rollbar 2.26.0 → 3.4.0

data/lib/rollbar/item.rb

@@ -23,24 +23,15 @@ module Rollbar
 
     attr_writer :payload
 
-    attr_reader :level
-    attr_reader :message
-    attr_reader :exception
-    attr_reader :extra
-
-    attr_reader :configuration
-    attr_reader :scope
-    attr_reader :logger
-    attr_reader :notifier
-
-    attr_reader :context
+    attr_reader :level, :message, :exception, :extra, :configuration, :scope, :logger,
+                :notifier, :context
 
     def_delegators :payload, :[]
 
     class << self
       def build_with(payload, options = {})
         new(options).tap do |item|
-          item.payload = payload
+          item.payload = item.add_access_token_to_payload(payload)
         end
       end
     end
@@ -64,9 +55,7 @@ module Rollbar
 
     def build
       data = build_data
-      self.payload = {
-        'data' => data
-      }
+      self.payload = add_access_token_to_payload({ 'data' => data })
 
       enforce_valid_utf8
       transform
@@ -74,7 +63,22 @@ module Rollbar
     end
 
     def build_data
-      data = {
+      data = initial_data
+
+      build_optional_data(data)
+
+      Util.deep_merge(data, configuration.payload_options)
+      Util.deep_merge(data, scope)
+
+      # Our API doesn't allow null context values, so just delete
+      # the key if value is nil.
+      data.delete(:context) unless data[:context]
+
+      data
+    end
+
+    def initial_data
+      {
         :timestamp => Time.now.to_i,
         :environment => build_environment,
         :level => level,
@@ -88,25 +92,27 @@ module Rollbar
         },
         :body => build_body
       }
-      data[:project_package_paths] = configuration.project_gem_paths if configuration.project_gem_paths.any?
-      data[:code_version] = configuration.code_version if configuration.code_version
-      data[:uuid] = SecureRandom.uuid if defined?(SecureRandom) && SecureRandom.respond_to?(:uuid)
+    end
 
-      Util.deep_merge(data, configuration.payload_options)
-      Util.deep_merge(data, scope)
+    def build_optional_data(data)
+      if configuration.project_gem_paths.any?
+        data[:project_package_paths] = configuration.project_gem_paths
+      end
 
-      # Our API doesn't allow null context values, so just delete
-      # the key if value is nil.
-      data.delete(:context) unless data[:context]
+      data[:code_version] = configuration.code_version if configuration.code_version
 
-      data
+      return unless defined?(SecureRandom) && SecureRandom.respond_to?(:uuid)
+
+      data[:uuid] = SecureRandom.uuid
     end
 
     def configured_options
-      if Gem.loaded_specs['activesupport'] && Gem.loaded_specs['activesupport'].version < Gem::Version.new('4.1')
-        # There are too many types that crash ActiveSupport JSON serialization, and not worth
-        # the risk just to send this diagnostic object. In versions < 4.1, ActiveSupport hooks
-        # Ruby's JSON.generate so deeply there's no workaround.
+      if Gem.loaded_specs['activesupport'] &&
+         Gem.loaded_specs['activesupport'].version < Gem::Version.new('4.1')
+        # There are too many types that crash ActiveSupport JSON serialization,
+        # and not worth the risk just to send this diagnostic object.
+        # In versions < 4.1, ActiveSupport hooks Ruby's JSON.generate so deeply
+        # that there's no workaround.
         'not serialized in ActiveSupport < 4.1'
       elsif configuration.use_async && !configuration.async_json_payload
         # The setting allows serialization to be performed by each handler,
@@ -132,7 +138,7 @@ module Rollbar
       nil
     end
 
-    def handle_too_large_payload(stringified_payload, final_payload, attempts)
+    def handle_too_large_payload(stringified_payload, _final_payload, attempts)
       uuid = stringified_payload['data']['uuid']
       host = stringified_payload['data'].fetch('server', {})['host']
 
