?(key)
-      return false unless @deep_filters
-
-      long = [scope, key].compact.join('.')
-      short = long.sub(/^request\.params\./, '')
-      filters_match?(long) || filters_match?(short)
-    end
   end
 end

data/lib/bugsnag/configuration.rb

@@ -3,6 +3,7 @@ require "socket"
 require "logger"
 require "bugsnag/middleware_stack"
 require "bugsnag/middleware/callbacks"
+require "bugsnag/middleware/discard_error_class"
 require "bugsnag/middleware/exception_meta_data"
 require "bugsnag/middleware/ignore_error_class"
 require "bugsnag/middleware/suggestion_data"
@@ -35,9 +36,12 @@ module Bugsnag
     attr_accessor :timeout
     attr_accessor :hostname
     attr_accessor :runtime_versions
-    attr_accessor :ignore_classes
+    attr_accessor :discard_classes
     attr_accessor :auto_capture_sessions
-    attr_accessor :track_sessions
+
+    ##
+    # @deprecated Use {#discard_classes} instead
+    attr_accessor :ignore_classes
 
     ##
     # @return [String] URL error notifications will be delivered to
@@ -64,6 +68,14 @@ module Bugsnag
     # @return [Integer] the maximum allowable amount of breadcrumbs per thread
     attr_reader :max_breadcrumbs
 
+    ##
+    # @return [Regexp] matching file paths out of project
+    attr_accessor :vendor_path
+
+    ##
+    # @return [Array]
+    attr_reader :scopes_to_filter
+
     API_KEY_REGEX = /[0-9a-f]{32}/i
     THREAD_LOCAL_NAME = "bugsnag_req_data"
 
@@ -82,6 +94,11 @@ module Bugsnag
 
     DEFAULT_MAX_BREADCRUMBS = 25
 
+    # Path to vendored code. Used to mark file paths as out of project.
+    DEFAULT_VENDOR_PATH = %r{^(vendor/|\.bundle/)}
+
+    DEFAULT_SCOPES_TO_FILTER = ['events.metaData', 'events.breadcrumbs.metaData'].freeze
+
     alias :track_sessions :auto_capture_sessions
     alias :track_sessions= :auto_capture_sessions=
 
@@ -93,6 +110,7 @@ module Bugsnag
       self.send_environment = false
       self.send_code = true
       self.meta_data_filters = Set.new(DEFAULT_META_DATA_FILTERS)
+      self.scopes_to_filter = DEFAULT_SCOPES_TO_FILTER
       self.hostname = default_hostname
       self.runtime_versions = {}
       self.runtime_versions["ruby"] = RUBY_VERSION
@@ -116,7 +134,10 @@ module Bugsnag
 
       # SystemExit and SignalException are common Exception types seen with
       # successful exits and are not automatically reported to Bugsnag
+      # TODO move these defaults into `discard_classes` when `ignore_classes`
+      #      is removed
       self.ignore_classes = Set.new([SystemExit, SignalException])
+      self.discard_classes = Set.new([])
 
       # Read the API key from the environment
       self.api_key = ENV["BUGSNAG_API_KEY"]
@@ -126,6 +147,11 @@ module Bugsnag
         parse_proxy(proxy_uri)
       end
 
+      # Set up vendor_path regex to mark stacktrace file paths as out of project.
+      # Stacktrace lines that matches regex will be marked as "out of project"
+      # will only appear in the full trace.
+      self.vendor_path = DEFAULT_VENDOR_PATH
+
       # Set up logging
       self.logger = Logger.new(STDOUT)
       self.logger.level = Logger::INFO
@@ -136,6 +162,7 @@ module Bugsnag
       # Configure the bugsnag middleware stack
       self.internal_middleware = Bugsnag::MiddlewareStack.new
       self.internal_middleware.use Bugsnag::Middleware::ExceptionMetaData
+      self.internal_middleware.use Bugsnag::Middleware::DiscardErrorClass
       self.internal_middleware.use Bugsnag::Middleware::IgnoreErrorClass
       self.internal_middleware.use Bugsnag::Middleware::SuggestionData
       self.internal_middleware.use Bugsnag::Middleware::ClassifyError
@@ -293,6 +320,8 @@ module Bugsnag
 
     private
 
+    attr_writer :scopes_to_filter
+
     PROG_NAME = "[Bugsnag]"
 
     def default_hostname