rollbar 2.17.0 → 2.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 80c4468fc2e5243d35fc86e2f4787012d996ef58
-  data.tar.gz: 3469d5b5650578975879fa8962f499d7a1aea52c
+  metadata.gz: e357b034a0d0686c4ff7e2df37e4500b964ff1d8
+  data.tar.gz: 8af0947410c8afd1a1b8e7d6691cc57651f0906f
 SHA512:
-  metadata.gz: 20890794849d8a1db3b4cf0947cf84e9c824d60e81ae4c65ebeca3cf6705357bf90b98d21185d8aa038d378f420799131884529a9eb525ca3630c4c1ecae7d3b
-  data.tar.gz: 62b215e34d6b9d30123bd79069e59fd284bf19ba870db97a78d88e9c91414b67daf32c9ebb9e910305b3baa9428954815c17c998504e7a12c4ba47e0bd8b0750
+  metadata.gz: 1d320a75cf677e32ab3bf635bdff22235b39b44e4dce406b74151a2bbd9e344fb0113a2130061e93c1cd473a1f27964c97ad2b68c8a8b20b69766b9dd951cdb8
+  data.tar.gz: 371056dcb28f6247fafbd6404e1a39f873660060758393119b588cd15e9c8b67f349407422ca31b5ce163dd48a1b356ad665fcbb8d42a31ebcf81b3701150961

data/Gemfile

@@ -42,5 +42,6 @@ gem 'redis'
 gem 'resque'
 gem 'shoryuken'
 gem 'sinatra'
+gem 'webmock'
 
 gemspec

data/gemfiles/rails50.gemfile

@@ -40,7 +40,6 @@ end
 
 # We need last sinatra that uses rack 2.x
 gem 'sinatra', :git => 'https://github.com/sinatra/sinatra'
-
 gem 'codeclimate-test-reporter', :group => :test, :require => nil
 gem 'database_cleaner', '~> 1.x'
 gem 'delayed_job', :require => false

data/gemfiles/ruby_1_8_and_1_9_2.gemfile

@@ -36,7 +36,7 @@ gem 'database_cleaner', '~> 1.0.0'
 gem 'delayed_job', '4.1.3', :require => false
 gem 'genspec', '= 0.2.8'
 gem 'girl_friday', '>= 0.11.1'
-gem 'redis'
+gem 'redis', '< 3.3.5'
 gem 'resque'
 gem 'sinatra'
 

data/lib/rollbar/configuration.rb

@@ -128,6 +128,10 @@ module Rollbar
       @proxy = nil
       @collect_user_ip = true
       @anonymize_user_ip = false
+      @hooks = {
+        :on_error_response => nil, # params: response
+        :on_report_internal_error => nil, #params: exception
+      }
     end
 
     def initialize_copy(orig)
@@ -259,5 +263,21 @@ module Rollbar
     def logger
       @logger ||= default_logger.call
     end
+    
+    def hook(symbol, &block)
+      if @hooks.has_key?(symbol)
+        if block_given?
+          @hooks[symbol] = block
+        else
+          @hooks[symbol]
+        end
+      else
+        raise StandardError.new "Hook :" + symbol.to_s + " is not supported by Rollbar SDK."
+      end
+    end
+    
+    def execute_hook(symbol, *args)
+      hook(symbol).call(*args) if hook(symbol).is_a?(Proc)
+    end
   end
 end

data/lib/rollbar/middleware/js.rb

@@ -36,6 +36,8 @@ module Rollbar
         end
       end
 
+      private
+
       def enabled?
         !!config[:enabled]
       end
@@ -155,10 +157,86 @@ module Rollbar
       end
 
