sentry-raven 2.6.3 → 2.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 29f898ece848c6fd9bf471b62dbfb990c41f30a1
-  data.tar.gz: d290053185690206a198fb29ace1e6443534be7b
+  metadata.gz: 720bbe2b86e0c01584514a17c2f6299bb1313af1
+  data.tar.gz: 0410c196dffd1e8d0617ff1d01335c120b9dfa3c
 SHA512:
-  metadata.gz: 7eb80ee3da6a36d2e8304dfcbf8f5d339340d401543d4c8fd9ae9340c923e49a889e6d0266c55bbc316183c882b595fba05c52e8422c560d36d4a2c2f049784a
-  data.tar.gz: a4489464ff92761b746fd3b6be2ef384eb06a2d365ccf6e386e5feb46ca25fcb92ed8e4970e9aef5e684cf4b56d61f83ea6ca8dbacf344ece036227c0145425e
+  metadata.gz: 81eb505ebd43d3946a29ecd8e73ea67349c64907eee5821e1259e36353b6b204c7a42c7b584a4f2e93b1d45ee4a5fddf43c7c1f8315f5e63ff123caad2f73656
+  data.tar.gz: f81baee39e752d97874a88f6c37457325d0ab3baa9a8d3b54a495842bf08095879940854965023cda72397d85ee00e8839b51c6bd7954a0c8668143df57c0c2f

data/.rspec

@@ -1,2 +1 @@
 --colour
---format documentation

data/.rubocop.yml

@@ -7,7 +7,7 @@ AllCops:
      - 'vendor/**/*'
 
 Metrics/ClassLength:
-  Max: 248
+  Max: 262
   CountComments: false
 
 Metrics/AbcSize:

data/.travis.yml

@@ -8,9 +8,9 @@ branches:
   only: [master]
 
 rvm:
-  - 2.2.7
-  - 2.3.4
-  - 2.4.1
+  - 2.2.8
+  - 2.3.5
+  - 2.4.2
 
 env:
   - RAILS_VERSION=4
@@ -24,6 +24,7 @@ addons:
 
 before_install:
   - service haveged start
+  - gem install bundler
 
 matrix:
   include:
@@ -31,9 +32,9 @@ matrix:
       env: RAILS_VERSION=4
     - rvm: jruby-1.7.27
       env: JRUBY_OPTS="--dev" RAILS_VERSION=4
-    - rvm: jruby-9.1.12.0
+    - rvm: jruby-9.1.13.0
       env: JRUBY_OPTS="--dev -J-Djruby.launch.inproc=true -J-Xmx1024M" RAILS_VERSION=4
-    - rvm: jruby-9.1.12.0
+    - rvm: jruby-9.1.13.0
       env: JRUBY_OPTS="--dev -J-Djruby.launch.inproc=true -J-Xmx1024M" RAILS_VERSION=5
     - rvm: ruby-head
       env: RAILS_VERSION=0

data/README.md

@@ -89,9 +89,6 @@ config.async = lambda { |event| SentryJob.perform_later(event) }
 class SentryJob < ActiveJob::Base
   queue_as :default
 
-  # Important for ActiveJob! Otherwise, we can get caught in an infinite loop.
-  rescue_from(ActiveJob::DeserializationError) { |e| Rails.logger.error e }
-
   def perform(event)
     Raven.send_event(event)
   end

