sentry-raven 1.1.0 → 3.1.2

data/lib/raven/processor/removecircularreferences.rb

@@ -1,14 +1,18 @@
 module Raven
   class Processor::RemoveCircularReferences < Processor
-    def process(v, visited = [])
-      return "(...)" if visited.include?(v.__id__)
-      visited += [v.__id__]
-      if v.is_a?(Hash)
-        v.each_with_object({}) { |(k, v_), memo| memo[k] = process(v_, visited) }
-      elsif v.is_a?(Array)
-        v.map { |v_| process(v_, visited) }
+    ELISION_STRING = "(...)".freeze
+    def process(value, visited = [])
+      return ELISION_STRING if visited.include?(value.__id__)
+
+      visited << value.__id__ if value.is_a?(Array) || value.is_a?(Hash)
+
+      case value
+      when Hash
+        !value.frozen? ? value.merge!(value) { |_, v| process v, visited } : value.merge(value) { |_, v| process v, visited }
+      when Array
+        !value.frozen? ? value.map! { |v| process v, visited } : value.map { |v| process v, visited }
       else
-        v
+        value
       end
     end
   end

data/lib/raven/processor/removestacktrace.rb

@@ -1,13 +1,24 @@
 module Raven
   class Processor::RemoveStacktrace < Processor
-    def process(value)
-      if value[:exception]
-        value[:exception][:values].map do |single_exception|
-          single_exception.delete(:stacktrace) if single_exception[:stacktrace]
-        end
+    def process(data)
+      process_if_symbol_keys(data) if data[:exception]
+      process_if_string_keys(data) if data["exception"]
+
+      data
+    end
+
+    private
+
+    def process_if_symbol_keys(data)
+      data[:exception][:values].map do |single_exception|
+        single_exception.delete(:stacktrace) if single_exception[:stacktrace]
       end
+    end
 
-      value
+    def process_if_string_keys(data)
+      data["exception"]["values"].map do |single_exception|
+        single_exception.delete("stacktrace") if single_exception["stacktrace"]
+      end
     end
   end
 end

data/lib/raven/processor/sanitizedata.rb

@@ -1,63 +1,118 @@
 # frozen_string_literal: true
+
 require 'json'
+
 module Raven
   class Processor::SanitizeData < Processor
-    STRING_MASK = '********'.freeze
-    INT_MASK = 0
     DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec).freeze
-    CREDIT_CARD_RE = /^(?:\d[ -]*?){13,16}$/
-    REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
+    CREDIT_CARD_RE = /\b(?:3[47]\d|(?:4\d|5[1-5]|65)\d{2}|6011)\d{12}\b/.freeze
+    QUERY_STRING = ['query_string', :query_string].freeze
+    JSON_STARTS_WITH = ["[", "{"].freeze
 
-    attr_accessor :sanitize_fields, :sanitize_credit_cards
+    attr_accessor :sanitize_fields, :sanitize_credit_cards, :sanitize_fields_excluded
 
     def initialize(client)
       super
       self.sanitize_fields = client.configuration.sanitize_fields
       self.sanitize_credit_cards = client.configuration.sanitize_credit_cards
+      self.sanitize_fields_excluded = client.configuration.sanitize_fields_excluded
     end
 
-    def process(value)
-      value.each_with_object(value) { |(k,v), memo| memo[k] = sanitize(k,v) }
+    def process(value, key = nil)
+      case value
+      when Hash
+        sanitize_hash_value(key, value)
+      when Array
+        sanitize_array_value(key, value)
+      when Integer
+        matches_regexes?(key, value.to_s) ? INT_MASK : value
+      when String
+        sanitize_string_value(key, value)
+      else
+        value
+      end
     end
 
-    def sanitize(k,v)
-      if v.is_a?(Hash)
-        process(v)
-      elsif v.is_a?(Array)
-        v.map{|a| sanitize(k, a)}
-      elsif k.to_s == 'query_string'
-        sanitize_query_string(v)
-      elsif v.is_a?(Integer) && matches_regexes?(k,v)
-        INT_MASK
-      elsif v.is_a?(String)
-        if fields_re.match(v.to_s) && (json = parse_json_or_nil(v))
-          #if this string is actually a json obj, convert and sanitize
-          json.is_a?(Hash) ? process(json).to_json : v
-        elsif matches_regexes?(k,v)
-          STRING_MASK
-        else
-          v
-        end
+    private
+
+    # CGI.parse takes our nice UTF-8 strings and converts them back to ASCII,
+    # so we have to convert them back, again.
+    def utf8_processor
+      @utf8_processor ||= Processor::UTF8Conversion.new
+    end
+
+    def sanitize_hash_value(key, value)
+      if key =~ sensitive_fields
+        STRING_MASK
+      elsif value.frozen?
+        value.merge(value) { |k, v| process v, k }
       else
-        v
+        value.merge!(value) { |k, v| process v, k }
       end
     end
 
