rollbar 2.18.2 → 2.19.0

data/lib/rollbar/delay/active_job.rb

@@ -0,0 +1,17 @@
+module Rollbar
+  module Delay
+    # This class provides the ActiveJob async handler. Users can
+    # use ActiveJob in order to send the reports to the Rollbar API
+    class ActiveJob < ::ActiveJob::Base
+      queue_as :default
+
+      def perform(payload)
+        Rollbar.process_from_async_handler(payload)
+      end
+
+      def self.call(payload)
+        perform_later payload
+      end
+    end
+  end
+end

data/lib/rollbar/delay/sidekiq.rb

@@ -10,7 +10,9 @@ module Rollbar
       end
 
       def call(payload)
-        ::Sidekiq::Client.push @options.merge('args' => [payload])
+        if ::Sidekiq::Client.push(@options.merge('args' => [payload])) == nil
+          raise StandardError.new "Unable to push the job to Sidekiq"
+        end
       end
 
       include ::Sidekiq::Worker

data/lib/rollbar/delay/thread.rb

@@ -5,7 +5,7 @@ module Rollbar
   module Delay
     class Thread
       EXIT_SIGNAL  = :exit
-      EXIT_TIMEOUT = 3
+      EXIT_TIMEOUT = 6
 
       Error        = Class.new(StandardError)
       TimeoutError = Class.new(Error)

data/lib/rollbar/deploy.rb

@@ -0,0 +1,69 @@
+require 'capistrano'
+
+module Rollbar
+  # Deploy Tracking API wrapper module
+  module Deploy
+    ENDPOINT = 'https://api.rollbar.com/api/1/deploy/'.freeze
+
+    def self.report(opts = {}, access_token:, environment:, revision:)
+      opts[:status] ||= :started
+
+      uri = URI.parse(::Rollbar::Deploy::ENDPOINT)
+
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request.body = ::JSON.dump({
+        :access_token => access_token,
+        :environment => environment,
+        :revision => revision
+      }.merge(opts))
+
+      send_request(opts, :uri => uri, :request => request)
+    end
+
+    def self.update(opts = {}, deploy_id:, access_token:, status:)
+      uri = URI.parse(
+        ::Rollbar::Deploy::ENDPOINT +
+        deploy_id.to_s +
+        '?access_token=' + access_token
+      )
+
+      request = Net::HTTP::Patch.new(uri.request_uri)
+      request.body = ::JSON.dump(:status => status.to_s, :comment => opts[:comment])
+
+      send_request(opts, :uri => uri, :request => request)
+    end
+
+    class << self
+      private
+
+      def send_request(opts = {}, uri:, request:)
+        Net::HTTP.start(uri.host, uri.port, opts[:proxy], :use_ssl => true) do |http|
+          build_result(
+            :uri => uri,
+            :request => request,
+            :response => opts[:dry_run] ? nil : http.request(request)
+          )
+        end
+      end
+
+      def build_result(uri:, request:, response: nil)
+        result = {
+          :request_info => uri.inspect + ': ' + request.body,
+          :request => request,
+          :response => response
+        }
+
+        unless result[:response].nil?
+          result.merge!(JSON.parse(result[:response].body, :symbolize_names => true))
+          result[:response_info] = build_response_info(result[:response])
+        end
+
+        result
+      end
+
+      def build_response_info(response)
+        response.code + '; ' + response.message + '; ' + response.body.delete!("\n")
+      end
+    end
+  end
+end

data/lib/rollbar/item.rb

@@ -26,12 +26,12 @@ module Rollbar
     attr_reader :message
     attr_reader :exception
     attr_reader :extra
-    
+
     attr_reader :configuration
     attr_reader :scope
     attr_reader :logger
     attr_reader :notifier
-    
+
     attr_reader :context
 
     def_delegators :payload, :[]
@@ -156,13 +156,24 @@ module Rollbar
     end
 
     def build_extra
-      if custom_data_method?
-        Util.deep_merge(custom_data, extra || {})
+      if custom_data_method? && !Rollbar::Util.method_in_stack(:custom_data, __FILE__)
+        Util.deep_merge(scrub(custom_data), scrub(extra) || {})
       else
-        extra
+        scrub(extra)
       end
     end
 
+    def scrub(data)
+      return data unless data.is_a? Hash
+
+      options = {
+        :params => data,
+        :config => Rollbar.configuration.scrub_fields,
+        :whitelist => Rollbar.configuration.scrub_whitelist
+      }
+      Rollbar::Scrubbers::Params.call(options)
+    end
+
     def custom_data_method?
       !!configuration.custom_data_method
     end
@@ -173,7 +184,7 @@ module Rollbar
       else
         data = configuration.custom_data_method.call
       end
-      
+
       Rollbar::Util.deep_copy(data)
     rescue => e
       return {} if configuration.safely?

