rollbar 3.0.1 → 3.2.0

data/gemfiles/rails50.gemfile

@@ -2,18 +2,12 @@ require 'rubygems/version'
 
 source 'https://rubygems.org'
 
-# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
-# new process is created during tests. (Testing rake tasks, for example.)
-# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
-# We use the ||= assignment because Travis loads the gemfile twice, the second time
-# with the wrong gemfile path.
-ENV['CURRENT_GEMFILE'] ||= __FILE__
-
 is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
 
-gem 'appraisal'
 gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
 gem 'jruby-openssl', :platform => :jruby
+gem 'net-ssh', '<= 3.1.1'
+gem 'public_suffix', '<= 3.1.1'
 gem 'rails', '~> 5.0.7'
 gem 'sqlite3', '< 1.4.0', :platform => [:ruby, :mswin, :mingw]
 
@@ -31,13 +25,13 @@ platforms :rbx do
   gem 'minitest'
   gem 'racc'
   gem 'rubinius-developer_tools'
-  gem 'rubysl', '~> 2.0' unless RUBY_VERSION.start_with?('1')
+  gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
 end
 
 gem 'capistrano', :require => false
 gem 'sucker_punch', '~> 2.0'
 gem 'codacy-coverage'
-gem 'simplecov'
+gem 'simplecov', '<= 0.17.1'
 
 if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3')
   gem 'rack', '2.1.2'
@@ -45,12 +39,13 @@ end
 
 # We need last sinatra that uses rack 2.1.x
 gem 'sinatra', :git => 'https://github.com/sinatra/sinatra', :tag => 'v2.0.8'
-gem 'database_cleaner'
+gem 'database_cleaner', '~> 1.8.4'
 gem 'delayed_job', :require => false
 gem 'generator_spec'
 gem 'girl_friday', '>= 0.11.1'
-gem 'redis'
+gem 'redis', '<= 3.3.5'
 gem 'resque'
+gem 'secure_headers', '~> 6.3.2', :require => false
 
 unless is_jruby
   # JRuby doesn't support fork, which is required for this test helper.

data/gemfiles/rails51.gemfile

@@ -2,18 +2,12 @@ require 'rubygems/version'
 
 source 'https://rubygems.org'
 
-# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
-# new process is created during tests. (Testing rake tasks, for example.)
-# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
-# We use the ||= assignment because Travis loads the gemfile twice, the second time
-# with the wrong gemfile path.
-ENV['CURRENT_GEMFILE'] ||= __FILE__
-
 is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
 
-gem 'appraisal'
 gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
 gem 'jruby-openssl', :platform => :jruby
+gem 'net-ssh', '<= 3.1.1'
+gem 'public_suffix', '<= 3.1.1'
 gem 'rails', '~> 5.1.7'
 gem 'sqlite3', '< 1.4.0', :platform => [:ruby, :mswin, :mingw]
 
@@ -31,13 +25,13 @@ platforms :rbx do
   gem 'minitest'
   gem 'racc'
   gem 'rubinius-developer_tools'
-  gem 'rubysl', '~> 2.0' unless RUBY_VERSION.start_with?('1')
+  gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
 end
 
 gem 'capistrano', :require => false
 gem 'sucker_punch', '~> 2.0'
 gem 'codacy-coverage'
-gem 'simplecov'
+gem 'simplecov', '<= 0.17.1'
 
 if Gem::Version.new(RUBY_VERSION) < Gem::Version.new('2.3')
   gem 'rack', '2.1.2'
@@ -46,12 +40,13 @@ end
 # We need last sinatra that uses rack 2.1.x
 gem 'sinatra', :git => 'https://github.com/sinatra/sinatra', :tag => 'v2.0.8'
 
-gem 'database_cleaner'
+gem 'database_cleaner', '~> 1.8.4'
 gem 'delayed_job', :require => false
 gem 'generator_spec'
 gem 'girl_friday', '>= 0.11.1'
-gem 'redis'
+gem 'redis', '<= 3.3.5'
 gem 'resque'
+gem 'secure_headers', '~> 6.3.2', :require => false
 
 unless is_jruby
   # JRuby doesn't support fork, which is required for this test helper.

data/gemfiles/rails52.gemfile

@@ -2,16 +2,8 @@ require 'rubygems/version'
 
 source 'https://rubygems.org'
 
-# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
-# new process is created during tests. (Testing rake tasks, for example.)
-# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
-# We use the ||= assignment because Travis loads the gemfile twice, the second time
-# with the wrong gemfile path.
-ENV['CURRENT_GEMFILE'] ||= __FILE__
-
 is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
 