       def append_nonce?
-        defined?(::SecureHeaders) && ::SecureHeaders.respond_to?(:content_security_policy_script_nonce) &&
-          defined?(::SecureHeaders::Configuration) &&
-          !::SecureHeaders::Configuration.default.csp.opt_out? &&
-          !::SecureHeaders::Configuration.default.current_csp[:script_src].to_a.include?("'unsafe-inline'")
+        secure_headers.append_nonce?
+      end
+
+      def secure_headers
+        return SecureHeadersFalse.new unless defined?(::SecureHeaders::Configuration)
+
+        config = ::SecureHeaders::Configuration
+
+        secure_headers_cls = nil
+
+        if !::SecureHeaders::respond_to?(:content_security_policy_script_nonce)
+          secure_headers_cls = SecureHeadersFalse
+        elsif config.respond_to?(:get)
+          secure_headers_cls = SecureHeaders3To5
+        elsif config.dup.respond_to?(:csp)
+          secure_headers_cls = SecureHeaders6
+        else
+          secure_headers_cls = SecureHeadersFalse
+        end
+
+          secure_headers_cls.new
+      end
+
+      class SecureHeadersResolver
+        def append_nonce?
+          csp_needs_nonce?(find_csp)
+        end
+
+        private
+
+        def find_csp
+          raise NotImplementedError
+        end
+
+        def csp_needs_nonce?(csp)
+          !opt_out?(csp) && !unsafe_inline?(csp)
+        end
+
+        def opt_out?(csp)
+          raise NotImplementedError
+        end
+
+        def unsafe_inline?(csp)
+          csp[:script_src].to_a.include?("'unsafe-inline'")
+        end
+      end
+
+      class SecureHeadersFalse < SecureHeadersResolver
+        def append_nonce?
+          false
+        end
+      end
+
+      class SecureHeaders3To5 < SecureHeadersResolver
+        private
+
+        def find_csp
+          ::SecureHeaders::Configuration.get.csp
+        end
+
+        def opt_out?(csp)
+          if csp.respond_to?(:opt_out?) && csp.opt_out?
+            csp.opt_out?
+          # secure_headers csp 3.0.x-3.4.x doesn't respond to 'opt_out?'
+          elsif defined?(::SecureHeaders::OPT_OUT) && ::SecureHeaders::OPT_OUT.is_a?(Symbol)
+            csp == ::SecureHeaders::OPT_OUT
+          end
+        end
+      end
+
+      class SecureHeaders6 < SecureHeadersResolver
+        private
+
+        def find_csp
+          ::SecureHeaders::Configuration.dup.csp
+        end
+
+        def opt_out?(csp)
+          csp.opt_out?
+        end
       end
     end
   end

data/lib/rollbar/notifier.rb

@@ -407,11 +407,14 @@ module Rollbar
     # If that fails, we'll fall back to a more static failsafe response.
     def report_internal_error(exception)
       log_error '[Rollbar] Reporting internal error encountered while sending data to Rollbar.'
+      
+      configuration.execute_hook(:on_report_internal_error, exception)
 
       begin
         item = build_item('error', nil, exception, { :internal => true }, nil)
       rescue => e
         send_failsafe('build_item in exception_data', e)
+        log_error "[Rollbar] Exception: #{exception}"
         return
       end
 
@@ -419,6 +422,7 @@ module Rollbar
         process_item(item)
       rescue => e
         send_failsafe('error in process_item', e)
+        log_error "[Rollbar] Item: #{item}"
         return
       end
 
@@ -426,6 +430,7 @@ module Rollbar
         log_instance_link(item['data'])
       rescue => e
         send_failsafe('error logging instance link', e)
+        log_error "[Rollbar] Item: #{item}"
         return
       end
     end
@@ -575,6 +580,7 @@ module Rollbar
       else
         log_warning "[Rollbar] Got unexpected status code from Rollbar api: #{response.code}"
         log_info "[Rollbar] Response: #{response.body}"
+        configuration.execute_hook(:on_error_response, response)
       end
     end
 

data/lib/rollbar/plugins/active_job.rb

@@ -6,7 +6,8 @@ module Rollbar
         Rollbar.error(exception,
                       :job => self.class.name,
                       :job_id => job_id,
-                      :use_exception_level_filters => true)
+                      :use_exception_level_filters => true,
+                      :arguments => arguments)
         raise exception
       end
     end

data/lib/rollbar/plugins/delayed_job/plugin.rb

@@ -12,7 +12,7 @@ module Rollbar
         lifecycle.around(:invoke_job, &Delayed::invoke_job_callback)
         lifecycle.after(:failure) do |_, job, _, _|
           data = Rollbar::Delayed.build_job_data(job)
-          ::Rollbar.scope(:request => data).error(job.last_error, :use_exception_level_filters => true) if job.last_error
+          ::Rollbar.scope(:request => data).error("Job has failed and won't be retried anymore: " + job.last_error, :use_exception_level_filters => true) if job.last_error
         end
       end
     end