-    private
+    def sanitize_array_value(key, value)
+      if value.frozen?
+        value.map { |v| process v, key }
+      else
+        value.map! { |v| process v, key }
+      end
+    end
+
+    def sanitize_string_value(key, value)
+      if value =~ sensitive_fields && (json = parse_json_or_nil(value))
+        # if this string is actually a json obj, convert and sanitize
+        process(json).to_json
+      elsif matches_regexes?(key, value)
+        STRING_MASK
+      elsif QUERY_STRING.include?(key)
+        sanitize_query_string(value)
+      elsif value =~ sensitive_fields
+        sanitize_sensitive_string_content(value)
+      else
+        value
+      end
+    end
 
     def sanitize_query_string(query_string)
       query_hash = CGI.parse(query_string)
-      processed_query_hash = process(query_hash)
+      sanitized = utf8_processor.process(query_hash)
+      processed_query_hash = process(sanitized)
       URI.encode_www_form(processed_query_hash)
     end
 
+    # this scrubs some sensitive info from the string content. for example:
+    #
+    # ```
+    # unexpected token at '{
+    # "role": "admin","password": "Abc@123","foo": "bar"
+    # }'
+    # ```
+    #
+    # will become
+    #
+    # ```
+    # unexpected token at '{
+    # "role": "admin","password": *******,"foo": "bar"
+    # }'
+    # ```
+    #
+    # it's particularly useful in hash or param-parsing related errors
+    def sanitize_sensitive_string_content(value)
+      value.gsub(/(#{sensitive_fields}['":]\s?(:|=>)?\s?)(".*?"|'.*?')/, '\1' + STRING_MASK)
+    end
+
     def matches_regexes?(k, v)
-      (sanitize_credit_cards && CREDIT_CARD_RE.match(v.to_s)) ||
-        fields_re.match(k.to_s)
+      (sanitize_credit_cards && v =~ CREDIT_CARD_RE) ||
+        k =~ sensitive_fields
     end
 
-    def fields_re
-      @fields_re ||= /#{(DEFAULT_FIELDS | sanitize_fields).map do |f|
+    def sensitive_fields
+      return @sensitive_fields if instance_variable_defined?(:@sensitive_fields)
+
+      fields = DEFAULT_FIELDS | sanitize_fields
+      fields -= sanitize_fields_excluded
+      @sensitive_fields = /#{fields.map do |f|
         use_boundary?(f) ? "\\b#{f}\\b" : f
       end.join("|")}/i
     end
@@ -71,11 +126,11 @@ module Raven
     end
 
     def parse_json_or_nil(string)
-      begin
-        OkJson.decode(string)
-      rescue Raven::OkJson::Error, NoMethodError
-        nil
-      end
+      return unless string.start_with?(*JSON_STARTS_WITH)
+
+      JSON.parse(string)
+    rescue JSON::ParserError, NoMethodError
+      nil
     end
   end
 end

data/lib/raven/processor/utf8conversion.rb

@@ -1,28 +1,53 @@
 module Raven
   class Processor::UTF8Conversion < Processor
+    # Slightly misnamed - actually just removes any bytes with invalid encoding
+    # Previously, our JSON backend required UTF-8. Since we now use the built-in
+    # JSON, we can use any encoding, but it must be valid anyway so we can do
+    # things like call #match and #slice on strings
+    REPLACE = "".freeze
+
     def process(value)
-      if value.is_a? Array
-        value.map { |v| process v }
-      elsif value.is_a? Hash
-        value.merge(value) { |_, v| process v }
-      elsif value.is_a?(Exception) && !value.message.valid_encoding?
-        clean_exc = value.class.new(clean_invalid_utf8_bytes(value.message))
+      case value
+      when Hash
+        !value.frozen? ? value.merge!(value) { |_, v| process v } : value.merge(value) { |_, v| process v }
+      when Array
+        !value.frozen? ? value.map! { |v| process v } : value.map { |v| process v }
+      when Exception
+        return value if value.message.valid_encoding?
+
+        clean_exc = value.class.new(remove_invalid_bytes(value.message))
         clean_exc.set_backtrace(value.backtrace)
         clean_exc
+      when String
+        # Encoding::BINARY / Encoding::ASCII_8BIT is a special binary encoding.
+        # valid_encoding? will always return true because it contains all codepoints,
+        # so instead we check if it only contains actual ASCII codepoints, and if
+        # not we assume it's actually just UTF8 and scrub accordingly.
+        if value.encoding == Encoding::BINARY && !value.ascii_only?
+          value = value.dup
+          value.force_encoding(Encoding::UTF_8)
+        end
+        return value if value.valid_encoding?
+
+        remove_invalid_bytes(value)
       else
-        clean_invalid_utf8_bytes(value)
+        value
       end
     end
 