data/changelog.md

@@ -1,3 +1,25 @@
+2.7.1
+-----
+
+* BUGFIX: Fixed LocalJumpError in Rails controllers [@nateberkopec w/@frodsan, #774]
+
+2.7.0
+-----
+
+* FEATURE: Add random sampling. [@nateberkopec, #734]
+* FEATURE: Transactions. See Context docs for usage. [@nateberkopec, #743]
+* FEATURE: You can set the current environment for Sentry via `SENTRY_CURRENT_ENV` env variable. Useful if your staging environment's RACK_ENV is "production", for example. [@tijmenb, #736]
+
+* BUGFIX: Fix wrapped classnames in old versions of Sidekiq and ActiveJob [@nateberkopec, #702]
+* BUGFIX: Server names on Heroku were pretty useless before - now they follow the dyno name ("worker.1", "web.2") [@nateberkopec, #703]
+* BUGFIX: ActiveJob::DeserializationError is now ignored by default. Not doing so can cause infinite loops if you are using an ActiveJob async callback. [@nateberkopec, #701]
+* BUGFIX: Binary conversion to UTF-8 when binary is frozen is fixed [@nateberkopec, #757]
+* BUGFIX: Our credit-card regex now matches Sentry's server behavior, which means it does not censor milliseconds since the epoch [@nateberkopec, #771]
+
+* REFACTOR: We now use an updated port of Rails' deep_merge which should be 5-10% faster [@nateberkopec, #770]
+* REFACTOR: Tests have been cleaned up, and now run in random order. [@nateberkopec]
+* REFACTOR: Raven::Event has been refactored a bit [@nateberkopec]
+
 2.6.3
 -----
 

data/docs/breadcrumbs.rst

@@ -1,3 +1,5 @@
+.. versionadded:: 1.2
+
 Breadcrumbs
 ===========
 
@@ -38,3 +40,12 @@ Appropriate places to inject Breadcrumbs may be places like your HTTP library:
         end
       end
     end
+
+.. versionadded:: 2.6
+
+The breadcrumb buffer is publicly accessible if you wish to manipulate it beyond
+what is possible with the ``record`` method.
+
+.. sourcecode:: ruby
+
+  Raven.breadcrumbs.buffer # Array of breadcrumbs

data/docs/config.rst

@@ -23,7 +23,12 @@ Optional settings
           Thread.new { Raven.send_event(event) }
         }
 
-    Using a thread to send events will be adequate for truly parallel Ruby platforms such as JRuby, though the benefit on MRI/CRuby will be limited. Threads also won't report any exceptions raised inside of them, so be careful!
+    Using a thread to send events will be adequate for truly parallel Ruby platforms such as JRuby, though the benefit on MRI/CRuby will be limited.
+
+    The example above is extremely basic. For example, exceptions in Rake tasks
+    will not be reported because the Rake task will probably exit before the thread
+    can completely send the event to Sentry. Threads also won't report any
+    exceptions raised inside of them, so be careful!
 
     If the async callback raises an exception, Raven will attempt to send synchronously.
 
@@ -40,9 +45,6 @@ Optional settings
         class SentryJob < ActiveJob::Base
           queue_as :default
 
-          # Important! Otherwise, we can get caught in an infinite loop.
-          rescue_from(ActiveJob::DeserializationError) { |e| Rails.logger.error e }
-
           def perform(event)
             Raven.send_event(event)
           end
@@ -68,7 +70,7 @@ Optional settings
 
         config.environments = %w[ production ]
 
-    Sentry automatically sets the current environment to RAILS_ENV, or if it is not present, RACK_ENV. If you are using Sentry outside of Rack or Rails, or wish to override environment detection, you'll need to set the current environment yourself:
+    Sentry automatically sets the current environment to RAILS_ENV, or if it is not present, RACK_ENV. If you are using Sentry outside of Rack or Rails, or wish to override environment detection, you'll need to set the current environment by setting SENTRY_CURRENT_ENV or configuring the client yourself:
 
     .. code-block:: ruby
 
@@ -183,6 +185,16 @@ Optional settings
 
         config.release = '721e41770371db95eee98ca2707686226b993eda'
 
+.. describe:: sample_rate
+
+    The sampling factor to apply to events. A value of 0.00 will deny sending
+    any events, and a value of 1.00 will send 100% of events.
+
+    .. code-block:: ruby
+
+        # send 50% of events
+        config.sample_rate = 0.5
+
 .. describe:: should_capture
 
     By providing a proc or lambda, you can control what events are captured. Events are passed to the Proc or lambda you provide - returning false will stop the event from sending to Sentry:

data/docs/context.rst

@@ -25,6 +25,7 @@ The following attributes are available:
 * ``tags``: a mapping of tags describing this event
 * ``extra``: a mapping of arbitrary context
 * ``user``: a mapping of user context
+* ``transaction``: An array of strings. The final element in the array represents the current transaction, e.g. "HelloController#hello_world" for a Rails controller.
 