-gem 'appraisal'
 gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
 gem 'jruby-openssl', :platform => :jruby
 gem 'rails', '~> 5.2.3'
@@ -31,7 +23,7 @@ platforms :rbx do
   gem 'minitest'
   gem 'racc'
   gem 'rubinius-developer_tools'
-  gem 'rubysl', '~> 2.0' unless RUBY_VERSION.start_with?('1')
+  gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
 end
 
 gem 'sucker_punch', '~> 2.0'
@@ -46,7 +38,8 @@ gem 'generator_spec'
 gem 'girl_friday', '>= 0.11.1'
 gem 'redis'
 gem 'resque'
-gem 'simplecov'
+gem 'secure_headers', '~> 6.3.2', :require => false
+gem 'simplecov', '<= 0.17.1'
 
 unless is_jruby
   # JRuby doesn't support fork, which is required for this test helper.

data/gemfiles/rails60.gemfile

@@ -3,27 +3,14 @@ require 'rubygems/version'
 
 source 'https://rubygems.org'
 
-# Used by spec/commands/rollbar_rails_runner_spec, and can be used whenever a
-# new process is created during tests. (Testing rake tasks, for example.)
-# This is a workaround for ENV['BUNDLE_GEMFILE'] not working as expected on Travis.
-# We use the ||= assignment because Travis loads the gemfile twice, the second time
-# with the wrong gemfile path.
-ENV['CURRENT_GEMFILE'] ||= __FILE__
-
 is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
 
-gem 'appraisal'
 gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
 gem 'jruby-openssl', :platform => :jruby
-gem 'rails', '6.0.2.1'
+gem 'rails', '~> 6.0.2'
 gem 'sqlite3', '~> 1.4', :platform => [:ruby, :mswin, :mingw]
 
-gem 'rspec-core', '~> 3.8.0'
-gem 'rspec-support', '~> 3.8.0'
-gem 'rspec-expectations', '~> 3.8.0'
-gem 'rspec-mocks', '~> 3.8.0'
-# TODO: update this when 4.x becomes available on Rubygems
-gem 'rspec-rails', :git => 'https://github.com/rspec/rspec-rails', :ref => 'v4.0.0.beta2' # rubocop:disable Bundler/DuplicatedGem
+gem 'rspec-rails', '~> 4.0.2'
 
 gem 'rake'
 
@@ -33,7 +20,7 @@ platforms :rbx do
   gem 'minitest'
   gem 'racc'
   gem 'rubinius-developer_tools'
-  gem 'rubysl', '~> 2.0' unless RUBY_VERSION.start_with?('1')
+  gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
 end
 
 gem 'sucker_punch', '~> 2.0'
@@ -43,11 +30,12 @@ gem 'sinatra', :git => 'https://github.com/sinatra/sinatra'
 
 gem 'database_cleaner'
 gem 'codacy-coverage'
-gem 'delayed_job', '4.1.8.beta1', :require => false
+gem 'delayed_job', '4.1.9', :require => false
 gem 'generator_spec'
 gem 'girl_friday', '>= 0.11.1'
 gem 'redis'
 gem 'resque'
+gem 'secure_headers', '~> 6.3.2', :require => false
 gem 'simplecov'
 
 unless is_jruby

data/gemfiles/rails61.gemfile

@@ -0,0 +1,54 @@
+require 'rubygems/version'
+
+source 'https://rubygems.org'
+
+is_jruby = defined?(JRUBY_VERSION) || (defined?(RUBY_ENGINE) && 'jruby' == RUBY_ENGINE)
+
+gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
+gem 'jruby-openssl', :platform => :jruby
+gem 'rails', '~> 6.1.3'
+gem 'sqlite3', '~> 1.4', :platform => [:ruby, :mswin, :mingw]
+
+gem 'rspec-rails', '~> 4.0.2'
+
+gem 'rake'
+
+gem 'sidekiq', '>= 2.13.0'
+
+platforms :rbx do
+  gem 'minitest'
+  gem 'racc'
+  gem 'rubinius-developer_tools'
+  gem 'rubysl', '~> 2.0' if RUBY_VERSION.start_with?('2') # rubysl doesn't yet support Ruby 3.x
+end
+
+gem 'sucker_punch', '~> 2.0'
+
+# We need last sinatra that uses rack 2.x
+gem 'sinatra', :git => 'https://github.com/sinatra/sinatra'
+
+gem 'database_cleaner'
+gem 'codacy-coverage'
+gem 'delayed_job', '4.1.9', :require => false
+gem 'generator_spec'
+gem 'girl_friday', '>= 0.11.1'
+gem 'redis'
+gem 'resque'
+gem 'secure_headers', '~> 6.3.2', :require => false
+gem 'simplecov'
+
+unless is_jruby
+  # JRuby doesn't support fork, which is required for this test helper.
+  gem 'rspec-command'
+end
+
+gem 'mime-types'
+
+gem 'webmock', :require => false
+
+gem 'aws-sdk-sqs'
+gem 'shoryuken'
+
+gem 'capistrano', :require => false
+
+gemspec :path => '../'