data/lib/rollbar/plugins/rails/railtie_mixin.rb

@@ -1,5 +1,3 @@
-require 'rollbar'
-
 module Rollbar
   module RailtieMixin
     extend ActiveSupport::Concern

data/lib/rollbar/version.rb

@@ -1,3 +1,3 @@
 module Rollbar
-  VERSION = '2.17.0'
+  VERSION = '2.18.0'
 end

data/spec/rollbar/configuration_spec.rb

@@ -43,4 +43,32 @@ describe Rollbar::Configuration do
       expect(new_config.environment).to be_eql('bar')
     end
   end
+  
+  describe '#hook' do
+    it "assigns and returns the appropriate hook" do
+      subject.hook :on_error_response do
+        puts "foo hook"
+      end
+      
+      expect(subject.hook(:on_error_response).is_a?(Proc)).to be_eql(true)
+    end
+    
+    it "raises a StandardError if requested hook is not supported" do
+      expect{ subject.hook(:foo) }.to raise_error(StandardError)
+    end
+  end
+  
+  describe '#execute_hook' do
+    it "executes the approriate hook" do
+      bar = "test value"
+      
+      subject.hook :on_error_response do
+        bar = "changed value"
+      end
+      
+      subject.execute_hook :on_error_response
+      
+      expect(bar).to be_eql("changed value")
+    end
+  end
 end

data/spec/rollbar/middleware/js_spec.rb

@@ -1,6 +1,50 @@
 require 'spec_helper'
 require 'rollbar/middleware/js'
 
+
+shared_examples 'secure_headers' do
+  it 'renders the snippet and config in the response with nonce in script tag when SecureHeaders installed' do
+    SecureHeadersMocks::CSP.config = {
+      :opt_out? => false
+    }
+
+    _, _, response = subject.call(env)
+
+    new_body = response.body.join
+
+    expect(new_body).to include('<script type="text/javascript" nonce="lorem-ipsum-nonce">')
+    expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
+    expect(new_body).to include(snippet)
+  end
+
+  it 'renders the snippet in the response without nonce if SecureHeaders script_src includes \'unsafe-inline\'' do
+    SecureHeadersMocks::CSP.config = {
+      :opt_out? => false,
+      :script_src => %w('unsafe-inline')
+    }
+
+    _, _, response = subject.call(env)
+    new_body = response.body.join
+
+    expect(new_body).to include('<script type="text/javascript">')
+    expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
+    expect(new_body).to include(snippet)
+  end
+
+  it 'renders the snippet in the response without nonce if SecureHeaders CSP is OptOut' do
+    SecureHeadersMocks::CSP.config = {
+      :opt_out? => true
+    }
+
+    _, _, response = subject.call(env)
+    new_body = response.body.join
+
+    expect(new_body).to include('<script type="text/javascript">')
+    expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
+    expect(new_body).to include(snippet)
+  end
+end
+
 describe Rollbar::Middleware::Js do
   subject { described_class.new(app, config) }
 
@@ -174,61 +218,26 @@ END
         end
 
         before do
-          Object.const_set('SecureHeaders', Module.new)
-          SecureHeaders.const_set('VERSION', '3.0.0')
-          SecureHeaders.const_set('Configuration', Module.new {
-            def self.default
-            end
-          })
-          allow(SecureHeaders).to receive(:content_security_policy_script_nonce) { 'lorem-ipsum-nonce' }
-        end
-
-        after do
-          Object.send(:remove_const, 'SecureHeaders')
+          stub_const('::SecureHeaders', secure_headers_mock)
+          SecureHeadersMocks::CSP.config = {}
         end
 
-        it 'renders the snippet and config in the response with nonce in script tag when SecureHeaders installed' do
-          secure_headers_config = double(:configuration, :current_csp => {}, :csp => double(:opt_out? => false))
-          allow(SecureHeaders::Configuration).to receive(:default).and_return(secure_headers_config)
-          res_status, res_headers, response = subject.call(env)
+        context 'with secure headers 3.0.x-3.4.x' do
+          let(:secure_headers_mock) {  SecureHeadersMocks::SecureHeaders30 }
 
-          new_body = response.body.join
-
-          expect(new_body).to include('<script type="text/javascript" nonce="lorem-ipsum-nonce">')
-          expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
-          expect(new_body).to include(snippet)
+          include_examples 'secure_headers'
         end
 
