rollbar 3.1.0 → 3.3.0

data/lib/rollbar/item.rb

@@ -23,17 +23,8 @@ module Rollbar
 
     attr_writer :payload
 
-    attr_reader :level
-    attr_reader :message
-    attr_reader :exception
-    attr_reader :extra
-
-    attr_reader :configuration
-    attr_reader :scope
-    attr_reader :logger
-    attr_reader :notifier
-
-    attr_reader :context
+    attr_reader :level, :message, :exception, :extra, :configuration, :scope, :logger,
+                :notifier, :context
 
     def_delegators :payload, :[]
 
@@ -64,7 +55,7 @@ module Rollbar
 
     def build
       data = build_data
-      self.payload = add_access_token_to_payload({'data' => data})
+      self.payload = add_access_token_to_payload({ 'data' => data })
 
       enforce_valid_utf8
       transform
@@ -72,7 +63,22 @@ module Rollbar
     end
 
     def build_data
-      data = {
+      data = initial_data
+
+      build_optional_data(data)
+
+      Util.deep_merge(data, configuration.payload_options)
+      Util.deep_merge(data, scope)
+
+      # Our API doesn't allow null context values, so just delete
+      # the key if value is nil.
+      data.delete(:context) unless data[:context]
+
+      data
+    end
+
+    def initial_data
+      {
         :timestamp => Time.now.to_i,
         :environment => build_environment,
         :level => level,
@@ -86,25 +92,27 @@ module Rollbar
         },
         :body => build_body
       }
-      data[:project_package_paths] = configuration.project_gem_paths if configuration.project_gem_paths.any?
-      data[:code_version] = configuration.code_version if configuration.code_version
-      data[:uuid] = SecureRandom.uuid if defined?(SecureRandom) && SecureRandom.respond_to?(:uuid)
+    end
 
-      Util.deep_merge(data, configuration.payload_options)
-      Util.deep_merge(data, scope)
+    def build_optional_data(data)
+      if configuration.project_gem_paths.any?
+        data[:project_package_paths] = configuration.project_gem_paths
+      end
 
-      # Our API doesn't allow null context values, so just delete
-      # the key if value is nil.
-      data.delete(:context) unless data[:context]
+      data[:code_version] = configuration.code_version if configuration.code_version
 
-      data
+      return unless defined?(SecureRandom) && SecureRandom.respond_to?(:uuid)
+
+      data[:uuid] = SecureRandom.uuid
     end
 
     def configured_options
-      if Gem.loaded_specs['activesupport'] && Gem.loaded_specs['activesupport'].version < Gem::Version.new('4.1')
-        # There are too many types that crash ActiveSupport JSON serialization, and not worth
-        # the risk just to send this diagnostic object. In versions < 4.1, ActiveSupport hooks
-        # Ruby's JSON.generate so deeply there's no workaround.
+      if Gem.loaded_specs['activesupport'] &&
+         Gem.loaded_specs['activesupport'].version < Gem::Version.new('4.1')
+        # There are too many types that crash ActiveSupport JSON serialization,
+        # and not worth the risk just to send this diagnostic object.
+        # In versions < 4.1, ActiveSupport hooks Ruby's JSON.generate so deeply
+        # that there's no workaround.
         'not serialized in ActiveSupport < 4.1'
       elsif configuration.use_async && !configuration.async_json_payload
         # The setting allows serialization to be performed by each handler,
@@ -130,7 +138,7 @@ module Rollbar
       nil
     end
 
-    def handle_too_large_payload(stringified_payload, final_payload, attempts)
+    def handle_too_large_payload(stringified_payload, _final_payload, attempts)
       uuid = stringified_payload['data']['uuid']
       host = stringified_payload['data'].fetch('server', {})['host']
 