data/lib/rollbar/middleware/js.rb

@@ -120,7 +120,11 @@ module Rollbar
 
         add_person_data(js_config, env)
 
-        script_tag("var _rollbarConfig = #{js_config.to_json};", env)
+        # MUST use the Ruby JSON encoder (JSON#generate).
+        # See lib/rollbar/middleware/js/json_value
+        json = ::JSON.generate(js_config)
+
+        script_tag("var _rollbarConfig = #{json};", env)
       end
 
       def add_person_data(js_config, env)
@@ -141,7 +145,9 @@ module Rollbar
       end
 
       def script_tag(content, env)
-        if append_nonce?
+        if (nonce = rails5_nonce(env))
+          script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
+        elsif secure_headers_nonce?
           nonce = ::SecureHeaders.content_security_policy_script_nonce(::Rack::Request.new(env))
           script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
         else
@@ -156,7 +162,23 @@ module Rollbar
         string
       end
 
-      def append_nonce?
+      # Rails 5.2 Secure Content Policy
+      def rails5_nonce(env)
+        # The nonce is the preferred method, however 'unsafe-inline' is also possible.
+        # The app gets to decide, so we handle both. If the script_src key is missing,
+        # Rails will not add the nonce to the headers, so we should not add it either.
+        # If the 'unsafe-inline' value is present, the app should not add a nonce and
+        # we should ignore it if they do.
+        req = ::ActionDispatch::Request.new env
+        req.respond_to?(:content_security_policy) &&
+          req.content_security_policy &&
+          req.content_security_policy.directives['script-src'] &&
+          !req.content_security_policy.directives['script-src'].include?("'unsafe-inline'") &&
+          req.content_security_policy_nonce
+      end
+
+      # Secure Headers gem
+      def secure_headers_nonce?
         secure_headers.append_nonce?
       end
 

data/lib/rollbar/middleware/js/json_value.rb

@@ -0,0 +1,26 @@
+# Allows a Ruby String to be used to create native Javascript objects
+# when calling JSON#generate.
+#
+# Example:
+# JSON.generate({ foo: Rollbar::JSON::Value.new('function(){ alert("bar") }') })
+# => '{"foo":function(){ alert(\"bar\") }}'
+#
+# MUST use the Ruby JSON encoder, as in the example. The ActiveSupport encoder,
+# which is installed with Rails, is invoked when calling Hash#to_json and #as_json,
+# and will not work.
+#
+module Rollbar
+  module JSON
+    class Value # :nodoc:
+      attr_accessor :value
+
+      def initialize(value)
+        @value = value
+      end
+
+      def to_json(*_args)
+        value
+      end
+    end
+  end
+end

data/lib/rollbar/notifier.rb

@@ -134,10 +134,11 @@ module Rollbar
       return 'ignored' if ignored?(exception, use_exception_level_filters)
 
       begin
-        call_before_process(:level => level,
-                            :exception => exception,
-                            :message => message,
-                            :extra => extra)
+        status = call_before_process(:level => level,
+                                     :exception => exception,
+                                     :message => message,
+                                     :extra => extra)
+        return 'ignored' if status == 'ignored'
       rescue Rollbar::Ignore
         return 'ignored'
       end
@@ -295,6 +296,10 @@ module Rollbar
       end
     end
 
+    def logger
+      @logger ||= LoggerProxy.new(configuration.logger)
+    end
+
     private
 
     def use_exception_level_filters?(options)
@@ -317,7 +322,8 @@ module Rollbar
 
       handlers.each do |handler|
         begin
-          handler.call(options)
+          status = handler.call(options)
+          return 'ignored' if status == 'ignored'
         rescue Rollbar::Ignore
           raise
         rescue => e
@@ -343,10 +349,10 @@ module Rollbar
           exception = arg
         elsif arg.is_a?(Hash)
           extra = arg
-          
+
           context = extra[:custom_data_method_context]
           extra.delete :custom_data_method_context
-          
+
           extra = nil if extra.empty?
         end
       end
@@ -407,7 +413,7 @@ module Rollbar
     # If that fails, we'll fall back to a more static failsafe response.
     def report_internal_error(exception)
       log_error '[Rollbar] Reporting internal error encountered while sending data to Rollbar.'
-      
+
       configuration.execute_hook(:on_report_internal_error, exception)
 
       begin
@@ -513,12 +519,29 @@ module Rollbar
 
       request = Net::HTTP::Post.new(uri.request_uri)
 
