sentry-raven 1.2.3 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 656c9303a15859cbba85c2e9d08003f57df11c7c
-  data.tar.gz: e3c32559a3f11b62a4d49471d7bd7dab968fe5ab
+  metadata.gz: 44601f24d6796ddf4c83b31e84b4bce0bebda016
+  data.tar.gz: e06fca1cc97d57477771fabd6b8a05a0d8ac0192
 SHA512:
-  metadata.gz: c3357a60cdd946579a473778671fffcb461ec7a3c572244a020f4b39a901b92091a744f055a455d1ef3ef004c45c989ffb7e0042e67a1e38cbacdb1e1dd0e859
-  data.tar.gz: 7565bc3e31786e9eb670c22e0fd23946c8f1dffc39a743645a6710988b1966d936e95d11598c0901fde1edca1b2e07bb36b0b0810c319552722b6d5910e81fdc
+  metadata.gz: 007530478a48c41c6d61ce78cb776a73e78935c8cedeb8232a0acee4d9356a616ffaf71f679cadb79c141b1a27c9e99ec73449539c44b48b332f83f0cea0f9ac
+  data.tar.gz: e3c28440058749694dba1637d8da5d374e753b44189416a19411dda21b3ec082caca521e2643001ee4292954b4b15572621f2dbcc745da5cc687552a6ec4b121

data/lib/raven/backtrace.rb

@@ -1,16 +1,15 @@
 ## Inspired by Rails' and Airbrake's backtrace parsers.
 
 module Raven
-
   # Front end to parsing the backtrace for each notice
   class Backtrace
     # Handles backtrace parsing line by line
     class Line
       # regexp (optionnally allowing leading X: for windows support)
-      RUBY_INPUT_FORMAT = %r{^((?:[a-zA-Z]:)?[^:]+|<.*>):(\d+)(?::in `([^']+)')?$}
+      RUBY_INPUT_FORMAT = /^((?:[a-zA-Z]:)?[^:]+|<.*>):(\d+)(?::in `([^']+)')?$/
 
       # org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:170)
-      JAVA_INPUT_FORMAT = %r{^(.+)\.([^\.]+)\(([^\:]+)\:(\d+)\)$}
+      JAVA_INPUT_FORMAT = /^(.+)\.([^\.]+)\(([^\:]+)\:(\d+)\)$/
 
       # The file portion of the line (such as app/models/user.rb)
       attr_reader :file
@@ -47,7 +46,7 @@ module Raven
       end
 
       def in_app
-        if self.file =~ self.class.in_app_pattern
+        if file =~ self.class.in_app_pattern
           true
         else
           false

data/lib/raven/base.rb

@@ -7,7 +7,7 @@ require 'raven/processor/removecircularreferences'
 require 'raven/processor/utf8conversion'
 require 'raven/processor/cookies'
 require 'raven/processor/post_data'
-require 'raven/processor/truncator'
+require 'raven/processor/http_headers'
 require 'raven/configuration'
 require 'raven/context'
 require 'raven/client'
@@ -19,13 +19,14 @@ require 'raven/interfaces/single_exception'
 require 'raven/interfaces/stack_trace'
 require 'raven/interfaces/http'
 require 'raven/utils/deep_merge'
+require 'raven/utils/real_ip'
 require 'raven/instance'
 
 require 'forwardable'
 require 'English'
 
 module Raven
-  AVAILABLE_INTEGRATIONS = %w[delayed_job railties sidekiq rack rake].freeze
+  AVAILABLE_INTEGRATIONS = %w(delayed_job railties sidekiq rack rack-timeout rake).freeze
 
   class << self
     extend Forwardable
@@ -63,7 +64,7 @@ module Raven
       integrations_to_load = Raven::AVAILABLE_INTEGRATIONS & only_integrations
       not_found_integrations = only_integrations - integrations_to_load
       if not_found_integrations.any?
-        self.logger.warn "Integrations do not exist: #{not_found_integrations.join ', '}"
+        logger.warn "Integrations do not exist: #{not_found_integrations.join ', '}"
       end
       integrations_to_load &= Gem.loaded_specs.keys
       # TODO(dcramer): integrations should have some additional checks baked-in
@@ -78,7 +79,7 @@ module Raven
     def load_integration(integration)
       require "raven/integrations/#{integration}"
     rescue Exception => error
-      self.logger.warn "Unable to load raven/integrations/#{integration}: #{error}"
+      logger.warn "Unable to load raven/integrations/#{integration}: #{error}"
     end
 
     def safely_prepend(module_name, opts = {})

data/lib/raven/cli.rb

@@ -1,6 +1,6 @@
 module Raven
   class CLI
-    def self.test(dsn = nil, silent = false)
+    def self.test(dsn = nil, silent = false) # rubocop:disable all
       if silent
         Raven.configuration.logger = ::Logger.new(nil)
       else
@@ -17,7 +17,7 @@ module Raven
       Raven.configuration.dsn = dsn if dsn
 
       # wipe out env settings to ensure we send the event
-      unless Raven.configuration.capture_in_current_environment?
+      unless Raven.configuration.capture_allowed?
         env_name = Raven.configuration.environments.pop || 'production'
         Raven.logger.debug "Setting environment to #{env_name}"
         Raven.configuration.current_environment = env_name
@@ -40,7 +40,7 @@ module Raven
         else
           Raven.logger.debug "-> event ID: #{evt.id}"
         end
-      elsif evt #async configuration
+      elsif evt # async configuration
         if evt.value.is_a? Hash
           Raven.logger.debug "-> event ID: #{evt.value[:event_id]}"
         else

data/lib/raven/client.rb

@@ -38,7 +38,7 @@ module Raven
 
       begin
         transport.send_event(generate_auth_header, encoded_data,
-                       :content_type => content_type)
+                             :content_type => content_type)
         successful_send
       rescue => e
         failed_send(e, event)
@@ -63,7 +63,7 @@ module Raven
     private
 
     def encode(event)
-      hash = @processors.reduce(event.to_hash) { |memo, p| p.process(memo) }
+      hash = @processors.reduce(event.to_hash) { |a, e| e.process(a) }
       encoded = JSON.generate(hash)
 
       case configuration.encoding
@@ -115,7 +115,7 @@ module Raven
     def should_try?
       return true if @status == :online
 
