sentry-ruby 5.3.1 → 5.16.1

data/lib/sentry/transport/http_transport.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "zlib"
+
+module Sentry
+  class HTTPTransport < Transport
+    GZIP_ENCODING = "gzip"
+    GZIP_THRESHOLD = 1024 * 30
+    CONTENT_TYPE = 'application/x-sentry-envelope'
+
+    DEFAULT_DELAY = 60
+    RETRY_AFTER_HEADER = "retry-after"
+    RATE_LIMIT_HEADER = "x-sentry-rate-limits"
+    USER_AGENT = "sentry-ruby/#{Sentry::VERSION}"
+
+    # The list of errors ::Net::HTTP is known to raise
+    # See https://github.com/ruby/ruby/blob/b0c639f249165d759596f9579fa985cb30533de6/lib/bundler/fetcher.rb#L281-L286
+    HTTP_ERRORS = [
+      Timeout::Error, EOFError, SocketError, Errno::ENETDOWN, Errno::ENETUNREACH,
+      Errno::EINVAL, Errno::ECONNRESET, Errno::ETIMEDOUT, Errno::EAGAIN,
+      Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
+      Zlib::BufError, Errno::EHOSTUNREACH, Errno::ECONNREFUSED
+    ].freeze
+
+
+    def initialize(*args)
+      super
+      log_debug("Sentry HTTP Transport will connect to #{@dsn.server}") if @dsn
+    end
+
+    def send_data(data)
+      encoding = ""
+
+      if should_compress?(data)
+        data = Zlib.gzip(data)
+        encoding = GZIP_ENCODING
+      end
+
+      headers = {
+        'Content-Type' => CONTENT_TYPE,
+        'Content-Encoding' => encoding,
+        'User-Agent' => USER_AGENT
+      }
+
+      auth_header = generate_auth_header
+      headers['X-Sentry-Auth'] = auth_header if auth_header
+
+      response = conn.start do |http|
+        request = ::Net::HTTP::Post.new(endpoint, headers)
+        request.body = data
+        http.request(request)
+      end
+
+      if response.code.match?(/\A2\d{2}/)
+        handle_rate_limited_response(response) if has_rate_limited_header?(response)
+      elsif response.code == "429"
+        log_debug("the server responded with status 429")
+        handle_rate_limited_response(response)
+      else
+        error_info = "the server responded with status #{response.code}"
+        error_info += "\nbody: #{response.body}"
+        error_info += " Error in headers is: #{response['x-sentry-error']}" if response['x-sentry-error']
+
+        raise Sentry::ExternalError, error_info
+      end
+    rescue SocketError, *HTTP_ERRORS => e
+      on_error if respond_to?(:on_error)
+      raise Sentry::ExternalError.new(e&.message)
+    end
+
+    def endpoint
+      @dsn.envelope_endpoint
+    end
+
+    def generate_auth_header
+      return nil unless @dsn
+
+      now = Sentry.utc_now.to_i
+      fields = {
+        'sentry_version' => PROTOCOL_VERSION,
+        'sentry_client' => USER_AGENT,
+        'sentry_timestamp' => now,
+        'sentry_key' => @dsn.public_key
+      }
+      fields['sentry_secret'] = @dsn.secret_key if @dsn.secret_key
+      'Sentry ' + fields.map { |key, value| "#{key}=#{value}" }.join(', ')
+    end
+
+    def conn
+      server = URI(@dsn.server)
+
+      # connection respects proxy setting from @transport_configuration, or environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY)
+      # Net::HTTP will automatically read the env vars.
+      # See https://ruby-doc.org/3.2.2/stdlibs/net/Net/HTTP.html#class-Net::HTTP-label-Proxies
+      connection =
+        if proxy = normalize_proxy(@transport_configuration.proxy)
+          ::Net::HTTP.new(server.hostname, server.port, proxy[:uri].hostname, proxy[:uri].port, proxy[:user], proxy[:password])
+        else
+          ::Net::HTTP.new(server.hostname, server.port)
+        end
+
+      connection.use_ssl = server.scheme == "https"
+      connection.read_timeout = @transport_configuration.timeout
+      connection.write_timeout = @transport_configuration.timeout if connection.respond_to?(:write_timeout)
+      connection.open_timeout = @transport_configuration.open_timeout
+
+      ssl_configuration.each do |key, value|
+        connection.send("#{key}=", value)
+      end
+
+      connection
+    end
+
+    private
+
+    def has_rate_limited_header?(headers)
+      headers[RETRY_AFTER_HEADER] || headers[RATE_LIMIT_HEADER]
+    end
+
+    def handle_rate_limited_response(headers)
+      rate_limits =
+        if rate_limits = headers[RATE_LIMIT_HEADER]
+          parse_rate_limit_header(rate_limits)
+        elsif retry_after = headers[RETRY_AFTER_HEADER]
+          # although Sentry doesn't send a date string back
+          # based on HTTP specification, this could be a date string (instead of an integer)
+          retry_after = retry_after.to_i
+          retry_after = DEFAULT_DELAY if retry_after == 0
+
+          { nil => Time.now + retry_after }
+        else
+          { nil => Time.now + DEFAULT_DELAY }
+        end
+
+      rate_limits.each do |category, limit|
+        if current_limit = @rate_limits[category]
+          if current_limit < limit
+            @rate_limits[category] = limit
+          end
+        else
+          @rate_limits[category] = limit
+        end
+      end
+    end
+
+    def parse_rate_limit_header(rate_limit_header)
+      time = Time.now
+
+      result = {}
+
+      limits = rate_limit_header.split(",")
+      limits.each do |limit|
+        next if limit.nil? || limit.empty?
+
+        begin
+          retry_after, categories = limit.strip.split(":").first(2)
+          retry_after = time + retry_after.to_i
+          categories = categories.split(";")
+
+          if categories.empty?
+            result[nil] = retry_after
+          else
+            categories.each do |category|
+              result[category] = retry_after
+            end
+          end
+        rescue StandardError
+        end
+      end
+
+      result
+    end
+
+    def should_compress?(data)
+      @transport_configuration.encoding == GZIP_ENCODING && data.bytesize >= GZIP_THRESHOLD
+    end
+
+    # @param proxy [String, URI, Hash] Proxy config value passed into `config.transport`.
+    #   Accepts either a URI formatted string, URI, or a hash with the `uri`, `user`, and `password` keys.
+    # @return [Hash] Normalized proxy config that will be passed into `Net::HTTP`
+    def normalize_proxy(proxy)
+      return proxy unless proxy
+
+      case proxy
+      when String
+        uri = URI(proxy)
+        { uri: uri, user: uri.user, password: uri.password }
+      when URI
+        { uri: proxy, user: proxy.user, password: proxy.password }
+      when Hash
+        proxy
+      end
+    end
+
+    def ssl_configuration
+      configuration = {
+        verify: @transport_configuration.ssl_verification,
+        ca_file: @transport_configuration.ssl_ca_file
+      }.merge(@transport_configuration.ssl || {})
+
+      configuration[:verify_mode] = configuration.delete(:verify) ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
+      configuration
+    end
+  end
+end