@@ -144,17 +150,16 @@ module Rollbar
         :host => host
       }
 
-      notifier.send_failsafe(
-        too_large_payload_string(attempts),
-        nil,
-        original_error
-      )
-      logger.error("[Rollbar] Payload too large to be sent for UUID #{uuid}: #{Rollbar::JSON.dump(payload)}")
+      notifier.send_failsafe(too_large_payload_string(attempts), nil, original_error)
+
+      logger.error('[Rollbar] Payload too large to be sent for UUID ' \
+        "#{uuid}: #{Rollbar::JSON.dump(payload)}")
     end
 
     def too_large_payload_string(attempts)
       'Could not send payload due to it being too large after truncating attempts. ' \
-        "Original size: #{attempts.first} Attempts: #{attempts.join(', ')} Final size: #{attempts.last}"
+        "Original size: #{attempts.first} Attempts: #{attempts.join(', ')} " \
+        "Final size: #{attempts.last}"
     end
 
     def ignored?
@@ -166,6 +171,22 @@ module Rollbar
       configuration.ignored_person_ids.include?(person_id)
     end
 
+    def add_access_token_to_payload(payload)
+      # Some use cases remain where the token is needed in the payload. For example:
+      #
+      # When using async senders, if the access token is changed dynamically in
+      # the main process config, the sender process won't see that change.
+      #
+      # Until the delayed sender interface is changed to allow passing dynamic
+      # config options, this workaround allows the main process to set the token
+      # by adding it to the payload.
+      if configuration && configuration.use_payload_access_token
+        payload['access_token'] ||= configuration.access_token
+      end
+
+      payload
+    end
+
     private
 
     def build_environment
@@ -194,7 +215,8 @@ module Rollbar
       if custom_data_method? && !Rollbar::Util.method_in_stack(:custom_data, __FILE__)
         Util.deep_merge(scrub(custom_data), merged_extra)
       else
-        merged_extra.empty? ? nil : merged_extra # avoid putting an empty {} in the payload.
+        # avoid putting an empty {} in the payload.
+        merged_extra.empty? ? nil : merged_extra
       end
     end
 

data/lib/rollbar/json.rb

@@ -3,7 +3,7 @@ require 'json'
 
 module Rollbar
   module JSON # :nodoc:
-    extend self
+    module_function
 
     attr_writer :options_module
 

data/lib/rollbar/language_support.rb

@@ -10,10 +10,6 @@ module Rollbar
       mod.const_get(target, inherit)
     end
 
-    def ruby_19?
-      version?('1.9')
-    end
-
     def version?(version)
       numbers = version.split('.')
 
@@ -21,8 +17,6 @@ module Rollbar
     end
 
     def timeout_exceptions
-      return [] if ruby_19?
-
       [Net::ReadTimeout, Net::OpenTimeout]
     end
   end

data/lib/rollbar/lazy_store.rb

@@ -1,10 +1,8 @@
 module Rollbar
   class LazyStore
-    attr_reader :loaded_data
+    attr_reader :loaded_data, :raw
     private :loaded_data
 
-    attr_reader :raw
-
     def initialize(initial_data)
       initial_data ||= {}
 
@@ -41,8 +39,6 @@ module Rollbar
       raw[key] = value
 
       loaded_data.delete(key)
-
-      value
     end
 
     def data
@@ -76,8 +72,8 @@ module Rollbar
       super
     end
 
-    def respond_to?(method_sym)
-      super || raw.respond_to?(method_sym)
+    def respond_to_missing?(method_sym, include_all)
+      raw.respond_to?(method_sym, include_all)
     end
   end
 end

data/lib/rollbar/logger.rb

@@ -16,7 +16,9 @@ module Rollbar
   # Rails.logger.extend(ActiveSupport::Logger.broadcast(Rollbar::Logger.new))
   class Logger < ::Logger
     class Error < RuntimeError; end
+
     class DatetimeFormatNotSupported < Error; end
+
     class FormatterNotSupported < Error; end
 
     def initialize

data/lib/rollbar/logger_proxy.rb

@@ -23,7 +23,9 @@ module Rollbar
     end
 
     def log(level, message)
-      return unless Rollbar.configuration.enabled && acceptable_levels.include?(level.to_sym)
+      unless Rollbar.configuration.enabled && acceptable_levels.include?(level.to_sym)
+        return
+      end
 