-      interval = @retry_after || [@retry_number, 6].min ** 2
+      interval = @retry_after || [@retry_number, 6].min**2
       return true if Time.now - @last_check >= interval
 
       false

data/lib/raven/configuration.rb

@@ -3,120 +3,140 @@ require 'uri'
 
 module Raven
   class Configuration
-    # Simple server string (setter provided below)
-    attr_reader :server
-
-    # Public key for authentication with the Sentry server
-    attr_accessor :public_key
-
-    # Secret key for authentication with the Sentry server
-    attr_accessor :secret_key
+    # Directories to be recognized as part of your app. e.g. if you
+    # have an `engines` dir at the root of your project, you may want
+    # to set this to something like /(app|config|engines|lib)/
+    attr_accessor :app_dirs_pattern
 
-    # Accessors for the component parts of the DSN
-    attr_accessor :scheme
-    attr_accessor :host
-    attr_accessor :port
-    attr_accessor :path
+    # Provide an object that responds to `call` to send events asynchronously.
+    # E.g.: lambda { |event| Thread.new { Raven.send_event(event) } }
+    attr_reader :async
+    alias async? async
 
-    # Project ID number to send to the Sentry server
-    attr_accessor :project_id
+    # Number of lines of code context to capture, or nil for none
+    attr_accessor :context_lines
 
-    # Project directory root
-    attr_reader :project_root
+    # RACK_ENV by default.
+    attr_reader :current_environment
 
-    # Encoding type for event bodies
+    # Encoding type for event bodies. Must be :json or :gzip.
     attr_reader :encoding
 
-    # Logger to use internally
-    attr_accessor :logger
-
-    # Silence ready message
-    attr_accessor :silence_ready
-
-    # Number of lines of code context to capture, or nil for none
-    attr_accessor :context_lines
-
-    # Whitelist of environments that will send notifications to Sentry
+    # Whitelist of environments that will send notifications to Sentry. Array of Strings.
     attr_accessor :environments
 
-    # Include module versions in reports?
-    attr_accessor :send_modules
+    # Logger 'progname's to exclude from breadcrumbs
+    attr_accessor :exclude_loggers
 
-    # Which exceptions should never be sent
+    # Array of exception classes that should never be sent. See IGNORE_DEFAULT.
+    # You should probably append to this rather than overwrite it.
     attr_accessor :excluded_exceptions
 
-    # Processors to run on data before sending upstream
-    attr_accessor :processors
+    # DSN component - set automatically if DSN provided
+    attr_accessor :host
 
-    # Timeout when waiting for the server to return data in seconds
-    attr_accessor :timeout
+    # The Faraday adapter to be used. Will default to Net::HTTP when not set.
+    attr_accessor :http_adapter
 
-    # Timeout waiting for the connection to open in seconds
+    # Logger used by Raven. In Rails, this is the Rails logger, otherwise
+    # Raven provides its own Raven::Logger.
+    attr_accessor :logger
+
+    # Timeout waiting for the Sentry server connection to open in seconds
     attr_accessor :open_timeout
 
-    # Should the SSL certificate of the server be verified?
-    attr_accessor :ssl_verification
+    # DSN component - set automatically if DSN provided
+    attr_accessor :path
 
-    # The path to the SSL certificate file
-    attr_accessor :ssl_ca_file
+    # DSN component - set automatically if DSN provided
+    attr_accessor :port
 
-    # SSl settings passed direactly to faraday's ssl option
-    attr_accessor :ssl
+    # Processors to run on data before sending upstream. See DEFAULT_PROCESSORS.
+    # You should probably append to this rather than overwrite it.
+    attr_accessor :processors
 
-    # Proxy information to pass to the HTTP adapter
+    # Project ID number to send to the Sentry server
+    # If you provide a DSN, this will be set automatically.
+    attr_accessor :project_id
+
+    # Project directory root for in_app detection. Could be Rails root, etc.
+    # Set automatically for Rails.
+    attr_reader :project_root
+
+    # Proxy information to pass to the HTTP adapter (via Faraday)
     attr_accessor :proxy
 
-    attr_reader :current_environment
+    # Public key for authentication with the Sentry server
+    # If you provide a DSN, this will be set automatically.
+    attr_accessor :public_key
 
-    # The Faraday adapter to be used. Will default to Net::HTTP when not set.
-    attr_accessor :http_adapter
+    # Turns on ActiveSupport breadcrumbs integration
+    attr_accessor :rails_activesupport_breadcrumbs
 
-    attr_accessor :server_name
+    # Rails catches exceptions in the ActionDispatch::ShowExceptions or
+    # ActionDispatch::DebugExceptions middlewares, depending on the environment.
+    # When `rails_report_rescued_exceptions` is true (it is by default), Raven
+    # will report exceptions even when they are rescued by these middlewares.
+    attr_accessor :rails_report_rescued_exceptions
 
+    # Release tag to be passed with every event sent to Sentry.
+    # We automatically try to set this to a git SHA or Capistrano release.
     attr_accessor :release
 