@@ -142,17 +150,16 @@ module Rollbar
         :host => host
       }
 
-      notifier.send_failsafe(
-        too_large_payload_string(attempts),
-        nil,
-        original_error
-      )
-      logger.error("[Rollbar] Payload too large to be sent for UUID #{uuid}: #{Rollbar::JSON.dump(payload)}")
+      notifier.send_failsafe(too_large_payload_string(attempts), nil, original_error)
+
+      logger.error('[Rollbar] Payload too large to be sent for UUID ' \
+        "#{uuid}: #{Rollbar::JSON.dump(payload)}")
     end
 
     def too_large_payload_string(attempts)
       'Could not send payload due to it being too large after truncating attempts. ' \
-        "Original size: #{attempts.first} Attempts: #{attempts.join(', ')} Final size: #{attempts.last}"
+        "Original size: #{attempts.first} Attempts: #{attempts.join(', ')} " \
+        "Final size: #{attempts.last}"
     end
 
     def ignored?
@@ -170,10 +177,11 @@ module Rollbar
       # When using async senders, if the access token is changed dynamically in
       # the main process config, the sender process won't see that change.
       #
-      # Until the delayed sender interface is changed to allow passing dynamic config options,
-      # this workaround allows the main process to set the token by adding it to the payload.
-      if (configuration && configuration.use_payload_access_token)
-        payload['access_token'] = configuration.access_token
+      # Until the delayed sender interface is changed to allow passing dynamic
+      # config options, this workaround allows the main process to set the token
+      # by adding it to the payload.
+      if configuration && configuration.use_payload_access_token
+        payload['access_token'] ||= configuration.access_token
       end
 
       payload
@@ -207,7 +215,8 @@ module Rollbar
       if custom_data_method? && !Rollbar::Util.method_in_stack(:custom_data, __FILE__)
         Util.deep_merge(scrub(custom_data), merged_extra)
       else
-        merged_extra.empty? ? nil : merged_extra # avoid putting an empty {} in the payload.
+        # avoid putting an empty {} in the payload.
+        merged_extra.empty? ? nil : merged_extra
       end
     end
 

data/lib/rollbar/json.rb

@@ -3,7 +3,7 @@ require 'json'
 
 module Rollbar
   module JSON # :nodoc:
-    extend self
+    module_function
 
     attr_writer :options_module
 

data/lib/rollbar/lazy_store.rb

@@ -1,10 +1,8 @@
 module Rollbar
   class LazyStore
-    attr_reader :loaded_data
+    attr_reader :loaded_data, :raw
     private :loaded_data
 
-    attr_reader :raw
-
     def initialize(initial_data)
       initial_data ||= {}
 

data/lib/rollbar/logger.rb

@@ -16,7 +16,9 @@ module Rollbar
   # Rails.logger.extend(ActiveSupport::Logger.broadcast(Rollbar::Logger.new))
   class Logger < ::Logger
     class Error < RuntimeError; end
+
     class DatetimeFormatNotSupported < Error; end
+
     class FormatterNotSupported < Error; end
 
     def initialize

data/lib/rollbar/logger_proxy.rb

@@ -23,7 +23,9 @@ module Rollbar
     end
 
     def log(level, message)
-      return unless Rollbar.configuration.enabled && acceptable_levels.include?(level.to_sym)
+      unless Rollbar.configuration.enabled && acceptable_levels.include?(level.to_sym)
+        return
+      end
 
       @object.send(level, message)
     rescue StandardError

data/lib/rollbar/middleware/js.rb

@@ -10,11 +10,11 @@ module Rollbar
     class Js
       include Rollbar::RequestDataExtractor
 
-      attr_reader :app
-      attr_reader :config
+      attr_reader :app, :config
 
       JS_IS_INJECTED_KEY = 'rollbar.js_is_injected'.freeze
-      SNIPPET = File.read(File.expand_path('../../../../data/rollbar.snippet.js', __FILE__))
+      SNIPPET = File.read(File.expand_path('../../../../data/rollbar.snippet.js',
+                                           __FILE__))
 
       def initialize(app, config)
         @app = app
@@ -30,7 +30,9 @@ module Rollbar
           response_string = add_js(env, app_result[2])
           build_response(env, app_result, response_string)
         rescue StandardError => e
-          Rollbar.log_error("[Rollbar] Rollbar.js could not be added because #{e} exception")
+          Rollbar.log_error(
+            "[Rollbar] Rollbar.js could not be added because #{e} exception"
+          )
 
           app_result
         end
@@ -58,7 +60,8 @@ module Rollbar
       def streaming?(env)
         return false unless defined?(ActionController::Live)
 