     private
 
-    def clean_invalid_utf8_bytes(obj)
-      if obj.respond_to?(:to_utf8)
-        obj.to_utf8
-      elsif obj.respond_to?(:encoding) && obj.is_a?(String)
-        obj.encode('UTF-16', :invalid => :replace, :undef => :replace, :replace => '').encode('UTF-8')
-      else
-        obj
+    # Stolen from RSpec
+    # https://github.com/rspec/rspec-support/blob/f0af3fd74a94ff7bb700f6ba06dbdc67bba17fbf/lib/rspec/support/encoded_string.rb#L120-L139
+    if String.method_defined?(:scrub) # 2.1+
+      def remove_invalid_bytes(string)
+        string.scrub(REPLACE)
+      end
+    else
+      def remove_invalid_bytes(string)
+        string.chars.map do |char|
+          char.valid_encoding? ? char : REPLACE
+        end.join
       end
     end
   end

data/lib/raven/processor.rb

@@ -1,6 +1,10 @@
 module Raven
   class Processor
-    def initialize(client)
+    STRING_MASK = '********'.freeze
+    INT_MASK = 0
+    REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
+
+    def initialize(client = nil)
       @client = client
     end
 

data/lib/raven/transports/http.rb

@@ -1,8 +1,5 @@
 require 'faraday'
 
-require 'raven/transports'
-require 'raven/error'
-
 module Raven
   module Transports
     class HTTP < Transport
@@ -15,43 +12,55 @@ module Raven
       end
 
       def send_event(auth_header, data, options = {})
+        unless configuration.sending_allowed?
+          configuration.logger.debug("Event not sent: #{configuration.error_messages}")
+          return
+        end
+
         project_id = configuration[:project_id]
         path = configuration[:path] + "/"
 
-        response = conn.post "#{path}api/#{project_id}/store/" do |req|
+        conn.post "#{path}api/#{project_id}/store/" do |req|
           req.headers['Content-Type'] = options[:content_type]
           req.headers['X-Sentry-Auth'] = auth_header
           req.body = data
         end
-        Raven.logger.warn "Error from Sentry server (#{response.status}): #{response.body}" unless response.status == 200
-        response
+      rescue Faraday::Error => e
+        error_info = e.message
+        if e.response && e.response[:headers]['x-sentry-error']
+          error_info += " Error in headers is: #{e.response[:headers]['x-sentry-error']}"
+        end
+        raise Raven::Error, error_info
       end
 
       private
 
       def set_conn
-        verify_configuration
-
-        Raven.logger.debug "Raven HTTP Transport connecting to #{configuration.server}"
+        configuration.logger.debug "Raven HTTP Transport connecting to #{configuration.server}"
 
-        ssl_configuration = configuration.ssl || {}
-        ssl_configuration[:verify] = configuration.ssl_verification
-        ssl_configuration[:ca_file] = configuration.ssl_ca_file
+        proxy = configuration.public_send(:proxy)
 
-        conn = Faraday.new(
-          :url => configuration[:server],
-          :ssl => ssl_configuration
-        ) do |builder|
+        Faraday.new(configuration.server, :ssl => ssl_configuration, :proxy => proxy) do |builder|
+          configuration.faraday_builder&.call(builder)
+          builder.response :raise_error
+          builder.options.merge! faraday_opts
+          builder.headers[:user_agent] = "sentry-ruby/#{Raven::VERSION}"
           builder.adapter(*adapter)
         end
+      end
 
-        conn.headers[:user_agent] = "sentry-ruby/#{Raven::VERSION}"
-
-        conn.options[:proxy] = configuration.proxy if configuration.proxy
-        conn.options[:timeout] = configuration.timeout if configuration.timeout
-        conn.options[:open_timeout] = configuration.open_timeout if configuration.open_timeout
+      # TODO: deprecate and replace where possible w/Faraday Builder
+      def faraday_opts
+        [:timeout, :open_timeout].each_with_object({}) do |opt, memo|
+          memo[opt] = configuration.public_send(opt) if configuration.public_send(opt)
+        end
+      end
 