-    # DEPRECATED: This option is now ignored as we use our own adapter.
-    attr_accessor :json_adapter
+    # Boolean - sanitize values that look like credit card numbers
+    attr_accessor :sanitize_credit_cards
 
-    # Default tags for events
-    attr_accessor :tags
+    # By default, Sentry censors Hash values when their keys match things like
+    # "secret", "password", etc. Provide an array of Strings that, when matched in
+    # a hash key, will be censored and not sent to Sentry.
+    attr_accessor :sanitize_fields
 
-    # Optional Proc to be used to send events asynchronously.
-    attr_reader :async
+    # Sanitize additional HTTP headers - only Authorization is removed by default.
+    attr_accessor :sanitize_http_headers
 
-    # Optional Proc, called when the Sentry server cannot be contacted for any reason
-    attr_reader :transport_failure_callback
+    # DSN component - set automatically if DSN provided.
+    # Otherwise, can be one of "http", "https", or "dummy"
+    attr_accessor :scheme
 
-    # Directories to be recognized as part of your app. e.g. if you
-    # have an `engines` dir at the root of your project, you may want
-    # to set this to something like /(app|config|engines|lib)/
-    attr_accessor :app_dirs_pattern
+    # Secret key for authentication with the Sentry server
+    # If you provide a DSN, this will be set automatically.
+    attr_accessor :secret_key
 
-    # Rails catches exceptions in the ActionDispatch::ShowExceptions or
-    # ActionDispatch::DebugExceptions middlewares, depending on the environment.
-    # When `rails_report_rescued_exceptions` is true (it is by default), Raven
-    # will report exceptions even when they are rescued by these middlewares.
-    attr_accessor :rails_report_rescued_exceptions
-    # Deprecated accessor
-    attr_reader :catch_debugged_exceptions
+    # Include module versions in reports - boolean.
+    attr_accessor :send_modules
 
-    # Turns on ActiveSupport breadcrumbs integration
-    attr_accessor :rails_activesupport_breadcrumbs
+    # Simple server string - set this to the DSN found on your Sentry settings.
+    attr_reader :server
 
-    # Provide a configurable callback to determine event capture
+    attr_accessor :server_name
+
+    # Provide a configurable callback to determine event capture.
+    # Note that the object passed into the block will be a String (messages) or
+    # an exception.
+    # e.g. lambda { |exc_or_msg| exc_or_msg.some_attr == false }
     attr_accessor :should_capture
 
-    # additional fields to sanitize
-    attr_accessor :sanitize_fields
+    # Silences ready message when true.
+    attr_accessor :silence_ready
 
-    # Sanitize values that look like credit card numbers
-    attr_accessor :sanitize_credit_cards
+    # SSL settings passed directly to Faraday's ssl option
+    attr_accessor :ssl
 
-    # Truncate any strings longer than this bytesize before sending
-    attr_accessor :event_bytesize_limit
+    # The path to the SSL certificate file
+    attr_accessor :ssl_ca_file
 
-    # Logger 'progname's to exclude from breadcrumbs
-    attr_accessor :exclude_loggers
+    # Should the SSL certificate of the server be verified?
+    attr_accessor :ssl_verification
+
+    # Default tags for events. Hash.
+    attr_accessor :tags
+
+    # Timeout when waiting for the server to return data in seconds.
+    attr_accessor :timeout
+
+    # Optional Proc, called when the Sentry server cannot be contacted for any reason
+    # E.g. lambda { |event| Thread.new { MyJobProcessor.send_email(event) } }
+    attr_reader :transport_failure_callback
 
     IGNORE_DEFAULT = [
       'AbstractController::ActionNotFound',
@@ -126,46 +146,45 @@ module Raven
       'ActiveRecord::RecordNotFound',
       'CGI::Session::CookieStore::TamperedWithCookie',
       'Mongoid::Errors::DocumentNotFound',
-      'Sinatra::NotFound',
+      'Sinatra::NotFound'
     ].freeze
 
+    # Note the order - we have to remove circular references and bad characters
+    # before passing to other processors.
     DEFAULT_PROCESSORS = [
-      Raven::Processor::Truncator,
       Raven::Processor::RemoveCircularReferences,
       Raven::Processor::UTF8Conversion,
       Raven::Processor::SanitizeData,
       Raven::Processor::Cookies,
       Raven::Processor::PostData,
+      Raven::Processor::HTTPHeaders
     ].freeze
 
     def initialize
-      self.server = ENV['SENTRY_DSN'] if ENV['SENTRY_DSN']
-      @context_lines = 3
+      self.async = false
+      self.context_lines = 3
       self.current_environment = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'default'
-      self.send_modules = true
-      self.excluded_exceptions = IGNORE_DEFAULT.dup
-      self.processors = DEFAULT_PROCESSORS.dup
-      self.ssl_verification = true
       self.encoding = 'gzip'
-      self.timeout = 2
+      self.environments = []
+      self.exclude_loggers = []
+      self.excluded_exceptions = IGNORE_DEFAULT.dup
       self.open_timeout = 1
+      self.processors = DEFAULT_PROCESSORS.dup
       self.proxy = nil
-      self.tags = {}
-      self.async = false
-      self.rails_report_rescued_exceptions = true
       self.rails_activesupport_breadcrumbs = false
-      self.transport_failure_callback = false
-      self.sanitize_fields = []
-      self.sanitize_credit_cards = true
-      self.event_bytesize_limit = 8_000
-      self.environments = []
-      self.exclude_loggers = []
-
+      self.rails_report_rescued_exceptions = true
       self.release = detect_release
-
-      # Try to resolve the hostname to an FQDN, but fall back to whatever the load name is
-      self.server_name = Socket.gethostname
-      self.server_name = Socket.gethostbyname(hostname).first rescue server_name
+      self.sanitize_credit_cards = true
+      self.sanitize_fields = []
+      self.sanitize_http_headers = []
+      self.send_modules = true
+      self.server = ENV['SENTRY_DSN'] if ENV['SENTRY_DSN']
+      self.server_name = resolve_hostname
+      self.should_capture = false
+      self.ssl_verification = true
+      self.tags = {}
+      self.timeout = 2
+      self.transport_failure_callback = false
     end
 