-        it 'renders the snippet in the response without nonce if SecureHeaders script_src includes \'unsafe-inline\'' do
-          secure_headers_config = double(:configuration,
-                                         :current_csp => {
-                                           :script_src => %w('unsafe-inline')
-                                         },
-                                         :csp => double(:opt_out? => false))
-          allow(SecureHeaders::Configuration).to receive(:default).and_return(secure_headers_config)
-
-          res_status, res_headers, response = subject.call(env)
-          new_body = response.body.join
+        context 'with secure headers 3.5' do
+          let(:secure_headers_mock) {  SecureHeadersMocks::SecureHeaders35 }
 
-          expect(new_body).to include('<script type="text/javascript">')
-          expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
-          expect(new_body).to include(snippet)
-
-          SecureHeaders.send(:remove_const, 'Configuration')
+          include_examples 'secure_headers'
         end
 
-        it 'renders the snippet in the response without nonce if SecureHeaders CSP is OptOut' do
-          secure_headers_config = double(:configuration, :csp => double(:opt_out? => true))
-          allow(SecureHeaders::Configuration).to receive(:default).and_return(secure_headers_config)
-
-          res_status, res_headers, response = subject.call(env)
-          new_body = response.body.join
+        context 'with secure headers 6.0' do
+          let(:secure_headers_mock) {  SecureHeadersMocks::SecureHeaders60 }
 
-          expect(new_body).to include('<script type="text/javascript">')
-          expect(new_body).to include("var _rollbarConfig = #{config[:options].to_json};")
-          expect(new_body).to include(snippet)
-
-          SecureHeaders.send(:remove_const, 'Configuration')
+          include_examples 'secure_headers'
         end
       end
 
@@ -240,16 +249,11 @@ END
         end
 
         before do
-          Object.const_set('SecureHeaders', Module.new)
-          SecureHeaders.const_set('VERSION', '2.4.0')
-        end
-
-        after do
-          Object.send(:remove_const, 'SecureHeaders')
+          stub_const('::SecureHeaders', ::SecureHeadersMocks::SecureHeaders20)
         end
 
         it 'renders the snippet and config in the response without nonce in script tag when too old SecureHeaders installed' do
-          res_status, res_headers, response = subject.call(env)
+          _, _, response = subject.call(env)
           new_body = response.body.join
 
           expect(new_body).to include('<script type="text/javascript">')
@@ -354,10 +358,10 @@ END
         it 'adds the person data to the configuration' do
           _, _, response = subject.call(env)
           new_body = response.body.join
-          
+
           rollbar_config = new_body[/var _rollbarConfig = (.*);<\/script>/, 1]
           rollbar_config = JSON.parse(rollbar_config, { :symbolize_names => true})
-          
+
           expect(rollbar_config).to eql(expected_js_options)
         end
 

data/spec/rollbar/plugins/active_job_spec.rb

@@ -9,6 +9,11 @@ describe Rollbar::ActiveJob do
     include Rollbar::ActiveJob
 
     attr_reader :job_id
+    attr_accessor :arguments
+
+    def initialize(*arguments)
+      @arguments = arguments
+    end
 
     def perform(exception, job_id)
       @job_id = job_id
@@ -21,18 +26,20 @@ describe Rollbar::ActiveJob do
 
   let(:exception) { StandardError.new('oh no') }
   let(:job_id) { "123" }
+  let(:argument) { 12 }
 
   it "reports the error to Rollbar" do
     expected_params = {
       :job => "TestJob",
       :job_id => job_id,
-      :use_exception_level_filters => true
+      :use_exception_level_filters => true,
+      :arguments => [argument]
     }
     expect(Rollbar).to receive(:error).with(exception, expected_params)
-    TestJob.new.perform(exception, job_id) rescue nil
+    TestJob.new(argument).perform(exception, job_id) rescue nil
   end
 
   it "reraises the error so the job backend can handle the failure and retry" do
-    expect { TestJob.new.perform(exception, job_id) }.to raise_error exception
+    expect { TestJob.new(argument).perform(exception, job_id) }.to raise_error exception
   end
 end

data/spec/rollbar_spec.rb

@@ -159,6 +159,65 @@ describe Rollbar do
         notifier.log('error', exception, extra_data, 'exception description')
       end
       