-        env['action_controller.instance'].class.included_modules.include?(ActionController::Live)
+        env['action_controller.instance']
+          .class.included_modules.include?(ActionController::Live)
       end
 
       def add_js(env, response)
@@ -72,7 +75,9 @@ module Rollbar
 
         build_body_with_js(env, body, insert_after_idx)
       rescue StandardError => e
-        Rollbar.log_error("[Rollbar] Rollbar.js could not be added because #{e} exception")
+        Rollbar.log_error(
+          "[Rollbar] Rollbar.js could not be added because #{e} exception"
+        )
         nil
       end
 
@@ -82,13 +87,17 @@ module Rollbar
         env[JS_IS_INJECTED_KEY] = true
 
         status, headers, = app_result
-        headers['Content-Length'] = response_string.bytesize.to_s if headers.key?('Content-Length')
+        if headers.key?('Content-Length')
+          headers['Content-Length'] =
+            response_string.bytesize.to_s
+        end
 
         response = ::Rack::Response.new(response_string, status, headers)
 
         finished = response.finish
 
-        # Rack < 2.x Response#finish returns self in array[2]. Rack >= 2.x returns self.body.
+        # Rack < 2.x Response#finish returns self in array[2].
+        # Rack >= 2.x returns self.body.
         # Always return with the response object here regardless of rack version.
         finished[2] = response
         finished
@@ -155,14 +164,13 @@ module Rollbar
       end
 
       def script_tag(content, env)
-        if (nonce = rails5_nonce(env))
-          script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
-        elsif secure_headers_nonce?
-          nonce = ::SecureHeaders.content_security_policy_script_nonce(::Rack::Request.new(env))
-          script_tag_content = "\n<script type=\"text/javascript\" nonce=\"#{nonce}\">#{content}</script>"
-        else
-          script_tag_content = "\n<script type=\"text/javascript\">#{content}</script>"
-        end
+        nonce = rails5_nonce(env) || secure_headers_nonce(env)
+        script_tag_content = if nonce
+                               "\n<script type=\"text/javascript\" " \
+                                 "nonce=\"#{nonce}\">#{content}</script>"
+                             else
+                               "\n<script type=\"text/javascript\">#{content}</script>"
+                             end
 
         html_safe_if_needed(script_tag_content)
       end
@@ -172,34 +180,46 @@ module Rollbar
         string
       end
 
-      # Rails 5.2 Secure Content Policy
+      # Rails 5.2+ Secure Content Policy
       def rails5_nonce(env)
-        # The nonce is the preferred method, however 'unsafe-inline' is also possible.
-        # The app gets to decide, so we handle both. If the script_src key is missing,
-        # Rails will not add the nonce to the headers, so we should not add it either.
-        # If the 'unsafe-inline' value is present, the app should not add a nonce and
-        # we should ignore it if they do.
-        req = ::ActionDispatch::Request.new env
+        req = ::ActionDispatch::Request.new(env)
+
+        # Rails will only return a nonce if the app has set a nonce generator.
+        # So if we get a valid nonce here, we know we should use it.
+        #
+        # Having both 'unsafe-inline' and a nonce is a valid and preferred
+        # browser compatibility configuration.
+        #
+        # If the script_src key is missing, Rails will not add the nonce to the headers,
+        # so we detect this and will not add it in this case.
         req.respond_to?(:content_security_policy) &&
           req.content_security_policy &&
           req.content_security_policy.directives['script-src'] &&
-          !req.content_security_policy.directives['script-src'].include?("'unsafe-inline'") &&
           req.content_security_policy_nonce
       end
 