     def server=(value)
@@ -189,38 +208,46 @@ module Raven
       @server << ":#{port}" unless port == { 'http' => 80, 'https' => 443 }[scheme]
       @server << path
     end
+    alias dsn= server=
 
     def encoding=(encoding)
-      raise Error.new('Unsupported encoding') unless %w(gzip json).include? encoding
+      raise(Error, 'Unsupported encoding') unless %w(gzip json).include? encoding
       @encoding = encoding
     end
 
-    alias dsn= server=
-
     def async=(value)
-      raise ArgumentError.new("async must be callable (or false to disable)") unless value == false || value.respond_to?(:call)
+      unless value == false || value.respond_to?(:call)
+        raise(ArgumentError, "async must be callable (or false to disable)")
+      end
       @async = value
     end
 
-    alias async? async
-
     def transport_failure_callback=(value)
-      raise ArgumentError.new("transport_failure_callback must be callable (or false to disable)") unless value == false || value.respond_to?(:call)
+      unless value == false || value.respond_to?(:call)
+        raise(ArgumentError, "transport_failure_callback must be callable (or false to disable)")
+      end
       @transport_failure_callback = value
     end
 
+    def should_capture=(value)
+      unless value == false || value.respond_to?(:call)
+        raise ArgumentError, "should_capture must be callable (or false to disable)"
+      end
+      @should_capture = value
+    end
+
     # Allows config options to be read like a hash
     #
     # @param [Symbol] option Key for a given attribute
     def [](option)
-      send(option)
+      public_send(option)
     end
 
     def current_environment=(environment)
       @current_environment = environment.to_s
     end
 
-    def capture_allowed?(message_or_exc)
+    def capture_allowed?(message_or_exc = nil)
       capture_in_current_environment? &&
         capture_allowed_by_callback?(message_or_exc)
     end
@@ -228,26 +255,10 @@ module Raven
     # If we cannot capture, we cannot send.
     alias sending_allowed? capture_allowed?
 
-    def capture_in_current_environment?
-      !!server && (environments.empty? || environments.include?(current_environment))
-    end
-
-    def capture_allowed_by_callback?(message_or_exc)
-      return true unless should_capture
-      should_capture.call(*[message_or_exc])
-    end
-
     def verify!
-      raise Error.new('No server specified') unless server
-      raise Error.new('No public key specified') unless public_key
-      raise Error.new('No secret key specified') unless secret_key
-      raise Error.new('No project ID specified') unless project_id
-    end
-
-    def detect_release
-      detect_release_from_heroku ||
-        detect_release_from_capistrano ||
-        detect_release_from_git
+      %w(server public_key secret_key project_id).each do |key|
+        raise(Error, "No #{key} specified") unless public_send key
+      end
     end
 
     def project_root=(root_dir)
@@ -255,11 +266,10 @@ module Raven
       Backtrace::Line.instance_variable_set(:@in_app_pattern, nil) # blow away cache
     end
 
-    def catch_debugged_exceptions=(boolean)
-      Raven.logger.warn "DEPRECATION WARNING: catch_debugged_exceptions has been \
-        renamed to rails_report_rescued_exceptions. catch_debugged_exceptions will \
-        be removed in raven-ruby 0.17.0"
-      self.rails_report_rescued_exceptions = boolean
+    def detect_release
+      detect_release_from_heroku ||
+        detect_release_from_capistrano ||
+        detect_release_from_git
     end
 
     private
@@ -278,5 +288,21 @@ module Raven
     def detect_release_from_git
       `git rev-parse --short HEAD`.strip if File.directory?(".git") rescue nil
     end
+
+    def capture_in_current_environment?
+      !!server && (environments.empty? || environments.include?(current_environment))
+    end
+
+    def capture_allowed_by_callback?(message_or_exc)
+      return true if !should_capture || message_or_exc.nil?
+      should_capture.call(*[message_or_exc])
+    end
+
+    # Try to resolve the hostname to an FQDN, but fall back to whatever
+    # the load name is.
+    def resolve_hostname
+      Socket.gethostname ||
+        Socket.gethostbyname(hostname).first rescue server_name
+    end
   end
 end

data/lib/raven/event.rb

@@ -8,7 +8,6 @@ require 'raven/error'
 require 'raven/linecache'
 
 module Raven
-
   class Event
     LOG_LEVELS = {
       "debug" => 10,
@@ -16,7 +15,7 @@ module Raven
       "warn" => 30,
       "warning" => 30,
       "error" => 40,
-      "fatal" => 50,
+      "fatal" => 50
     }.freeze
 
     BACKTRACE_RE = /^(.+?):(\d+)(?::in `(.+?)')?$/
@@ -25,15 +24,15 @@ module Raven
 
     attr_reader :id
     attr_accessor :project, :message, :timestamp, :time_spent, :level, :logger,
-      :culprit, :server_name, :release, :modules, :extra, :tags, :context, :configuration,
-      :checksum, :fingerprint, :environment
+                  :culprit, :server_name, :release, :modules, :extra, :tags, :context, :configuration,
+                  :checksum, :fingerprint, :environment
 
     def initialize(init = {})
       @configuration = Raven.configuration
       @interfaces    = {}
       @breadcrumbs   = Raven.breadcrumbs
       @context       = Raven.context
-      @id            = generate_event_id
+      @id            = SecureRandom.uuid
       @project       = nil
       @message       = nil
       @timestamp     = Time.now.utc
@@ -59,6 +58,10 @@ module Raven
         end
       end
 