-        conn
+      def ssl_configuration
+        (configuration.ssl || {}).merge(
+          :verify => configuration.ssl_verification,
+          :ca_file => configuration.ssl_ca_file
+        )
       end
     end
   end

data/lib/raven/transports/stdout.rb

@@ -0,0 +1,20 @@
+module Raven
+  module Transports
+    class Stdout < Transport
+      attr_accessor :events
+
+      def initialize(*)
+        super
+      end
+
+      def send_event(_auth_header, data, _options = {})
+        unless configuration.sending_allowed?
+          logger.debug("Event not sent: #{configuration.error_messages}")
+        end
+
+        $stdout.puts data
+        $stdout.flush
+      end
+    end
+  end
+end

data/lib/raven/transports.rb

@@ -1,5 +1,3 @@
-require 'raven/error'
-
 module Raven
   module Transports
     class Transport
@@ -9,15 +7,13 @@ module Raven
         @configuration = configuration
       end
 
-      def send_event #(auth_header, data, options = {})
-        raise NotImplementedError.new('Abstract method not implemented')
-      end
-
-      protected
-
-      def verify_configuration
-        configuration.verify!
+      def send_event # (auth_header, data, options = {})
+        raise NotImplementedError, 'Abstract method not implemented'
       end
     end
   end
 end
+
+require "raven/transports/dummy"
+require "raven/transports/http"
+require "raven/transports/stdout"

data/lib/raven/utils/context_filter.rb

@@ -0,0 +1,42 @@
+module Raven
+  module Utils
+    module ContextFilter
+      class << self
+        ACTIVEJOB_RESERVED_PREFIX_REGEX = /^_aj_/.freeze
+        HAS_GLOBALID = const_defined?('GlobalID')
+
+        # Once an ActiveJob is queued, ActiveRecord references get serialized into
+        # some internal reserved keys, such as _aj_globalid.
+        #
+        # The problem is, if this job in turn gets queued back into ActiveJob with
+        # these magic reserved keys, ActiveJob will throw up and error. We want to
+        # capture these and mutate the keys so we can sanely report it.
+        def filter_context(context)
+          case context
+          when Array
+            context.map { |arg| filter_context(arg) }
+          when Hash
+            Hash[context.map { |key, value| filter_context_hash(key, value) }]
+          else
+            format_globalid(context)
+          end
+        end
+
+        private
+
+        def filter_context_hash(key, value)
+          key = key.to_s.sub(ACTIVEJOB_RESERVED_PREFIX_REGEX, "") if key.match(ACTIVEJOB_RESERVED_PREFIX_REGEX)
+          [key, filter_context(value)]
+        end
+
+        def format_globalid(context)
+          if HAS_GLOBALID && context.is_a?(GlobalID)
+            context.to_s
+          else
+            context
+          end
+        end
+      end
+    end
+  end
+end

data/lib/raven/utils/deep_merge.rb

@@ -7,21 +7,15 @@ module Raven
       end
 
       def self.deep_merge!(hash, other_hash, &block)
-        other_hash.each_pair do |current_key, other_value|
-          this_value = hash[current_key]
-
-          hash[current_key] = if this_value.is_a?(Hash) && other_value.is_a?(Hash)
-            this_value.deep_merge(other_value, &block)
+        hash.merge!(other_hash) do |key, this_val, other_val|
+          if this_val.is_a?(Hash) && other_val.is_a?(Hash)
+            deep_merge(this_val, other_val, &block)
+          elsif block_given?
+            block.call(key, this_val, other_val)
           else
-            if block_given? && key?(current_key)
-              block.call(current_key, this_value, other_value)
-            else
-              other_value
-            end
+            other_val
           end
         end
-
-        hash
       end
     end
   end

data/lib/raven/utils/exception_cause_chain.rb

@@ -0,0 +1,20 @@
+module Raven
+  module Utils
+    module ExceptionCauseChain
+      def self.exception_to_array(exception)
+        if exception.respond_to?(:cause) && exception.cause
+          exceptions = [exception]
+          while exception.cause
+            exception = exception.cause
+            break if exceptions.any? { |e| e.object_id == exception.object_id }
+
+            exceptions << exception
+          end
+          exceptions
+        else
+          [exception]
+        end
+      end
+    end
+  end
+end