 Providing Request Context
 -------------------------
@@ -116,3 +117,25 @@ for you, otherwise you'll need to ensure you perform it manually:
 
 Note: the rack and user context will perform a set operation, whereas tags
 and extra context will merge with any existing request context.
+
+Transactions
+~~~~~~~~~~~~
+
+The "transaction" is intended to represent the action the event occurred during.
+In Rack, this will be the request URL. In Rails, it's the controller name and
+action ("HelloController#hello_world").
+
+Transactions are modeled as a stack. The top item in the stack (i.e. the last
+element of the array) will be used as the ``transaction`` for any events:
+
+.. sourcecode:: ruby
+
+    Raven.context.transactions.push "User Import"
+    # import some users
+    Raven.context.transactions.pop
+
+Transactions may also be overridden/set explicitly during event creation:
+
+.. sourcecode:: ruby
+
+    Raven.capture_exception(exception, transaction: "User Import")

data/docs/index.rst

@@ -104,6 +104,7 @@ the library and the client integrations.
 
    breadcrumbs
    context
+   processors
    integrations/index
 
 Resources:

data/docs/integrations/puma.rst

@@ -23,7 +23,7 @@ Puma provides a config option for handling low level errors.
         ex,
         :message => ex.message,
         :extra => { :puma => env },
-        :culprit => "Puma"
+        :transaction => "Puma"
       )
       # note the below is just a Rack response
       [500, {}, ["An error has occurred, and engineers have been informed. Please reload the page. If you continue to have problems, contact support@example.com\n"]]

data/docs/processors.rst

@@ -0,0 +1,124 @@
+Processors
+==========
+
+Raven Ruby contains several "processors", which scrub data before it is sent to Sentry.
+Processors remove invalid or sensitive data. The following are the processors
+which are enabled by default (and are applied to all outgoing data in this order):
+
+RemoveCircularReferences
+   Many Ruby JSON implementations simply throw an exception if they detect a
+   circular reference. This processor removes circular references from hashes
+   and arrays.
+
+UTF8Conversion
+   Many Ruby JSON implementations will throw exceptions if data is not in a
+   consistent UTF-8 format. This processor looks for invalid encodings and fixes
+   them.
+
+SanitizeData
+  Censors any data which looks like a password, social security number or credit
+  card number. Can be configured to scrub other data.
+
+Cookies
+  Removes any HTTP cookies from the Sentry event data.
+
+PostData
+  Removes any HTTP Post request bodies.
+
+HTTPHeaders
+  Removes all HTTP headers which match a regex. By default, this will only remove the
+  "Authorization" header, but can be configured to remove others.
+
+Finally, another processor is included in the source but is not turned on by default,
+RemoveStackTrace.
+
+To remove stacktraces from events:
+
+.. sourcecode:: ruby
+
+    Raven.configure do |config|
+      config.processors += [Raven::Processor::RemoveStacktrace]
+    end
+
+Writing Your Own Processor
+--------------------------
+
+Processors are simple to write and understand. As an example, let's say that we
+send user API keys to a background job (using Sidekiq), and if the background job
+raises an exception, we want to make sure that the API key is removed from the
+event data.
+
+This is what a basic processor might look like:
+
+.. sourcecode:: ruby
+
+  class MyJobProcessor < Raven::Processor
+    def process(data)
+      return data unless data["extra"]["arguments"] &&
+        data["extra"]["arguments"].first["sensitive_parameter"]
+
+      data["extra"]["arguments"].first["sensitive_parameter"] = STRING_MASK
+      data
+    end
+  end
+
+Processors should inherit from the ``Raven::Processor`` class. This ensures that the
+processor has access to its client (all processors have a ``client`` instance method,
+which will be populated with the current ``Raven::Client`` when the  processor
+is initialized), and gives you a few convenient constants for masking data.
+
+Processors must have a method called ``process`` defined. It must accept one
+argument, which will be the Raven event data hash. The method must return a hash,
+which represents the data after it has been modified by the processor.
+
+To help you in writing your own processor, here is what the Event data hash looks
+like (slightly modified/concatenated) when it is passed to the processor:
+
+.. sourcecode:: ruby
+
+  {
+    "environment" => "default",
+    "event_id" => "02ea6d3d35c840b1a8f339ba896917e3",
+    "extra" => {
+      "server" => {
+       # server related information
+      }
+     "active_job" => "MyActiveJob",
+     "arguments" => [ {"sensitive_parameter": "sensitive"} ],
+     "job_id" => "cbc2c146-0486-4e98-b81c-1a251d636b34",
+    },
+    "modules" => {
+      "rake"=>"12.0.0",
+       "concurrent-ruby"=>"1.0.5",
+       "i18n"=>"0.8.6",
+       "minitest"=>"5.10.3",
+       # ...
+    },
+    "platform" => "ruby",
+    "release" => "e4d5ced",
+    "sdk" => {"name"=>"raven-ruby", "version"=>"2.6.3"},
+    "server_name" => "myserver.local",
+    "timestamp" => "2017-10-09T19:53:20",
+    "exception" => {
+      # A very large and complex exception object
+    }
+  }
+
+However, it will probably be more helpful if you use a debugger, such as `pry`, to
+inspect the event data hash for yourself.
+
+The example processor given above looks for the ActiveJob arguments hash, looks for
+a particular value, and then replaces it with the string mask. There is a fast return
+if the event does not contain the ActiveJob data we're looking for, using Ruby 2.3+'s
+safe navigation operator.
+
+Once you have your processor written, you simply need to add it to the processor chain:
+
+.. sourcecode:: ruby
+
+  Raven.configure do |config|
+    config.processors += MyJobProcessor
+  end
+
+For more information about writing processors, read the code for the default
+processors, located in ``lib/processor``.