       @object.send(level, message)
     rescue StandardError

data/lib/rollbar/middleware/js/json_value.rb

@@ -1,8 +1,12 @@
-# Allows a Ruby String to be used to create native Javascript objects
-# when calling JSON#generate.
+# Allows a Ruby String to be used to pass native Javascript objects/functions
+# when calling JSON#generate with a Rollbar::JSON::JsOptionsState instance.
 #
 # Example:
-# JSON.generate({ foo: Rollbar::JSON::Value.new('function(){ alert("bar") }') })
+# JSON.generate(
+#   { foo: Rollbar::JSON::Value.new('function(){ alert("bar") }') },
+#   Rollbar::JSON::JsOptionsState.new
+# )
+#
 # => '{"foo":function(){ alert(\"bar\") }}'
 #
 # MUST use the Ruby JSON encoder, as in the example. The ActiveSupport encoder,
@@ -11,6 +15,8 @@
 #
 module Rollbar
   module JSON
+    class JsOptionsState < ::JSON::State; end
+
     class Value # :nodoc:
       attr_accessor :value
 
@@ -18,8 +24,12 @@ module Rollbar
         @value = value
       end
 
-      def to_json(*_args)
-        value
+      def to_json(opts = {})
+        # Return the raw value if this is from the js middleware
+        return value if opts.class == Rollbar::JSON::JsOptionsState
+
+        # Otherwise convert to a string
+        %Q["#{value}"]
       end
     end
   end

data/lib/rollbar/middleware/js.rb

@@ -10,11 +10,11 @@ module Rollbar
     class Js
       include Rollbar::RequestDataExtractor
 
-      attr_reader :app
-      attr_reader :config
+      attr_reader :app, :config
 
       JS_IS_INJECTED_KEY = 'rollbar.js_is_injected'.freeze
-      SNIPPET = File.read(File.expand_path('../../../../data/rollbar.snippet.js', __FILE__))
+      SNIPPET = File.read(File.expand_path('../../../../data/rollbar.snippet.js',
+                                           __FILE__))
 
       def initialize(app, config)
         @app = app
@@ -30,7 +30,9 @@ module Rollbar
           response_string = add_js(env, app_result[2])
           build_response(env, app_result, response_string)
         rescue StandardError => e
-          Rollbar.log_error("[Rollbar] Rollbar.js could not be added because #{e} exception")
+          Rollbar.log_error(
+            "[Rollbar] Rollbar.js could not be added because #{e} exception"
+          )
 
           app_result
         end
@@ -58,7 +60,8 @@ module Rollbar
       def streaming?(env)
         return false unless defined?(ActionController::Live)
 
-        env['action_controller.instance'].class.included_modules.include?(ActionController::Live)
+        env['action_controller.instance']
+          .class.included_modules.include?(ActionController::Live)
       end
 
       def add_js(env, response)
@@ -72,7 +75,9 @@ module Rollbar
 
         build_body_with_js(env, body, insert_after_idx)
       rescue StandardError => e
-        Rollbar.log_error("[Rollbar] Rollbar.js could not be added because #{e} exception")
+        Rollbar.log_error(
+          "[Rollbar] Rollbar.js could not be added because #{e} exception"
+        )
         nil
       end
 