data/lib/sentry/transport/spotlight_transport.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "zlib"
+
+module Sentry
+  # Designed to just report events to Spotlight in development.
+  class SpotlightTransport < HTTPTransport
+    DEFAULT_SIDECAR_URL = "http://localhost:8969/stream"
+    MAX_FAILED_REQUESTS = 3
+
+    def initialize(configuration)
+      super
+      @sidecar_url = configuration.spotlight.is_a?(String) ? configuration.spotlight : DEFAULT_SIDECAR_URL
+      @failed = 0
+      @logged = false
+
+      log_debug("[Spotlight] initialized for url #{@sidecar_url}")
+    end
+
+    def endpoint
+      "/stream"
+    end
+
+    def send_data(data)
+      if @failed >= MAX_FAILED_REQUESTS
+        unless @logged
+          log_debug("[Spotlight] disabling because of too many request failures")
+          @logged = true
+        end
+
+        return
+      end
+
+      super
+    end
+
+    def on_error
+      @failed += 1
+    end
+
+    # Similar to HTTPTransport connection, but does not support Proxy and SSL
+    def conn
+      sidecar = URI(@sidecar_url)
+      connection = ::Net::HTTP.new(sidecar.hostname, sidecar.port, nil)
+      connection.use_ssl = false
+      connection
+    end
+  end
+end