data/lib/raven/backtrace.rb

@@ -5,6 +5,7 @@ module Raven
   class Backtrace
     # Handles backtrace parsing line by line
     class Line
+      RB_EXTENSION = ".rb".freeze
       # regexp (optional leading X: on windows, or JRuby9000 class-prefix)
       RUBY_INPUT_FORMAT = /
         ^ \s* (?: [a-zA-Z]: | uri:classloader: )? ([^:]+ | <.*>):
@@ -34,7 +35,7 @@ module Raven
         ruby_match = unparsed_line.match(RUBY_INPUT_FORMAT)
         if ruby_match
           _, file, number, method = ruby_match.to_a
-          file.sub!(/\.class$/, ".rb")
+          file.sub!(/\.class$/, RB_EXTENSION)
           module_name = nil
         else
           java_match = unparsed_line.match(JAVA_INPUT_FORMAT)

data/lib/raven/base.rb

@@ -12,12 +12,15 @@ require 'raven/configuration'
 require 'raven/context'
 require 'raven/client'
 require 'raven/event'
+require 'raven/linecache'
 require 'raven/logger'
 require 'raven/interfaces/message'
 require 'raven/interfaces/exception'
 require 'raven/interfaces/single_exception'
 require 'raven/interfaces/stack_trace'
 require 'raven/interfaces/http'
+require 'raven/transports'
+require 'raven/transports/http'
 require 'raven/utils/deep_merge'
 require 'raven/utils/real_ip'
 require 'raven/instance'
@@ -28,6 +31,9 @@ require 'English'
 module Raven
   AVAILABLE_INTEGRATIONS = %w(delayed_job railties sidekiq rack rack-timeout rake).freeze
 
+  class Error < StandardError
+  end
+
   class << self
     extend Forwardable
 

data/lib/raven/cli.rb

@@ -53,7 +53,7 @@ module Raven
 
       instance.logger.debug ""
       instance.logger.debug "Done!"
-      true
+      evt
     end
   end
 end

data/lib/raven/client.rb

@@ -3,9 +3,6 @@ require 'base64'
 require 'json'
 require 'zlib'
 
-require 'raven/version'
-require 'raven/transports/http'
-
 module Raven
   # Encodes events and sends them to the Sentry server.
   class Client

data/lib/raven/configuration.rb

@@ -91,6 +91,10 @@ module Raven
     # We automatically try to set this to a git SHA or Capistrano release.
     attr_accessor :release
 