@@ -82,13 +87,17 @@ module Rollbar
         env[JS_IS_INJECTED_KEY] = true
 
         status, headers, = app_result
-        headers['Content-Length'] = response_string.bytesize.to_s if headers.key?('Content-Length')
+        if headers.key?('Content-Length')
+          headers['Content-Length'] =
+            response_string.bytesize.to_s
+        end
 
         response = ::Rack::Response.new(response_string, status, headers)
 
         finished = response.finish
 
-        # Rack < 2.x Response#finish returns self in array[2]. Rack >= 2.x returns self.body.
+        # Rack < 2.x Response#finish returns self in array[2].
+        # Rack >= 2.x returns self.body.
         # Always return with the response object here regardless of rack version.
         finished[2] = response
         finished
@@ -125,6 +134,7 @@ module Rollbar
 
       def config_js_tag(env)
         require 'json'
+        require 'rollbar/middleware/js/json_value'
 
         js_config = Rollbar::Util.deep_copy(config[:options])
 
@@ -132,7 +142,7 @@ module Rollbar
 
         # MUST use the Ruby JSON encoder (JSON#generate).
         # See lib/rollbar/middleware/js/json_value
-        json = ::JSON.generate(js_config)
+        json = ::JSON.generate(js_config, Rollbar::JSON::JsOptionsState.new)
 
         script_tag("var _rollbarConfig = #{json};", env)
       end
@@ -155,14 +165,12 @@ module Rollbar
       end
 
       def script_tag(content, env)
-        if (nonce = rails5_nonce(env))
-          script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
-        elsif secure_headers_nonce?
-          nonce = ::SecureHeaders.content_security_policy_script_nonce(::Rack::Request.new(env))
-          script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
-        else
-          script_tag_content = "\n<script type=\"text/javascript\">#{content}</script>"
-        end
+        nonce = rails5_nonce(env) || secure_headers_nonce(env)
+        script_tag_content = if nonce
+                               "\n<script nonce=\"#{nonce}\">#{content}</script>"
+                             else
+                               "\n<script>#{content}</script>"
+                             end
 
         html_safe_if_needed(script_tag_content)
       end
@@ -172,34 +180,46 @@ module Rollbar
         string
       end
 
-      # Rails 5.2 Secure Content Policy
+      # Rails 5.2+ Secure Content Policy
       def rails5_nonce(env)
-        # The nonce is the preferred method, however 'unsafe-inline' is also possible.
-        # The app gets to decide, so we handle both. If the script_src key is missing,
-        # Rails will not add the nonce to the headers, so we should not add it either.
-        # If the 'unsafe-inline' value is present, the app should not add a nonce and
-        # we should ignore it if they do.
-        req = ::ActionDispatch::Request.new env
+        req = ::ActionDispatch::Request.new(env)
+
+        # Rails will only return a nonce if the app has set a nonce generator.
+        # So if we get a valid nonce here, we know we should use it.
+        #
+        # Having both 'unsafe-inline' and a nonce is a valid and preferred
+        # browser compatibility configuration.
+        #
+        # If the script_src key is missing, Rails will not add the nonce to the headers,
+        # so we detect this and will not add it in this case.
         req.respond_to?(:content_security_policy) &&
           req.content_security_policy &&
           req.content_security_policy.directives['script-src'] &&
-          !req.content_security_policy.directives['script-src'].include?("'unsafe-inline'") &&
           req.content_security_policy_nonce
       end
 
       # Secure Headers gem
-      def secure_headers_nonce?
-        secure_headers.append_nonce?
+      def secure_headers_nonce(env)
+        req = ::Rack::Request.new(env)
+
+        return unless secure_headers(req).append_nonce?
+
+        ::SecureHeaders.content_security_policy_script_nonce(req)
       end
 
-      def secure_headers
+      def secure_headers(req)
         return SecureHeadersFalse.new unless defined?(::SecureHeaders::Configuration)
 
-        config = ::SecureHeaders::Configuration
+        # If the nonce key has been set, the app is using nonces for this request.
+        # If it hasn't, we shouldn't cause one to be added to script_src, so return now.
+        return SecureHeadersFalse.new unless secure_headers_nonce_key(req)
 