data/lib/sentry/transport.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require "json"
+require "base64"
+require "sentry/envelope"
+
+module Sentry
+  class Transport
+    PROTOCOL_VERSION = '7'
+    USER_AGENT = "sentry-ruby/#{Sentry::VERSION}"
+    CLIENT_REPORT_INTERVAL = 30
+
+    # https://develop.sentry.dev/sdk/client-reports/#envelope-item-payload
+    CLIENT_REPORT_REASONS = [
+      :ratelimit_backoff,
+      :queue_overflow,
+      :cache_overflow, # NA
+      :network_error,
+      :sample_rate,
+      :before_send,
+      :event_processor,
+      :insufficient_data,
+      :backpressure
+    ]
+
+    include LoggingHelper
+
+    attr_reader :rate_limits, :discarded_events, :last_client_report_sent
+
+    # @deprecated Use Sentry.logger to retrieve the current logger instead.
+    attr_reader :logger
+
+    def initialize(configuration)
+      @logger = configuration.logger
+      @transport_configuration = configuration.transport
+      @dsn = configuration.dsn
+      @rate_limits = {}
+      @send_client_reports = configuration.send_client_reports
+
+      if @send_client_reports
+        @discarded_events = Hash.new(0)
+        @last_client_report_sent = Time.now
+      end
+    end
+
+    def send_data(data, options = {})
+      raise NotImplementedError
+    end
+
+    def send_event(event)
+      envelope = envelope_from_event(event)
+      send_envelope(envelope)
+
+      event
+    end
+
+    def send_envelope(envelope)
+      reject_rate_limited_items(envelope)
+
+      return if envelope.items.empty?
+
+      data, serialized_items = serialize_envelope(envelope)
+
+      if data
+        log_info("[Transport] Sending envelope with items [#{serialized_items.map(&:type).join(', ')}] #{envelope.event_id} to Sentry")
+        send_data(data)
+      end
+    end
+
+    def serialize_envelope(envelope)
+      serialized_items = []
+      serialized_results = []
+
+      envelope.items.each do |item|
+        result, oversized = item.serialize
+
+        if oversized
+          log_debug("Envelope item [#{item.type}] is still oversized after size reduction: {#{item.size_breakdown}}")
+
+          next
+        end
+
+        serialized_results << result
+        serialized_items << item
+      end
+
+      data = [JSON.generate(envelope.headers), *serialized_results].join("\n") unless serialized_results.empty?
+
+      [data, serialized_items]
+    end
+
+    def is_rate_limited?(item_type)
+      # check category-specific limit
+      category_delay =
+        case item_type
+        when "transaction"
+          @rate_limits["transaction"]
+        when "sessions"
+          @rate_limits["session"]
+        else
+          @rate_limits["error"]
+        end
+
+      # check universal limit if not category limit
+      universal_delay = @rate_limits[nil]
+
+      delay =
+        if category_delay && universal_delay
+          if category_delay > universal_delay
+            category_delay
+          else
+            universal_delay
+          end
+        elsif category_delay
+          category_delay
+        else
+          universal_delay
+        end
+
+      !!delay && delay > Time.now
+    end
+
+    def any_rate_limited?
+      @rate_limits.values.any? { |t| t && t > Time.now }
+    end
+
+    def envelope_from_event(event)
+      # Convert to hash
+      event_payload = event.to_hash
+      event_id = event_payload[:event_id] || event_payload["event_id"]
+      item_type = event_payload[:type] || event_payload["type"]
+
+      envelope_headers = {
+        event_id: event_id,
+        dsn: @dsn.to_s,
+        sdk: Sentry.sdk_meta,
+        sent_at: Sentry.utc_now.iso8601
+      }
+
+      if event.is_a?(Event) && event.dynamic_sampling_context
+        envelope_headers[:trace] = event.dynamic_sampling_context
+      end
+
+      envelope = Envelope.new(envelope_headers)
+
+      envelope.add_item(
+        { type: item_type, content_type: 'application/json' },
+        event_payload
+      )
+
+      if event.is_a?(TransactionEvent) && event.profile
+        envelope.add_item(
+          { type: 'profile', content_type: 'application/json' },
+          event.profile
+        )
+      end
+
+      client_report_headers, client_report_payload = fetch_pending_client_report
+      envelope.add_item(client_report_headers, client_report_payload) if client_report_headers
+
+      envelope
+    end
+
+    def record_lost_event(reason, item_type)
+      return unless @send_client_reports
+      return unless CLIENT_REPORT_REASONS.include?(reason)
+
+      @discarded_events[[reason, item_type]] += 1
+    end
+
+    def flush
+      client_report_headers, client_report_payload = fetch_pending_client_report(force: true)
+      return unless client_report_headers
+
+      envelope = Envelope.new
+      envelope.add_item(client_report_headers, client_report_payload)
+      send_envelope(envelope)
+    end
+
+    private
+
+    def fetch_pending_client_report(force: false)
+      return nil unless @send_client_reports
+      return nil if !force && @last_client_report_sent > Time.now - CLIENT_REPORT_INTERVAL
+      return nil if @discarded_events.empty?
+
+      discarded_events_hash = @discarded_events.map do |key, val|
+        reason, type = key
+
+        # 'event' has to be mapped to 'error'
+        category = type == 'event' ? 'error' : type
+
+        { reason: reason, category: category, quantity: val }
+      end
+
+      item_header = { type: 'client_report' }
+      item_payload = {
+        timestamp: Sentry.utc_now.iso8601,
+        discarded_events: discarded_events_hash
+      }
+
+      @discarded_events = Hash.new(0)
+      @last_client_report_sent = Time.now
+
+      [item_header, item_payload]
+    end
+
+    def reject_rate_limited_items(envelope)
+      envelope.items.reject! do |item|
+        if is_rate_limited?(item.type)
+          log_debug("[Transport] Envelope item [#{item.type}] not sent: rate limiting")
+          record_lost_event(:ratelimit_backoff, item.type)
+
+          true
+        else
+          false
+        end
+      end
+    end
+  end
+end
+
+require "sentry/transport/dummy_transport"
+require "sentry/transport/http_transport"
+require "sentry/transport/spotlight_transport"