data/lib/rollbar/capistrano_tasks.rb

@@ -16,7 +16,9 @@ module Rollbar
             if result[:success] && (deploy_id = result[:data] && result[:data][:deploy_id])
               capistrano.set :rollbar_deploy_id, deploy_id
             else
-              logger.error 'Unable to report deploy to Rollbar' + (result[:message] ? ': ' + result[:message] : '')
+              message = format_message('Unable to report deploy to Rollbar',
+                                       result[:message])
+              log_error(logger, message)
             end
           end
         end
@@ -42,7 +44,7 @@ module Rollbar
         yield
 
       rescue StandardError => e
-        logger.error "Error reporting to Rollbar: #{e.inspect}"
+        log_error logger, "Error reporting to Rollbar: #{e.inspect}"
       end
 
       def deploy_update(capistrano, logger, dry_run, opts = {})
@@ -56,7 +58,9 @@ module Rollbar
               if result[:success]
                 logger.info 'Updated deploy status in Rollbar'
               else
-                logger.error 'Unable to update deploy status in Rollbar' + (result[:message] ? ': ' + result[:message] : '')
+                message = format_message('Unable to update deploy status in Rollbar',
+                                         result[:message])
+                log_error(logger, message)
               end
             end
           end
@@ -117,7 +121,7 @@ module Rollbar
         if capistrano.fetch(:rollbar_deploy_id)
           yield
         else
-          logger.error 'Failed to update the deploy in Rollbar. No deploy id available.'
+          log_error logger, 'Failed to update the deploy in Rollbar. No deploy id available.'
         end
       end
 
@@ -134,6 +138,20 @@ module Rollbar
         logger.debug result[:request_info]
         logger.debug result[:response_info] if result[:response_info]
       end
+
+      def format_message(*args)
+        args.compact.join(': ')
+      end
+
+      def log_error(logger, message)
+        # Capistrano 2.x doesn't have the #error method,
+        # so we use #important if #error isn't present
+        if logger.respond_to?(:error)
+          logger.error message
+        elsif logger.respond_to?(:important)
+          logger.important message
+        end
+      end
     end
   end
 end

data/lib/rollbar/configuration.rb

@@ -55,6 +55,7 @@ module Rollbar
     attr_accessor :uncaught_exception_level
     attr_accessor :scrub_headers
     attr_accessor :sidekiq_threshold
+    attr_accessor :sidekiq_use_scoped_block
     attr_reader :transform
     attr_accessor :verify_ssl_peer
     attr_accessor :use_async
@@ -75,6 +76,7 @@ module Rollbar
     attr_accessor :files_processed_enabled
     attr_accessor :files_processed_duration # seconds
     attr_accessor :files_processed_size # bytes
+    attr_accessor :use_payload_access_token
 
     attr_reader :project_gem_paths
     attr_accessor :configured_options
@@ -138,6 +140,7 @@ module Rollbar
       @uncaught_exception_level = 'error'
       @scrub_headers = ['Authorization']
       @sidekiq_threshold = 0
+      @sidekiq_use_scoped_block = false
       @safely = false
       @transform = []
       @use_async = false
@@ -167,6 +170,7 @@ module Rollbar
       @files_processed_enabled = false
       @files_processed_duration = 60
       @files_processed_size = 5 * 1000 * 1000
+      @use_payload_access_token = false
 
       @configured_options = ConfiguredOptions.new(self)
     end

data/lib/rollbar/item.rb

@@ -40,7 +40,7 @@ module Rollbar
     class << self
       def build_with(payload, options = {})
         new(options).tap do |item|
-          item.payload = payload
+          item.payload = item.add_access_token_to_payload(payload)
         end
       end
     end
@@ -64,9 +64,7 @@ module Rollbar
 
     def build
       data = build_data
-      self.payload = {
-        'data' => data
-      }
+      self.payload = add_access_token_to_payload({'data' => data})
 
       enforce_valid_utf8
       transform
@@ -166,6 +164,21 @@ module Rollbar
       configuration.ignored_person_ids.include?(person_id)
     end
 