       # Secure Headers gem
-      def secure_headers_nonce?
-        secure_headers.append_nonce?
+      def secure_headers_nonce(env)
+        req = ::Rack::Request.new(env)
+
+        return unless secure_headers(req).append_nonce?
+
+        ::SecureHeaders.content_security_policy_script_nonce(req)
       end
 
-      def secure_headers
+      def secure_headers(req)
         return SecureHeadersFalse.new unless defined?(::SecureHeaders::Configuration)
 
-        config = ::SecureHeaders::Configuration
+        # If the nonce key has been set, the app is using nonces for this request.
+        # If it hasn't, we shouldn't cause one to be added to script_src, so return now.
+        return SecureHeadersFalse.new unless secure_headers_nonce_key(req)
 
-        secure_headers_cls = nil
+        config = ::SecureHeaders::Configuration
 
-        secure_headers_cls = if !::SecureHeaders.respond_to?(:content_security_policy_script_nonce)
+        has_nonce = ::SecureHeaders.respond_to?(
+          :content_security_policy_script_nonce
+        )
+        secure_headers_cls = if !has_nonce
                                SecureHeadersFalse
                              elsif config.respond_to?(:get)
                                SecureHeaders3To5
@@ -212,6 +232,11 @@ module Rollbar
         secure_headers_cls.new
       end
 
+      def secure_headers_nonce_key(req)
+        defined?(::SecureHeaders::NONCE_KEY) &&
+          req.env[::SecureHeaders::NONCE_KEY]
+      end
+
       class SecureHeadersResolver
         def append_nonce?
           csp_needs_nonce?(find_csp)
@@ -224,16 +249,12 @@ module Rollbar
         end
 
         def csp_needs_nonce?(csp)
-          !opt_out?(csp) && !unsafe_inline?(csp)
+          !opt_out?(csp)
         end
 
         def opt_out?(_csp)
           raise NotImplementedError
         end
-
-        def unsafe_inline?(csp)
-          csp[:script_src].to_a.include?("'unsafe-inline'")
-        end
       end
 
       class SecureHeadersFalse < SecureHeadersResolver
@@ -253,7 +274,8 @@ module Rollbar
           if csp.respond_to?(:opt_out?) && csp.opt_out?
             csp.opt_out?
           # secure_headers csp 3.0.x-3.4.x doesn't respond to 'opt_out?'
-          elsif defined?(::SecureHeaders::OPT_OUT) && ::SecureHeaders::OPT_OUT.is_a?(Symbol)
+          elsif defined?(::SecureHeaders::OPT_OUT) &&
+                ::SecureHeaders::OPT_OUT.is_a?(Symbol)
             csp == ::SecureHeaders::OPT_OUT
           end
         end

data/lib/rollbar/middleware/rack/builder.rb

@@ -14,8 +14,8 @@ module Rollbar
           Rollbar.scoped(fetch_scope(env)) do
             begin
               call_without_rollbar(env)
-            rescue ::Exception => exception
-              report_exception_to_rollbar(env, exception)
+            rescue ::Exception => e # rubocop:disable Lint/RescueException
+              report_exception_to_rollbar(env, e)
               raise
             end
           end
@@ -26,7 +26,7 @@ module Rollbar
             :request => proc { extract_request_data_from_rack(env) },
             :person => person_data_proc(env)
           }
-        rescue Exception => e
+        rescue Exception => e # rubocop:disable Lint/RescueException
           report_exception_to_rollbar(env, e)
           raise
         end

data/lib/rollbar/middleware/rack/test_session.rb

@@ -6,9 +6,9 @@ module Rollbar
 
         def env_for_with_rollbar(path, env)
           env_for_without_rollbar(path, env)
-        rescue Exception => exception
-          report_exception_to_rollbar(env, exception)
-          raise exception
+        rescue Exception => e # rubocop:disable Lint/RescueException
+          report_exception_to_rollbar(env, e)
+          raise e
         end
 
         def self.included(base)