-        secure_headers_cls = nil
+        config = ::SecureHeaders::Configuration
 
-        secure_headers_cls = if !::SecureHeaders.respond_to?(:content_security_policy_script_nonce)
+        has_nonce = ::SecureHeaders.respond_to?(
+          :content_security_policy_script_nonce
+        )
+        secure_headers_cls = if !has_nonce
                                SecureHeadersFalse
                              elsif config.respond_to?(:get)
                                SecureHeaders3To5
@@ -212,6 +232,11 @@ module Rollbar
         secure_headers_cls.new
       end
 
+      def secure_headers_nonce_key(req)
+        defined?(::SecureHeaders::NONCE_KEY) &&
+          req.env[::SecureHeaders::NONCE_KEY]
+      end
+
       class SecureHeadersResolver
         def append_nonce?
           csp_needs_nonce?(find_csp)
@@ -224,16 +249,12 @@ module Rollbar
         end
 
         def csp_needs_nonce?(csp)
-          !opt_out?(csp) && !unsafe_inline?(csp)
+          !opt_out?(csp)
         end
 
         def opt_out?(_csp)
           raise NotImplementedError
         end
-
-        def unsafe_inline?(csp)
-          csp[:script_src].to_a.include?("'unsafe-inline'")
-        end
       end
 
       class SecureHeadersFalse < SecureHeadersResolver
@@ -253,7 +274,8 @@ module Rollbar
           if csp.respond_to?(:opt_out?) && csp.opt_out?
             csp.opt_out?
           # secure_headers csp 3.0.x-3.4.x doesn't respond to 'opt_out?'
-          elsif defined?(::SecureHeaders::OPT_OUT) && ::SecureHeaders::OPT_OUT.is_a?(Symbol)
+          elsif defined?(::SecureHeaders::OPT_OUT) &&
+                ::SecureHeaders::OPT_OUT.is_a?(Symbol)
             csp == ::SecureHeaders::OPT_OUT
           end
         end

data/lib/rollbar/middleware/rack/builder.rb

@@ -14,8 +14,8 @@ module Rollbar
           Rollbar.scoped(fetch_scope(env)) do
             begin
               call_without_rollbar(env)
-            rescue ::Exception => exception
-              report_exception_to_rollbar(env, exception)
+            rescue ::Exception => e # rubocop:disable Lint/RescueException
+              report_exception_to_rollbar(env, e)
               raise
             end
           end
@@ -26,7 +26,7 @@ module Rollbar
             :request => proc { extract_request_data_from_rack(env) },
             :person => person_data_proc(env)
           }
-        rescue Exception => e
+        rescue Exception => e # rubocop:disable Lint/RescueException
           report_exception_to_rollbar(env, e)
           raise
         end

data/lib/rollbar/middleware/rack/test_session.rb

@@ -6,9 +6,9 @@ module Rollbar
 
         def env_for_with_rollbar(path, env)
           env_for_without_rollbar(path, env)
-        rescue Exception => exception
-          report_exception_to_rollbar(env, exception)
-          raise exception
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          report_exception_to_rollbar(env, e)
+          raise e
         end
 
         def self.included(base)

data/lib/rollbar/middleware/rack.rb

@@ -21,7 +21,7 @@ module Rollbar
             response = @app.call(env)
             report_exception_to_rollbar(env, framework_error(env)) if framework_error(env)
             response
-          rescue Exception => e
+          rescue Exception => e # rubocop:disable Lint/RescueException
             report_exception_to_rollbar(env, e)
             raise
           ensure
@@ -35,7 +35,7 @@ module Rollbar
           :request => proc { extract_request_data_from_rack(env) },
           :person => person_data_proc(env)
         }
-      rescue Exception => e
+      rescue Exception => e # rubocop:disable Lint/RescueException
         report_exception_to_rollbar(env, e)
         raise
       end
@@ -44,8 +44,8 @@ module Rollbar
         proc { extract_person_data_from_controller(env) }
       end
 