+    # The sampling factor to apply to events. A value of 0.0 will not send
+    # any events, and a value of 1.0 will send 100% of events.
+    attr_accessor :sample_rate
+
     # Boolean - sanitize values that look like credit card numbers
     attr_accessor :sanitize_credit_cards
 
@@ -161,7 +165,8 @@ module Raven
       'ActiveRecord::RecordNotFound',
       'CGI::Session::CookieStore::TamperedWithCookie',
       'Mongoid::Errors::DocumentNotFound',
-      'Sinatra::NotFound'
+      'Sinatra::NotFound',
+      'ActiveJob::DeserializationError'
     ].freeze
 
     # Note the order - we have to remove circular references and bad characters
@@ -176,11 +181,12 @@ module Raven
     ].freeze
 
     LOG_PREFIX = "** [Raven] ".freeze
+    MODULE_SEPARATOR = "::".freeze
 
     def initialize
       self.async = false
       self.context_lines = 3
-      self.current_environment = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'default'
+      self.current_environment = ENV['SENTRY_CURRENT_ENV'] || ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'default'
       self.encoding = 'gzip'
       self.environments = []
       self.exclude_loggers = []
@@ -194,13 +200,14 @@ module Raven
       self.rails_activesupport_breadcrumbs = false
       self.rails_report_rescued_exceptions = true
       self.release = detect_release
+      self.sample_rate = 1.0
       self.sanitize_credit_cards = true
       self.sanitize_fields = []
       self.sanitize_fields_excluded = []
       self.sanitize_http_headers = []
       self.send_modules = true
       self.server = ENV['SENTRY_DSN'] if ENV['SENTRY_DSN']
-      self.server_name = resolve_hostname
+      self.server_name = heroku_dyno_name || resolve_hostname
       self.should_capture = false
       self.ssl_verification = true
       self.tags = {}
@@ -273,7 +280,8 @@ module Raven
 
       valid? &&
         capture_in_current_environment? &&
-        capture_allowed_by_callback?(message_or_exc)
+        capture_allowed_by_callback?(message_or_exc) &&
+        sample_allowed?
     end
     # If we cannot capture, we cannot send.
     alias sending_allowed? capture_allowed?
@@ -304,8 +312,41 @@ module Raven
       end
     end
 
+    def exception_class_allowed?(exc)
+      if exc.is_a?(Raven::Error)
+        # Try to prevent error reporting loops
+        logger.debug "Refusing to capture Raven error: #{exc.inspect}"
+        false
+      elsif excluded_exception?(exc)
+        logger.debug "User excluded error: #{exc.inspect}"
+        false
+      else
+        true
+      end
+    end
+
     private
 
+    def excluded_exception?(exc)
+      excluded_exceptions.any? { |x| get_exception_class(x) === exc }
+    end
+
+    def get_exception_class(x)
+      x.is_a?(Module) ? x : qualified_const_get(x)
+    end
+
+    # In Ruby <2.0 const_get can't lookup "SomeModule::SomeClass" in one go
+    def qualified_const_get(x)
+      x = x.to_s
+      if !x.match(/::/)
+        Object.const_get(x)
+      else
+        x.split(MODULE_SEPARATOR).reject(&:empty?).inject(Object) { |a, e| a.const_get(e) }
+      end
+    rescue NameError # There's no way to safely ask if a constant exist for an unknown string
+      nil
+    end
+
     def detect_release_from_heroku
       return unless running_on_heroku?
       logger.warn(heroku_dyno_metadata_message) && return unless ENV['HEROKU_SLUG_COMMIT']
@@ -361,6 +402,21 @@ module Raven
       false
     end
 
+    def heroku_dyno_name
+      return unless running_on_heroku?
+      ENV['DYNO']
+    end
+
+    def sample_allowed?
+      return true if sample_rate == 1.0
+      if Random::DEFAULT.rand >= sample_rate
+        @errors << "Excluded by random sample"
+        false
+      else
+        true
+      end
+    end
+
     # Try to resolve the hostname to an FQDN, but fall back to whatever
     # the load name is.
     def resolve_hostname