+      if @context.rack_env
+        @context.user[:ip_address] = calculate_real_ip_from_rack
+      end
+
       init.each_pair { |key, val| instance_variable_set('@' + key.to_s, val) }
 
       @user = @context.user.merge(@user)
@@ -67,7 +70,7 @@ module Raven
 
       # Some type coercion
       @timestamp  = @timestamp.strftime('%Y-%m-%dT%H:%M:%S') if @timestamp.is_a?(Time)
-      @time_spent = (@time_spent*1000).to_i if @time_spent.is_a?(Float)
+      @time_spent = (@time_spent * 1000).to_i if @time_spent.is_a?(Float)
       @level      = LOG_LEVELS[@level.to_s.downcase] if @level.is_a?(String) || @level.is_a?(Symbol)
     end
 
@@ -99,7 +102,9 @@ module Raven
       end
 
       def from_message(message, options = {})
+        message = message.byteslice(0...10_000) # Messages limited to 10kb
         configuration = options[:configuration] || Raven.configuration
+
         new(options) do |evt|
           evt.configuration = configuration
           evt.message = message
@@ -133,9 +138,7 @@ module Raven
 
           while exc.respond_to?(:cause) && exc.cause
             exc = exc.cause
-            if context.include?(exc.object_id)
-              break
-            end
+            break if context.include?(exc.object_id)
             exceptions << exc
             context.add(exc.object_id)
           end
@@ -194,7 +197,7 @@ module Raven
 
     def interface(name, value = nil, &block)
       int = Raven.find_interface(name)
-      raise Error.new("Unknown interface: #{name}") unless int
+      raise(Error, "Unknown interface: #{name}") unless int
       @interfaces[int.name] = int.new(value, &block) if value || block
       @interfaces[int.name]
     end
@@ -215,7 +218,7 @@ module Raven
         :time_spent => @time_spent,
         :level => @level,
         :project => @project,
-        :platform => PLATFORM,
+        :platform => PLATFORM
       }
       data[:logger] = @logger if @logger
       data[:culprit] = @culprit if @culprit
@@ -236,7 +239,7 @@ module Raven
     end
 
     def get_file_context(filename, lineno, context)
-      return nil, nil, nil unless Raven::LineCache.is_valid_file(filename)
+      return nil, nil, nil unless Raven::LineCache.valid_file?(filename)
       lines = Array.new(2 * context + 1) do |i|
         Raven::LineCache.getline(filename, lineno - context + i)
       end
@@ -248,24 +251,29 @@ module Raven
       "#{lastframe.filename} in #{lastframe.function} at line #{lastframe.lineno}" if lastframe
     end
 
+    def to_json_compatible
+      JSON.parse(JSON.generate(to_hash))
+    end
+
     # For cross-language compat
     class << self
-      alias :captureException :from_exception
-      alias :captureMessage :from_message
-      alias :capture_exception :from_exception
-      alias :capture_message :from_message
+      alias captureException from_exception
+      alias captureMessage from_message
+      alias capture_exception from_exception
+      alias capture_message from_message
     end
 
     private
 
-    def generate_event_id
-      # generate a uuid. copy-pasted from SecureRandom, this method is not
-      # available in <1.9.
-      ary = SecureRandom.random_bytes(16).unpack("NnnnnN")
-      ary[2] = (ary[2] & 0x0fff) | 0x4000
-      ary[3] = (ary[3] & 0x3fff) | 0x8000
-      uuid = "%08x-%04x-%04x-%04x-%04x%08x" % ary
-      ::Digest::MD5.hexdigest(uuid)
+    # When behind a proxy (or if the user is using a proxy), we can't use
+    # REMOTE_ADDR to determine the Event IP, and must use other headers instead.
+    def calculate_real_ip_from_rack
+      Utils::RealIp.new(
+        :remote_addr => context.rack_env["REMOTE_ADDR"],
+        :client_ip => context.rack_env["HTTP_CLIENT_IP"],
+        :real_ip => context.rack_env["HTTP_X_REAL_IP"],
+        :forwarded_for => context.rack_env["HTTP_X_FORWARDED_FOR"]
+      ).calculate_ip
     end
   end
 end

data/lib/raven/instance.rb

@@ -58,7 +58,7 @@ module Raven
     # Tell the log that the client is good to go
     def report_status
       return if configuration.silence_ready
-      if configuration.capture_in_current_environment?
+      if configuration.capture_allowed?
         logger.info "Raven #{VERSION} ready to catch errors"
       else
         logger.info "Raven #{VERSION} configured not to capture errors."
@@ -119,7 +119,14 @@ module Raven
       if (evt = Event.send("from_" + message_or_exc, obj, options))
         yield evt if block_given?
         if configuration.async?
-          configuration.async.call(evt)
+          begin
+            # We have to convert to a JSON-like hash, because background job
+            # processors (esp ActiveJob) may not like weird types in the event hash
+            configuration.async.call(evt.to_json_compatible)
+          rescue => ex
+            Raven.logger.error("async event sending failed: #{ex.message}")
+            send_event(evt)
+          end
         else
           send_event(evt)
         end

data/lib/raven/integrations/delayed_job.rb

@@ -21,7 +21,7 @@ module Delayed
                 :locked_by   => job.locked_by,
                 :queue       => job.queue,
                 :created_at  => job.created_at
-                }
+              }
             }
             # last_error can be nil
             extra[:last_error] = job.last_error[0...100] if job.last_error
@@ -33,12 +33,12 @@ module Delayed
               extra[:active_job] = job.payload_object.job_data
             end
             ::Raven.capture_exception(exception,
-              :logger  => 'delayed_job',
-              :tags    => {
-                 :delayed_job_queue => job.queue,
-                 :delayed_job_id => job.id
-              },
-              :extra => extra)
+                                      :logger  => 'delayed_job',
+                                      :tags    => {
+                                        :delayed_job_queue => job.queue,
+                                        :delayed_job_id => job.id
+                                      },
+                                      :extra => extra)
 