data/lib/sentry/utils/argument_checking_helper.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Sentry
+  module ArgumentCheckingHelper
+    private
+
+    def check_argument_type!(argument, *expected_types)
+      unless expected_types.any? { |t| argument.is_a?(t) }
+        raise ArgumentError, "expect the argument to be a #{expected_types.join(' or ')}, got #{argument.class} (#{argument.inspect})"
+      end
+    end
+
+    def check_argument_includes!(argument, values)
+      unless values.include?(argument)
+        raise ArgumentError, "expect the argument to be one of #{values.map(&:inspect).join(' or ')}, got #{argument.inspect}"
+      end
+    end
+  end
+end

data/lib/sentry/utils/custom_inspection.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Sentry
+  module CustomInspection
+    def inspect
+      attr_strings = (instance_variables - self.class::SKIP_INSPECTION_ATTRIBUTES).each_with_object([]) do |attr, result|
+        value = instance_variable_get(attr)
+        result << "#{attr}=#{value.inspect}" if value
+      end
+
+      "#<#{self.class.name} #{attr_strings.join(", ")}>"
+    end
+  end
+end

data/lib/sentry/utils/encoding_helper.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Sentry
+  module Utils
+    module EncodingHelper
+      def self.encode_to_utf_8(value)
+        if value.encoding != Encoding::UTF_8 && value.respond_to?(:force_encoding)
+          value = value.dup.force_encoding(Encoding::UTF_8)
+        end
+
+        value = value.scrub unless value.valid_encoding?
+        value
+      end
+
+      def self.valid_utf_8?(value)
+        return true unless value.respond_to?(:force_encoding)
+
+        value.dup.force_encoding(Encoding::UTF_8).valid_encoding?
+      end
+    end
+  end
+end

data/lib/sentry/utils/exception_cause_chain.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Sentry
+  module Utils
+    module ExceptionCauseChain
+      def self.exception_to_array(exception)
+        exceptions = [exception]
+
+        while exception.cause
+          exception = exception.cause
+          break if exceptions.any? { |e| e.object_id == exception.object_id }
+
+          exceptions << exception
+        end
+
+        exceptions
+      end
+    end
+  end
+end