data/lib/rollbar/middleware/rack.rb

@@ -21,7 +21,7 @@ module Rollbar
             response = @app.call(env)
             report_exception_to_rollbar(env, framework_error(env)) if framework_error(env)
             response
-          rescue Exception => e
+          rescue Exception => e # rubocop:disable Lint/RescueException
             report_exception_to_rollbar(env, e)
             raise
           ensure
@@ -35,7 +35,7 @@ module Rollbar
           :request => proc { extract_request_data_from_rack(env) },
           :person => person_data_proc(env)
         }
-      rescue Exception => e
+      rescue Exception => e # rubocop:disable Lint/RescueException
         report_exception_to_rollbar(env, e)
         raise
       end
@@ -44,8 +44,8 @@ module Rollbar
         proc { extract_person_data_from_controller(env) }
       end
 
-      def framework_error(_env)
-        nil
+      def framework_error(env)
+        env['rack.exception']
       end
     end
   end

data/lib/rollbar/middleware/rails/rollbar.rb

@@ -29,8 +29,8 @@ module Rollbar
               end
 
               response
-            rescue Exception => exception
-              report_exception_to_rollbar(env, exception)
+            rescue Exception => e # rubocop:disable Lint/RescueException
+              report_exception_to_rollbar(env, e)
               raise
             ensure
               Rollbar.notifier.disable_locals
@@ -63,7 +63,9 @@ module Rollbar
 
         def person_data_proc(env)
           block = proc { extract_person_data_from_controller(env) }
-          return block unless defined?(ActiveRecord::Base) && ActiveRecord::Base.connected?
+          unless defined?(ActiveRecord::Base) && ActiveRecord::Base.connected?
+            return block
+          end
 
           proc do
             begin
@@ -75,11 +77,12 @@ module Rollbar
         end
 
         def context(request_data)
-          return unless request_data[:params]
-
           route_params = request_data[:params]
+
           # make sure route is a hash built by RequestDataExtractor
-          return route_params[:controller].to_s + '#' + route_params[:action].to_s if route_params.is_a?(Hash) && !route_params.empty?
+          return unless route_params.is_a?(Hash) && !route_params.empty?
+
+          "#{route_params[:controller]}##{route_params[:action]}"
         end
       end
     end

data/lib/rollbar/middleware/rails/show_exceptions.rb

@@ -20,20 +20,24 @@ module Rollbar
 
         def call_with_rollbar(env)
           call_without_rollbar(env)
-        rescue ActionController::RoutingError => exception
+        rescue ActionController::RoutingError => e
           # won't reach here if show_detailed_exceptions is true
           scope = extract_scope_from(env)
 
           Rollbar.scoped(scope) do
-            report_exception_to_rollbar(env, exception)
+            report_exception_to_rollbar(env, e)
           end
 
-          raise exception
+          raise e
         end
 
         def extract_scope_from(env)
           scope = env['rollbar.scope']
-          Rollbar.log_warn('[Rollbar] rollbar.scope key has been removed from Rack env.') unless scope
+          unless scope
+            Rollbar.log_warn(
+              '[Rollbar] rollbar.scope key has been removed from Rack env.'
+            )
+          end
 
           scope || {}
         end

data/lib/rollbar/notifier/trace_with_bindings.rb

@@ -36,7 +36,8 @@ module Rollbar
       def trace_point
         return unless defined?(TracePoint)
 
-        @trace_point ||= TracePoint.new(:call, :return, :b_call, :b_return, :c_call, :c_return, :raise) do |tp|
+        @trace_point ||= TracePoint.new(:call, :return, :b_call, :b_return, :c_call,
+                                        :c_return, :raise) do |tp|
           case tp.event
           when :call, :b_call, :c_call, :class
             frames.push frame(tp)
@@ -44,7 +45,8 @@ module Rollbar
             frames.pop
           when :raise
             unless detect_reraise(tp) # ignore reraised exceptions
-              @exception_frames = @frames.dup # may be possible to optimize better than #dup
+              # may be possible to optimize better than #dup
+              @exception_frames = @frames.dup
               @exception_signature = exception_signature(tp)
             end
           end