             # Make sure we propagate the failure!
             raise exception
@@ -49,7 +49,6 @@ module Delayed
         end
       end
     end
-
   end
 end
 

data/lib/raven/integrations/rack-timeout.rb

@@ -0,0 +1,16 @@
+# rubocop:disable Style/FileName
+# We need to do this because of the way integration loading works
+require 'rack-timeout'
+
+# This integration is a good example of how to change how exceptions
+# get grouped by Sentry's UI. Simply override #raven_context in
+# the exception class, and append something to the fingerprint
+# that will distinguish exceptions in the way you desire.
+module RackTimeoutExtensions
+  def raven_context
+    { :fingerprint => ["{{ default }}", env["REQUEST_URI"]] }
+  end
+end
+
+Rack::Timeout::Error.include RackTimeoutExtensions
+Rack::Timeout::RequestTimeoutException.include RackTimeoutExtensions

data/lib/raven/integrations/rack.rb

@@ -51,7 +51,6 @@ module Raven
       rescue Error
         raise # Don't capture Raven errors
       rescue Exception => e
-        Raven.logger.debug "Collecting %p: %s" % [ e.class, e.message ]
         Raven::Rack.capture_exception(e, env)
         raise
       end
@@ -84,8 +83,8 @@ module Raven
     def read_data_from(request)
       if request.form_data?
         request.POST
-      elsif request.body
-        data = request.body.read
+      elsif request.body # JSON requests, etc
+        data = request.body.read(2048) # Sentry server limit
         request.body.rewind
         data
       end

data/lib/raven/integrations/rails/active_job.rb

@@ -12,7 +12,7 @@ module Raven
                 :arguments => arguments,
                 :scheduled_at => scheduled_at,
                 :job_id => job_id,
-                :locale => locale,
+                :locale => locale
               }
 
               # Add provider_job_id details if Rails 5

data/lib/raven/integrations/rake.rb

@@ -4,7 +4,7 @@ require 'raven/integrations/tasks'
 
 module Rake
   class Application
-    alias :orig_display_error_messsage :display_error_message
+    alias orig_display_error_messsage display_error_message
     def display_error_message(ex)
       Raven.capture_exception ex, :logger => 'rake', :tags => { 'rake_task' => @name }
       orig_display_error_messsage(ex)

data/lib/raven/integrations/sidekiq.rb

@@ -8,7 +8,7 @@ module Raven
       yield
     rescue Exception => ex
       Raven.capture_exception(ex, :extra => { :sidekiq => msg },
-                                  :time_spent => Time.now-started_at)
+                                  :time_spent => Time.now - started_at)
       raise
     ensure
       Context.clear!
@@ -26,10 +26,10 @@ if Sidekiq::VERSION < '3'
   end
 else
   Sidekiq.configure_server do |config|
-    config.error_handlers << Proc.new do |ex, context|
+    config.error_handlers << proc do |ex, context|
       Raven.capture_exception(ex, :extra => {
-        :sidekiq => filter_context(context)
-      })
+                                :sidekiq => filter_context(context)
+                              })
     end
   end
 end

data/lib/raven/interfaces.rb

@@ -1,6 +1,4 @@
 module Raven
-
-  # TODO: a constant isn't appropriate here, refactor
   INTERFACES = {} # rubocop:disable Style/MutableConstant
 
   class Interface
@@ -17,7 +15,7 @@ module Raven
     end
 
     def to_hash
-      Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
+      Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] }]
     end
   end
 

data/lib/raven/interfaces/exception.rb

@@ -7,9 +7,7 @@ module Raven
 
     def to_hash(*args)
       data = super(*args)
-      if data[:values]
-        data[:values] = data[:values].map(&:to_hash)
-      end
+      data[:values] = data[:values].map(&:to_hash) if data[:values]
       data
     end
   end

data/lib/raven/interfaces/single_exception.rb

@@ -9,9 +9,7 @@ module Raven
 
     def to_hash(*args)
       data = super(*args)
-      if data[:stacktrace]
-        data[:stacktrace] = data[:stacktrace].to_hash
-      end
+      data[:stacktrace] = data[:stacktrace].to_hash if data[:stacktrace]
       data
     end
   end

data/lib/raven/interfaces/stack_trace.rb

@@ -34,7 +34,7 @@ module Raven
       end
 
       def filename
-        return nil if self.abs_path.nil?
+        return nil if abs_path.nil?
 
         prefix =
           if under_project_root? && in_app
@@ -45,7 +45,7 @@ module Raven
             longest_load_path
           end
 