+      context 'with :on_error_response hook configured' do
+        let!(:notifier) { Rollbar::Notifier.new }
+        let(:configuration) do
+          config = Rollbar::Configuration.new
+          config.access_token = test_access_token
+          config.enabled = true
+          
+          config.hook :on_error_response do |response|
+            return ":on_error_response executed"
+          end
+          
+          config
+        end
+        let(:message) { 'foo' }
+        let(:level) { 'foo' }
+  
+        before do
+          notifier.configuration = configuration
+          allow_any_instance_of(Net::HTTP).to receive(:request).and_return(OpenStruct.new(:code => 500, :body => "Error"))
+          @uri = URI.parse(Rollbar::Configuration::DEFAULT_ENDPOINT)
+        end
+        
+        it "calls the :on_error_response hook if response status is not 200" do
+          expect(Net::HTTP).to receive(:new).with(@uri.host, @uri.port, nil, nil, nil, nil).and_call_original
+          expect(notifier.configuration.hook(:on_error_response)).to receive(:call)
+          
+          notifier.log(level, message)
+        end
+      end
+      
+      context 'with :on_report_internal_error hook configured' do
+        let!(:notifier) { Rollbar::Notifier.new }
+        let(:configuration) do
+          config = Rollbar::Configuration.new
+          config.access_token = test_access_token
+          config.enabled = true
+          
+          config.hook :on_report_internal_error do |response|
+            return ":on_report_internal_error executed"
+          end
+          
+          config
+        end
+        let(:message) { 'foo' }
+        let(:level) { 'foo' }
+  
+        before do
+          notifier.configuration = configuration
+        end
+        
+        it "calls the :on_report_internal_error hook if" do
+          expect(notifier.configuration.hook(:on_report_internal_error)).to receive(:call)
+          expect(notifier).to receive(:report) do
+            raise StandardError.new
+          end
+          notifier.log(level, message)
+        end
+      end
+    
       context 'an item with a context' do
         let(:context) { { :controller => 'ExampleController' } }
         

data/spec/support/secure_headers_mocks.rb

@@ -0,0 +1,83 @@
+module SecureHeadersMocks
+  NONCE = 'lorem-ipsum-nonce'
+
+  module CSP
+    class << self
+      attr_accessor :config
+
+      def opt_out?
+        config[:opt_out?]
+      end
+
+      def [](key)
+        config[key]
+      end
+    end
+  end
+
+  module SecureHeaders20
+  end
+
+  module SecureHeaders30
+    OPT_OUT = :opt_out
+    class << self
+      def content_security_policy_script_nonce(req)
+        NONCE
+      end
+    end
+
+    module Configuration
+      module CSPProxy
+        def self.csp
+          return OPT_OUT if CSP.opt_out?
+
+          CSP.config
+        end
+      end
+
+      def self.get
+        CSPProxy
+      end
+    end
+  end
+
+  module SecureHeaders35
+    class << self
+      def content_security_policy_script_nonce(req)
+        NONCE
+      end
+    end
+
+    module Configuration
+      module CSPProxy
+        def self.csp
+          CSP
+        end
+      end
+
+      def self.get
+        CSPProxy
+      end
+    end
+  end
+
+  module SecureHeaders60
+    class << self
+      def content_security_policy_script_nonce(req)
+        NONCE
+      end
+    end
+
+    module Configuration
+      module CSPProxy
+        def self.csp
+          CSP
+        end
+      end
+
+      def self.dup
+        CSPProxy
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rollbar
 version: !ruby/object:Gem::Version
-  version: 2.17.0
+  version: 2.18.0
 platform: ruby
 authors:
 - Rollbar, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-08-27 00:00:00.000000000 Z
+date: 2018-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -264,6 +264,7 @@ files:
 - spec/support/matchers.rb
 - spec/support/notifier_helpers.rb
 - spec/support/rollbar_api.rb
+- spec/support/secure_headers_mocks.rb
 - spec/support/shared_contexts.rb
 homepage: https://rollbar.com
 licenses:
@@ -416,4 +417,5 @@ test_files:
 - spec/support/matchers.rb
 - spec/support/notifier_helpers.rb
 - spec/support/rollbar_api.rb
+- spec/support/secure_headers_mocks.rb
 - spec/support/shared_contexts.rb