data/lib/raven/utils/real_ip.rb

@@ -0,0 +1,62 @@
+require 'ipaddr'
+
+# Based on ActionDispatch::RemoteIp. All security-related precautions from that
+# middleware have been removed, because the Event IP just needs to be accurate,
+# and spoofing an IP here only makes data inaccurate, not insecure. Don't re-use
+# this module if you have to *trust* the IP address.
+module Raven
+  module Utils
+    class RealIp
+      LOCAL_ADDRESSES = [
+        "127.0.0.1",      # localhost IPv4
+        "::1",            # localhost IPv6
+        "fc00::/7",       # private IPv6 range fc00::/7
+        "10.0.0.0/8",     # private IPv4 range 10.x.x.x
+        "172.16.0.0/12",  # private IPv4 range 172.16.0.0 .. 172.31.255.255
+        "192.168.0.0/16" # private IPv4 range 192.168.x.x
+      ].map { |proxy| IPAddr.new(proxy) }
+
+      attr_accessor :ip, :ip_addresses
+
+      def initialize(ip_addresses)
+        self.ip_addresses = ip_addresses
+      end
+
+      def calculate_ip
+        # CGI environment variable set by Rack
+        remote_addr = ips_from(ip_addresses[:remote_addr]).last
+
+        # Could be a CSV list and/or repeated headers that were concatenated.
+        client_ips    = ips_from(ip_addresses[:client_ip])
+        real_ips      = ips_from(ip_addresses[:real_ip])
+        forwarded_ips = ips_from(ip_addresses[:forwarded_for])
+
+        ips = [client_ips, real_ips, forwarded_ips, remote_addr].flatten.compact
+
+        # If every single IP option is in the trusted list, just return REMOTE_ADDR
+        self.ip = filter_local_addresses(ips).first || remote_addr
+      end
+
+      protected
+
+      def ips_from(header)
+        # Split the comma-separated list into an array of strings
+        ips = header ? header.strip.split(/[,\s]+/) : []
+        ips.select do |ip|
+          begin
+            # Only return IPs that are valid according to the IPAddr#new method
+            range = IPAddr.new(ip).to_range
+            # we want to make sure nobody is sneaking a netmask in
+            range.begin == range.end
+          rescue ArgumentError
+            nil
+          end
+        end
+      end
+
+      def filter_local_addresses(ips)
+        ips.reject { |ip| LOCAL_ADDRESSES.any? { |proxy| proxy === ip } }
+      end
+    end
+  end
+end

data/lib/raven/utils/request_id.rb

@@ -0,0 +1,16 @@
+module Raven
+  module Utils
+    module RequestId
+      REQUEST_ID_HEADERS = %w(action_dispatch.request_id HTTP_X_REQUEST_ID).freeze
+
+      # Request ID based on ActionDispatch::RequestId
+      def self.read_from(env_hash)
+        REQUEST_ID_HEADERS.each do |key|
+          request_id = env_hash[key]
+          return request_id if request_id
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/raven/version.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+
 module Raven
-  VERSION = "1.1.0".freeze
+  VERSION = "3.1.2"
 end

data/lib/sentry-raven-without-integrations.rb

@@ -1 +1,6 @@
-require 'raven/base'
+require "raven/helpers/deprecation_helper"
+
+filename = "sentry_raven_without_integrations"
+DeprecationHelper.deprecate_dasherized_filename(filename)
+
+require filename

data/lib/sentry_raven_without_integrations.rb

@@ -0,0 +1 @@
+require 'raven/base'

data/sentry-raven.gemspec

@@ -0,0 +1,28 @@
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+require 'raven/version'
+
+Gem::Specification.new do |gem|
+  gem.name = "sentry-raven"
+  gem.authors = ["Sentry Team"]
+  gem.description = gem.summary = "A gem that provides a client interface for the Sentry error logger"
+  gem.email = "accounts@sentry.io"
+  gem.license = 'Apache-2.0'
+  gem.homepage = "https://github.com/getsentry/raven-ruby"
+
+  gem.version = Raven::VERSION
+  gem.platform = Gem::Platform::RUBY
+  gem.required_ruby_version = '>= 2.3'
+  gem.extra_rdoc_files = ["README.md", "LICENSE"]
+  gem.files = `git ls-files | grep -Ev '^(spec|benchmarks|examples)'`.split("\n")
+  gem.bindir = "exe"
+  gem.executables = "raven"
+
+  gem.add_dependency "faraday", ">= 1.0"
+
+  gem.post_install_message = <<~EOS
+    `sentry-raven` is deprecated! Please migrate to `sentry-ruby`
+
+    See https://docs.sentry.io/platforms/ruby/migration for the migration guide.
+
+  EOS
+end