-        prefix ? self.abs_path[prefix.to_s.chomp(File::SEPARATOR).length+1..-1] : self.abs_path
+        prefix ? abs_path[prefix.to_s.chomp(File::SEPARATOR).length + 1..-1] : abs_path
       end
 
       def under_project_root?
@@ -57,16 +57,16 @@ module Raven
       end
 
       def longest_load_path
-        $LOAD_PATH.select { |s| self.abs_path.start_with?(s.to_s) }.sort_by { |s| s.to_s.length }.last
+        $LOAD_PATH.select { |s| abs_path.start_with?(s.to_s) }.sort_by { |s| s.to_s.length }.last
       end
 
       def to_hash(*args)
         data = super(*args)
-        data[:filename] = self.filename
-        data.delete(:vars) unless self.vars && !self.vars.empty?
-        data.delete(:pre_context) unless self.pre_context && !self.pre_context.empty?
-        data.delete(:post_context) unless self.post_context && !self.post_context.empty?
-        data.delete(:context_line) unless self.context_line && !self.context_line.empty?
+        data[:filename] = filename
+        data.delete(:vars) unless vars && !vars.empty?
+        data.delete(:pre_context) unless pre_context && !pre_context.empty?
+        data.delete(:post_context) unless post_context && !post_context.empty?
+        data.delete(:context_line) unless context_line && !context_line.empty?
         data
       end
     end

data/lib/raven/linecache.rb

@@ -1,14 +1,9 @@
-# A much simpler source line cacher because linecache sucks at platform compat
-
 module Raven
   class LineCache
     class << self
-      # TODO: a constant isn't appropriate here, refactor
-      # also would there be threading bugs essentially using this as a class
-      # variable?
       CACHE = {} # rubocop:disable Style/MutableConstant
 
-      def is_valid_file(path)
+      def valid_file?(path)
         lines = getlines(path)
         !lines.nil?
       end

data/lib/raven/logger.rb

@@ -10,7 +10,7 @@ module Raven
       :error,
       :warn,
       :info,
-      :debug,
+      :debug
     ].each do |level|
       define_method level do |*args, &block|
         logger = Raven.configuration[:logger]

data/lib/raven/processor.rb

@@ -1,5 +1,9 @@
 module Raven
   class Processor
+    STRING_MASK = '********'.freeze
+    INT_MASK = 0
+    REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
+
     def initialize(client)
       @client = client
     end

data/lib/raven/processor/cookies.rb

@@ -3,10 +3,10 @@ module Raven
     def process(data)
       if data[:request]
         # Remove possibly sensitive cookies
-        data[:request][:cookies] = nil if data[:request][:cookies]
+        data[:request][:cookies] = STRING_MASK if data[:request][:cookies]
 
         if data[:request][:headers] && data[:request][:headers]["Cookie"]
-          data[:request][:headers]["Cookie"] = nil
+          data[:request][:headers]["Cookie"] = STRING_MASK
         end
       end
 

data/lib/raven/processor/http_headers.rb

@@ -0,0 +1,42 @@
+module Raven
+  class Processor::HTTPHeaders < Processor
+    DEFAULT_FIELDS = ["Authorization"].freeze
+
+    attr_accessor :sanitize_http_headers
+
+    def initialize(client)
+      super
+      self.sanitize_http_headers = client.configuration.sanitize_http_headers
+    end
+
+    def process(data)
+      if data[:request] && data[:request][:headers]
+        data[:request][:headers].keys.select { |k| fields_re.match(k.to_s) }.each do |k|
+          data[:request][:headers][k] = STRING_MASK
+        end
+      end
+
+      data
+    end
+
+    private
+
+    def matches_regexes?(k)
+      fields_re.match(k.to_s)
+    end
+
+    def fields_re
+      @fields_re ||= /#{(DEFAULT_FIELDS | sanitize_http_headers).map do |f|
+        use_boundary?(f) ? "\\b#{f}\\b" : f
+      end.join("|")}/i
+    end
+
+    def use_boundary?(string)
+      !DEFAULT_FIELDS.include?(string) && !special_characters?(string)
+    end
+
+    def special_characters?(string)
+      REGEX_SPECIAL_CHARACTERS.select { |r| string.include?(r) }.any?
+    end
+  end
+end

data/lib/raven/processor/post_data.rb

@@ -2,7 +2,7 @@ module Raven
   class Processor::PostData < Processor
     def process(data)
       if data[:request] && data[:request][:method] == "POST"
-        data[:request][:data] = nil # Remove possibly sensitive POST data
+        data[:request][:data] = STRING_MASK # Remove possibly sensitive POST data
       end
 
       data

data/lib/raven/processor/sanitizedata.rb

@@ -3,11 +3,8 @@ require 'json'
 
 module Raven
   class Processor::SanitizeData < Processor
-    STRING_MASK = '********'.freeze
-    INT_MASK = 0
     DEFAULT_FIELDS = %w(authorization password passwd secret ssn social(.*)?sec).freeze
     CREDIT_CARD_RE = /^(?:\d[ -]*?){13,16}$/
-    REGEX_SPECIAL_CHARACTERS = %w(. $ ^ { [ ( | ) * + ?).freeze
 
     attr_accessor :sanitize_fields, :sanitize_credit_cards
 
@@ -18,23 +15,23 @@ module Raven
     end
 
     def process(value)
-      value.each_with_object(value) { |(k,v), memo| memo[k] = sanitize(k,v) }
+      value.each_with_object(value) { |(k, v), memo| memo[k] = sanitize(k, v) }
     end
 