-      request.body = body
+      request.body = pack_ruby260_bytes(body)
       request.add_field('X-Rollbar-Access-Token', access_token)
 
       handle_net_retries { http.request(request) }
     end
 
+    def pack_ruby260_bytes(body)
+      # Ruby 2.6.0 shipped with a bug affecting multi-byte body for Net::HTTP.
+      # Fix (committed one day after 2.6.0p0 shipped) is here:
+      # https://github.com/ruby/ruby/commit/1680a13a926b17661329beec1ded6b32aad16c1b#diff-00a99d8c71daaf5fc60a050da41f7261
+      #
+      # We work around this by repacking the body as single byte chars if needed.
+      if RUBY_VERSION == '2.6.0' && multibyte?(body)
+        body.unpack('C*').pack('C*')
+      else
+        body
+      end
+    end
+
+    def multibyte?(str)
+      str.chars.length != str.bytes.length
+    end
+
     def http_proxy_for_em(uri)
       proxy = http_proxy(uri)
       {
@@ -706,9 +729,5 @@ module Rollbar
       uuid_url = Util.uuid_rollbar_url(data, configuration)
       log_info "[Rollbar] Details: #{uuid_url} (only available if report was successful)"
     end
-
-    def logger
-      @logger ||= LoggerProxy.new(configuration.logger)
-    end
   end
 end

data/lib/rollbar/plugins/active_job.rb

@@ -13,3 +13,6 @@ module Rollbar
     end
   end
 end
+
+# Automatically add to ActionMailer::DeliveryJob
+ActionMailer::DeliveryJob.send(:include, Rollbar::ActiveJob) if defined?(ActionMailer::DeliveryJob)

data/lib/rollbar/plugins/rails/controller_methods.rb

@@ -1,4 +1,5 @@
 require 'rollbar/request_data_extractor'
+require 'rollbar/util'
 
 module Rollbar
   module Rails
@@ -6,7 +7,7 @@ module Rollbar
       include RequestDataExtractor
 
       def rollbar_person_data
-        user = send(Rollbar.configuration.person_method)
+        (user = send(Rollbar.configuration.person_method)) unless Rollbar::Util.method_in_stack_twice(:rollbar_person_data, __FILE__)
         # include id, username, email if non-empty
         if user
           {

data/lib/rollbar/plugins/rails/railtie_mixin.rb

@@ -14,7 +14,13 @@ module Rollbar
             config.environment ||= ::Rails.env
             config.root ||= ::Rails.root
             config.framework = "Rails: #{::Rails::VERSION::STRING}"
-            config.filepath ||= ::Rails.application.class.parent_name + '.rollbar'
+            config.filepath ||= begin
+              if ::Rails.application.class.respond_to?(:module_parent_name)
+                ::Rails.application.class.module_parent_name + '.rollbar'
+              else
+                ::Rails.application.class.parent_name + '.rollbar'
+              end
+            end
           end
         end
       end

data/lib/rollbar/rake_tasks.rb

@@ -2,92 +2,151 @@ require 'rollbar'
 begin
   require 'rack/mock'
 rescue LoadError
+  puts 'Cannot load rack/mock'
 end
 require 'logger'
 
 namespace :rollbar do
   desc 'Verify your gem installation by sending a test exception to Rollbar'
   task :test => [:environment] do
-    if defined?(Rails)
-      Rails.logger = if defined?(ActiveSupport::TaggedLogging)
-                       ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
-                     else
-                       Logger.new(STDOUT)
-                     end
-
-      Rails.logger.level = Logger::DEBUG
-      Rollbar.preconfigure do |config|
-        config.logger = Rails.logger
-      end
-    end
+    RollbarTest.run
+  end
+end
 
-    class RollbarTestingException < RuntimeError; end
+# Module to inject into the Rails controllers or rack apps
+module RollbarTest # :nodoc:
+  def test_rollbar
+    puts 'Raising RollbarTestingException to simulate app failure.'
 
-    unless Rollbar.configuration.access_token
-      puts 'Rollbar needs an access token configured. Check the README for instructions.'
+    raise RollbarTestingException.new, ::RollbarTest.success_message
+  end
 
-      exit
-    end
+  def self.run
+    return unless confirmed_token?
+
+    configure_rails if defined?(Rails)
 
     puts 'Testing manual report...'
     Rollbar.error('Test error from rollbar:test')
 
-    # Module to inject into the Rails controllers or
-    # rack apps
-    module RollbarTest
-      def test_rollbar
-        puts 'Raising RollbarTestingException to simulate app failure.'
+    return unless defined?(Rack::MockRequest)
 