+    def add_access_token_to_payload(payload)
+      # Some use cases remain where the token is needed in the payload. For example:
+      #
+      # When using async senders, if the access token is changed dynamically in
+      # the main process config, the sender process won't see that change.
+      #
+      # Until the delayed sender interface is changed to allow passing dynamic config options,
+      # this workaround allows the main process to set the token by adding it to the payload.
+      if (configuration && configuration.use_payload_access_token)
+        payload['access_token'] ||= configuration.access_token
+      end
+
+      payload
+    end
+
     private
 
     def build_environment

data/lib/rollbar/item/locals.rb

@@ -1,4 +1,3 @@
-require 'rollbar/notifier'
 require 'rollbar/scrubbers/params'
 require 'rollbar/util'
 

data/lib/rollbar/lazy_store.rb

@@ -41,8 +41,6 @@ module Rollbar
       raw[key] = value
 
       loaded_data.delete(key)
-
-      value
     end
 
     def data
@@ -76,8 +74,8 @@ module Rollbar
       super
     end
 
-    def respond_to?(method_sym)
-      super || raw.respond_to?(method_sym)
+    def respond_to_missing?(method_sym, include_all)
+      raw.respond_to?(method_sym, include_all)
     end
   end
 end

data/lib/rollbar/middleware/js.rb

@@ -157,8 +157,7 @@ module Rollbar
       def script_tag(content, env)
         if (nonce = rails5_nonce(env))
           script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
-        elsif secure_headers_nonce?
-          nonce = ::SecureHeaders.content_security_policy_script_nonce(::Rack::Request.new(env))
+        elsif (nonce = secure_headers_nonce(env))
           script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
         else
           script_tag_content = "\n<script type=\"text/javascript\">#{content}</script>"
@@ -172,29 +171,40 @@ module Rollbar
         string
       end
 
-      # Rails 5.2 Secure Content Policy
+      # Rails 5.2+ Secure Content Policy
       def rails5_nonce(env)
-        # The nonce is the preferred method, however 'unsafe-inline' is also possible.
-        # The app gets to decide, so we handle both. If the script_src key is missing,
-        # Rails will not add the nonce to the headers, so we should not add it either.
-        # If the 'unsafe-inline' value is present, the app should not add a nonce and
-        # we should ignore it if they do.
-        req = ::ActionDispatch::Request.new env
+        req = ::ActionDispatch::Request.new(env)
+
+        # Rails will only return a nonce if the app has set a nonce generator.
+        # So if we get a valid nonce here, we know we should use it.
+        #
+        # Having both 'unsafe-inline' and a nonce is a valid and preferred
+        # browser compatibility configuration.
+        #
+        # If the script_src key is missing, Rails will not add the nonce to the headers,
+        # so we detect this and will not add it in this case.
         req.respond_to?(:content_security_policy) &&
           req.content_security_policy &&
           req.content_security_policy.directives['script-src'] &&
-          !req.content_security_policy.directives['script-src'].include?("'unsafe-inline'") &&
           req.content_security_policy_nonce
       end
 
       # Secure Headers gem
-      def secure_headers_nonce?
-        secure_headers.append_nonce?
+      def secure_headers_nonce(env)
+        req = ::Rack::Request.new(env)
+
+        return unless secure_headers(req).append_nonce?
+
+        ::SecureHeaders.content_security_policy_script_nonce(req)
       end
 
-      def secure_headers
+      def secure_headers(req)
         return SecureHeadersFalse.new unless defined?(::SecureHeaders::Configuration)
 
+        # If the nonce key has been set, the app is using nonces for this request.
+        # If it hasn't, we shouldn't cause one to be added to script_src, so return now.
+        return SecureHeadersFalse.new unless secure_headers_nonce_key(req)
+
         config = ::SecureHeaders::Configuration
 
         secure_headers_cls = nil
@@ -212,6 +222,10 @@ module Rollbar
         secure_headers_cls.new
       end
 
+      def secure_headers_nonce_key(req)
+        defined?(::SecureHeaders::NONCE_KEY) && req.env[::SecureHeaders::NONCE_KEY]
+      end
+
       class SecureHeadersResolver
         def append_nonce?
           csp_needs_nonce?(find_csp)
@@ -224,16 +238,12 @@ module Rollbar
         end
 
         def csp_needs_nonce?(csp)
-          !opt_out?(csp) && !unsafe_inline?(csp)
+          !opt_out?(csp)
         end
 
         def opt_out?(_csp)
           raise NotImplementedError
         end
-
-        def unsafe_inline?(csp)
-          csp[:script_src].to_a.include?("'unsafe-inline'")
-        end
       end
 
       class SecureHeadersFalse < SecureHeadersResolver