-    def sanitize(k,v)
+    def sanitize(k, v)
       if v.is_a?(Hash)
         process(v)
       elsif v.is_a?(Array)
-        v.map{|a| sanitize(k, a)}
+        v.map { |a| sanitize(k, a) }
       elsif k.to_s == 'query_string'
         sanitize_query_string(v)
-      elsif v.is_a?(Integer) && matches_regexes?(k,v)
+      elsif v.is_a?(Integer) && matches_regexes?(k, v)
         INT_MASK
       elsif v.is_a?(String)
         if fields_re.match(v.to_s) && (json = parse_json_or_nil(v))
-          #if this string is actually a json obj, convert and sanitize
+          # if this string is actually a json obj, convert and sanitize
           json.is_a?(Hash) ? process(json).to_json : v
-        elsif matches_regexes?(k,v)
+        elsif matches_regexes?(k, v)
           STRING_MASK
         else
           v
@@ -72,11 +69,9 @@ module Raven
     end
 
     def parse_json_or_nil(string)
-      begin
-        JSON.parse(string)
-      rescue JSON::ParserError, NoMethodError
-        nil
-      end
+      JSON.parse(string)
+    rescue JSON::ParserError, NoMethodError
+      nil
     end
   end
 end

data/lib/raven/transports.rb

@@ -9,8 +9,8 @@ module Raven
         @configuration = configuration
       end
 
-      def send_event #(auth_header, data, options = {})
-        raise NotImplementedError.new('Abstract method not implemented')
+      def send_event # (auth_header, data, options = {})
+        raise NotImplementedError, 'Abstract method not implemented'
       end
 
       protected

data/lib/raven/utils/real_ip.rb

@@ -0,0 +1,62 @@
+require 'ipaddr'
+
+# Based on ActionDispatch::RemoteIp. All security-related precautions from that
+# middleware have been removed, because the Event IP just needs to be accurate,
+# and spoofing an IP here only makes data inaccurate, not insecure. Don't re-use
+# this module if you have to *trust* the IP address.
+module Raven
+  module Utils
+    class RealIp
+      LOCAL_ADDRESSES = [
+        "127.0.0.1",      # localhost IPv4
+        "::1",            # localhost IPv6
+        "fc00::/7",       # private IPv6 range fc00::/7
+        "10.0.0.0/8",     # private IPv4 range 10.x.x.x
+        "172.16.0.0/12",  # private IPv4 range 172.16.0.0 .. 172.31.255.255
+        "192.168.0.0/16", # private IPv4 range 192.168.x.x
+      ].map { |proxy| IPAddr.new(proxy) }
+
+      attr_accessor :ip, :ip_addresses
+
+      def initialize(ip_addresses)
+        self.ip_addresses = ip_addresses
+      end
+
+      def calculate_ip
+        # CGI environment variable set by Rack
+        remote_addr = ips_from(ip_addresses[:remote_addr]).last
+
+        # Could be a CSV list and/or repeated headers that were concatenated.
+        client_ips    = ips_from(ip_addresses[:client_ip])
+        real_ips      = ips_from(ip_addresses[:real_ip])
+        forwarded_ips = ips_from(ip_addresses[:forwarded_for])
+
+        ips = [client_ips, real_ips, forwarded_ips, remote_addr].flatten.compact
+
+        # If every single IP option is in the trusted list, just return REMOTE_ADDR
+        self.ip = filter_local_addresses(ips).first || remote_addr
+      end
+
+      protected
+
+      def ips_from(header)
+        # Split the comma-separated list into an array of strings
+        ips = header ? header.strip.split(/[,\s]+/) : []
+        ips.select do |ip|
+          begin
+            # Only return IPs that are valid according to the IPAddr#new method
+            range = IPAddr.new(ip).to_range
+            # we want to make sure nobody is sneaking a netmask in
+            range.begin == range.end
+          rescue ArgumentError
+            nil
+          end
+        end
+      end
+
+      def filter_local_addresses(ips)
+        ips.reject { |ip| LOCAL_ADDRESSES.any? { |proxy| proxy === ip } }
+      end
+    end
+  end
+end

data/lib/raven/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Raven
   # Freezing this constant breaks in 1.9.x
-  VERSION = "1.2.3" # rubocop:disable Style/MutableConstant
+  VERSION = "2.0.0" # rubocop:disable Style/MutableConstant
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sentry-raven
 version: !ruby/object:Gem::Version
-  version: 1.2.3
+  version: 2.0.0
 platform: ruby
 authors:
 - Sentry Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-31 00:00:00.000000000 Z
+date: 2016-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -138,6 +138,7 @@ files:
 - lib/raven/event.rb
 - lib/raven/instance.rb
 - lib/raven/integrations/delayed_job.rb
+- lib/raven/integrations/rack-timeout.rb
 - lib/raven/integrations/rack.rb
 - lib/raven/integrations/rails.rb
 - lib/raven/integrations/rails/active_job.rb
@@ -158,16 +159,17 @@ files:
 - lib/raven/logger.rb
 - lib/raven/processor.rb
 - lib/raven/processor/cookies.rb
+- lib/raven/processor/http_headers.rb
 - lib/raven/processor/post_data.rb
 - lib/raven/processor/removecircularreferences.rb
 - lib/raven/processor/removestacktrace.rb
 - lib/raven/processor/sanitizedata.rb
-- lib/raven/processor/truncator.rb
 - lib/raven/processor/utf8conversion.rb
 - lib/raven/transports.rb
 - lib/raven/transports/dummy.rb
 - lib/raven/transports/http.rb
 - lib/raven/utils/deep_merge.rb
+- lib/raven/utils/real_ip.rb
 - lib/raven/version.rb
 - lib/sentry-raven-without-integrations.rb
 - lib/sentry-raven.rb

data/lib/raven/processor/truncator.rb

@@ -1,22 +0,0 @@
-module Raven
-  class Processor::Truncator < Processor
-    attr_accessor :event_bytesize_limit
-
-    def initialize(client)
-      super
-      self.event_bytesize_limit = client.configuration.event_bytesize_limit
-    end
-
-    def process(value)
-      value.each_with_object(value) { |(k, v), memo| memo[k] = truncate(v) }
-    end
-
-    def truncate(v)
-      if v.respond_to?(:bytesize) && v.bytesize >= event_bytesize_limit
-        v.byteslice(0...event_bytesize_limit)
-      else
-        v
-      end
-    end
-  end
-end