-        raise RollbarTestingException.new, 'Testing rollbar with "rake rollbar:test". If you can see this, it works.'
-      end
+    protocol, app = setup_app
+
+    puts 'Processing...'
+    env = Rack::MockRequest.env_for("#{protocol}://www.example.com/verify", 'REMOTE_ADDR' => '127.0.0.1')
+    status, = app.call(env)
+
+    puts error_message unless status.to_i == 500
+  end
+
+  def self.configure_rails
+    Rails.logger = if defined?(ActiveSupport::TaggedLogging)
+                     ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))
+                   else
+                     Logger.new(STDOUT)
+                   end
+
+    Rails.logger.level = Logger::DEBUG
+    Rollbar.preconfigure do |config|
+      config.logger = Rails.logger
     end
+  end
 
-    if defined?(Rack::MockRequest)
-      if defined?(Rails)
-        puts 'Setting up the controller.'
-
-        class RollbarTestController < ActionController::Base
-          include RollbarTest
-
-          def verify
-            test_rollbar
-          end
-
-          def logger
-            nil
-          end
-        end
-
-        Rails.application.routes_reloader.execute_if_updated
-        Rails.application.routes.draw do
-          get 'verify' => 'rollbar_test#verify', :as => 'verify'
-        end
-
-        # from http://stackoverflow.com/questions/5270835/authlogic-activation-problems
-        if defined? Authlogic
-          Authlogic::Session::Base.controller = Authlogic::ControllerAdapters::RailsAdapter.new(self)
-        end
-
-        protocol = (defined? Rails.application.config.force_ssl && Rails.application.config.force_ssl) ? 'https' : 'http'
-        app = Rails.application
-      else
-        protocol = 'http'
-        app = Class.new do
-          include RollbarTest
-
-          def self.call(_env)
-            new.test_rollbar
-          end
-        end
-      end
+  def self.confirmed_token?
+    return true if Rollbar.configuration.access_token
+
+    puts token_error_message
+
+    false
+  end
+
+  def self.authlogic_config
+    # from http://stackoverflow.com/questions/5270835/authlogic-activation-problems
+    return unless defined?(Authlogic)
+
+    Authlogic::Session::Base.controller = Authlogic::ControllerAdapters::RailsAdapter.new(self)
+  end
+
+  def self.setup_app
+    puts 'Setting up the test app.'
+
+    if defined?(Rails)
+      app = rails_app
 
-      puts 'Processing...'
-      env = Rack::MockRequest.env_for("#{protocol}://www.example.com/verify")
-      status, = app.call(env)
+      draw_rails_route(app)
 
-      unless status.to_i == 500
-        puts 'Test failed! You may have a configuration issue, or you could be using a gem that\'s blocking the test. Contact support@rollbar.com if you need help troubleshooting.'
+      authlogic_config
+
+      [rails_protocol(app), app]
+    else
+      ['http', rack_app]
+    end
+  end
+
+  def self.rails_app
+    # The setup below is needed for Rails 5.x, but not for Rails 4.x and below.
+    # (And fails on Rails 4.x in various ways depending on the exact version.)
+    return Rails.application if Rails.version < '5.0.0'
+
+    # Spring now runs by default in development on all new Rails installs. This causes
+    # the new `/verify` route to not get picked up if `config.cache_classes == false`
+    # which is also a default in development env.
+    #
+    # `config.cache_classes` needs to be set, but the only possible time is at app load,
+    # so here we clone the default app with an updated config.
+    #
+    config = Rails.application.config
+    config.cache_classes = true
+
+    # Make a copy of the app, so the config can be updated.
+    Rails.application.class.name.constantize.new(:config => config)
+  end
+
+  def self.draw_rails_route(app)
+    app.routes_reloader.execute_if_updated
+    app.routes.draw do
+      get 'verify' => 'rollbar_test#verify', :as => 'verify'
+    end
+  end
+
+  def self.rails_protocol(app)
+    defined?(app.config.force_ssl && app.config.force_ssl) ? 'https' : 'http'
+  end
+
+  def self.rack_app
+    Class.new do
+      include RollbarTest
+
+      def self.call(_env)
+        new.test_rollbar
       end
     end
   end
+
+  def self.token_error_message
+    'Rollbar needs an access token configured. Check the README for instructions.'
+  end
+
+  def self.error_message
+    'Test failed! You may have a configuration issue, or you could be using a gem that\'s blocking the test. Contact support@rollbar.com if you need help troubleshooting.'
+  end
+
+  def self.success_message
+    'Testing rollbar with "rake rollbar:test". If you can see this, it works.'
+  end
+end
+
+class RollbarTestingException < RuntimeError; end
+
+class RollbarTestController < ActionController::Base # :nodoc:
+  include RollbarTest
+
+  def verify
+    test_rollbar
+  end
+
+  def logger
+    nil
+  end
 end