data/lib/sentry/utils/logging_helper.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Sentry
+  module LoggingHelper
+    def log_error(message, exception, debug: false)
+      message = "#{message}: #{exception.message}"
+      message += "\n#{exception.backtrace.join("\n")}" if debug
+
+      @logger.error(LOGGER_PROGNAME) do
+        message
+      end
+    end
+
+    def log_info(message)
+      @logger.info(LOGGER_PROGNAME) { message }
+    end
+
+    def log_debug(message)
+      @logger.debug(LOGGER_PROGNAME) { message }
+    end
+
+    def log_warn(message)
+      @logger.warn(LOGGER_PROGNAME) { message }
+    end
+  end
+end

data/lib/sentry/utils/real_ip.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'ipaddr'
+
+# Based on ActionDispatch::RemoteIp. All security-related precautions from that
+# middleware have been removed, because the Event IP just needs to be accurate,
+# and spoofing an IP here only makes data inaccurate, not insecure. Don't re-use
+# this module if you have to *trust* the IP address.
+module Sentry
+  module Utils
+    class RealIp
+      LOCAL_ADDRESSES = [
+        "127.0.0.1",      # localhost IPv4
+        "::1",            # localhost IPv6
+        "fc00::/7",       # private IPv6 range fc00::/7
+        "10.0.0.0/8",     # private IPv4 range 10.x.x.x
+        "172.16.0.0/12",  # private IPv4 range 172.16.0.0 .. 172.31.255.255
+        "192.168.0.0/16", # private IPv4 range 192.168.x.x
+      ]
+
+      attr_reader :ip
+
+      def initialize(
+        remote_addr: nil,
+        client_ip: nil,
+        real_ip: nil,
+        forwarded_for: nil,
+        trusted_proxies: []
+      )
+        @remote_addr = remote_addr
+        @client_ip = client_ip
+        @real_ip = real_ip
+        @forwarded_for = forwarded_for
+        @trusted_proxies = (LOCAL_ADDRESSES + Array(trusted_proxies)).map do |proxy|
+          if proxy.is_a?(IPAddr)
+            proxy
+          else
+            IPAddr.new(proxy.to_s)
+          end
+        end.uniq
+      end
+
+      def calculate_ip
+        # CGI environment variable set by Rack
+        remote_addr = ips_from(@remote_addr).last
+
+        # Could be a CSV list and/or repeated headers that were concatenated.
+        client_ips    = ips_from(@client_ip)
+        real_ips      = ips_from(@real_ip)
+
+        # The first address in this list is the original client, followed by
+        # the IPs of successive proxies. We want to search starting from the end
+        # until we find the first proxy that we do not trust.
+        forwarded_ips = ips_from(@forwarded_for).reverse
+
+        ips = [client_ips, real_ips, forwarded_ips, remote_addr].flatten.compact
+
+        # If every single IP option is in the trusted list, just return REMOTE_ADDR
+        @ip = filter_trusted_proxy_addresses(ips).first || remote_addr
+      end
+
+      protected
+
+      def ips_from(header)
+        # Split the comma-separated list into an array of strings
+        ips = header ? header.strip.split(/[,\s]+/) : []
+        ips.select do |ip|
+          begin
+            # Only return IPs that are valid according to the IPAddr#new method
+            range = IPAddr.new(ip).to_range
+            # we want to make sure nobody is sneaking a netmask in
+            range.begin == range.end
+          rescue ArgumentError
+            nil
+          end
+        end
+      end
+
+      def filter_trusted_proxy_addresses(ips)
+        ips.reject { |ip| @trusted_proxies.any? { |proxy| proxy === ip } }
+      end
+    end
+  end
+end

data/lib/sentry/utils/request_id.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Sentry
+  module Utils
+    module RequestId
+      REQUEST_ID_HEADERS = %w(action_dispatch.request_id HTTP_X_REQUEST_ID).freeze
+
+      # Request ID based on ActionDispatch::RequestId
+      def self.read_from(env)
+        REQUEST_ID_HEADERS.each do |key|
+          request_id = env[key]
+          return request_id if request_id
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/sentry/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Sentry
+  VERSION = "5.16.1"
+end