-      def framework_error(_env)
-        nil
+      def framework_error(env)
+        env['rack.exception']
       end
     end
   end

data/lib/rollbar/middleware/rails/rollbar.rb

@@ -29,8 +29,8 @@ module Rollbar
               end
 
               response
-            rescue Exception => exception
-              report_exception_to_rollbar(env, exception)
+            rescue Exception => e # rubocop:disable Lint/RescueException
+              report_exception_to_rollbar(env, e)
               raise
             ensure
               Rollbar.notifier.disable_locals
@@ -63,7 +63,9 @@ module Rollbar
 
         def person_data_proc(env)
           block = proc { extract_person_data_from_controller(env) }
-          return block unless defined?(ActiveRecord::Base) && ActiveRecord::Base.connected?
+          unless defined?(ActiveRecord::Base) && ActiveRecord::Base.connected?
+            return block
+          end
 
           proc do
             begin
@@ -75,11 +77,12 @@ module Rollbar
         end
 
         def context(request_data)
-          return unless request_data[:params]
-
           route_params = request_data[:params]
+
           # make sure route is a hash built by RequestDataExtractor
-          return route_params[:controller].to_s + '#' + route_params[:action].to_s if route_params.is_a?(Hash) && !route_params.empty?
+          return unless route_params.is_a?(Hash) && !route_params.empty?
+
+          "#{route_params[:controller]}##{route_params[:action]}"
         end
       end
     end

data/lib/rollbar/middleware/rails/show_exceptions.rb

@@ -20,20 +20,24 @@ module Rollbar
 
         def call_with_rollbar(env)
           call_without_rollbar(env)
-        rescue ActionController::RoutingError => exception
+        rescue ActionController::RoutingError => e
           # won't reach here if show_detailed_exceptions is true
           scope = extract_scope_from(env)
 
           Rollbar.scoped(scope) do
-            report_exception_to_rollbar(env, exception)
+            report_exception_to_rollbar(env, e)
           end
 
-          raise exception
+          raise e
         end
 
         def extract_scope_from(env)
           scope = env['rollbar.scope']
-          Rollbar.log_warn('[Rollbar] rollbar.scope key has been removed from Rack env.') unless scope
+          unless scope
+            Rollbar.log_warn(
+              '[Rollbar] rollbar.scope key has been removed from Rack env.'
+            )
+          end
 
           scope || {}
         end

data/lib/rollbar/notifier/trace_with_bindings.rb

@@ -36,7 +36,8 @@ module Rollbar
       def trace_point
         return unless defined?(TracePoint)
 
-        @trace_point ||= TracePoint.new(:call, :return, :b_call, :b_return, :c_call, :c_return, :raise) do |tp|
+        @trace_point ||= TracePoint.new(:call, :return, :b_call, :b_return, :c_call,
+                                        :c_return, :raise) do |tp|
           case tp.event
           when :call, :b_call, :c_call, :class
             frames.push frame(tp)
@@ -44,7 +45,8 @@ module Rollbar
             frames.pop
           when :raise
             unless detect_reraise(tp) # ignore reraised exceptions
-              @exception_frames = @frames.dup # may be possible to optimize better than #dup
+              # may be possible to optimize better than #dup
+              @exception_frames = @frames.dup
               @exception_signature = exception_signature(tp)
             end
           end
@@ -53,13 +55,21 @@ module Rollbar
 
       def frame(trace)
         {
-          :binding => trace.binding,
+          :binding => binding(trace),
           :defined_class => trace.defined_class,
           :method_id => trace.method_id,
           :path => trace.path,
           :lineno => trace.lineno
         }
       end
+
+      def binding(trace)
+        trace.binding
+      rescue StandardError
+        # Ruby internals will raise if we're on a Fiber,
+        # since bindings aren't valid on Fibers.
+        nil
+      end
     end
   end
 end