sentry-sdk 0.18.0__py2.py3-none-any.whl → 2.46.0__py2.py3-none-any.whl

sentry_sdk/integrations/_wsgi_common.py

@@ -1,18 +1,27 @@
+from contextlib import contextmanager
 import json
+from copy import deepcopy
 
-from sentry_sdk.hub import Hub, _should_send_default_pii
-from sentry_sdk.utils import AnnotatedValue
-from sentry_sdk._compat import text_type, iteritems
+import sentry_sdk
+from sentry_sdk.scope import should_send_default_pii
+from sentry_sdk.utils import AnnotatedValue, logger
 
-from sentry_sdk._types import MYPY
+try:
+    from django.http.request import RawPostDataException
+except ImportError:
+    RawPostDataException = None
 
-if MYPY:
-    import sentry_sdk
+from typing import TYPE_CHECKING
 
+if TYPE_CHECKING:
     from typing import Any
     from typing import Dict
+    from typing import Iterator
+    from typing import Mapping
+    from typing import MutableMapping
     from typing import Optional
     from typing import Union
+    from sentry_sdk._types import Event, HttpStatusCodeRange
 
 
 SENSITIVE_ENV_KEYS = (
@@ -21,6 +30,7 @@ SENSITIVE_ENV_KEYS = (
     "HTTP_SET_COOKIE",
     "HTTP_COOKIE",
     "HTTP_AUTHORIZATION",
+    "HTTP_X_API_KEY",
     "HTTP_X_FORWARDED_FOR",
     "HTTP_X_REAL_IP",
 )
@@ -29,29 +39,57 @@ SENSITIVE_HEADERS = tuple(
     x[len("HTTP_") :] for x in SENSITIVE_ENV_KEYS if x.startswith("HTTP_")
 )
 
+DEFAULT_HTTP_METHODS_TO_CAPTURE = (
+    "CONNECT",
+    "DELETE",
+    "GET",
+    # "HEAD",  # do not capture HEAD requests by default
+    # "OPTIONS",  # do not capture OPTIONS requests by default
+    "PATCH",
+    "POST",
+    "PUT",
+    "TRACE",
+)
+
+
+# This noop context manager can be replaced with "from contextlib import nullcontext" when we drop Python 3.6 support
+@contextmanager
+def nullcontext():
+    # type: () -> Iterator[None]
+    yield
+
 
 def request_body_within_bounds(client, content_length):
-    # type: (Optional[sentry_sdk.Client], int) -> bool
+    # type: (Optional[sentry_sdk.client.BaseClient], int) -> bool
     if client is None:
         return False
 
-    bodies = client.options["request_bodies"]
+    bodies = client.options["max_request_body_size"]
     return not (
         bodies == "never"
-        or (bodies == "small" and content_length > 10 ** 3)
-        or (bodies == "medium" and content_length > 10 ** 4)
+        or (bodies == "small" and content_length > 10**3)
+        or (bodies == "medium" and content_length > 10**4)
     )
 
 
-class RequestExtractor(object):
+class RequestExtractor:
+    """
+    Base class for request extraction.
+    """
+
+    # It does not make sense to make this class an ABC because it is not used
+    # for typing, only so that child classes can inherit common methods from
+    # it. Only some child classes implement all methods that raise
+    # NotImplementedError in this class.
+
     def __init__(self, request):
         # type: (Any) -> None
         self.request = request
 
     def extract_into_event(self, event):
-        # type: (Dict[str, Any]) -> None
-        client = Hub.current.client
-        if client is None:
+        # type: (Event) -> None
+        client = sentry_sdk.get_client()
+        if not client.is_active():
             return
 
         data = None  # type: Optional[Union[AnnotatedValue, Dict[str, Any]]]
@@ -59,30 +97,36 @@ class RequestExtractor(object):
         content_length = self.content_length()
         request_info = event.get("request", {})
 
-        if _should_send_default_pii():
+        if should_send_default_pii():
             request_info["cookies"] = dict(self.cookies())
 
         if not request_body_within_bounds(client, content_length):
-            data = AnnotatedValue(
-                "",
-                {"rem": [["!config", "x", 0, content_length]], "len": content_length},
-            )
+            data = AnnotatedValue.removed_because_over_size_limit()
         else:
+            # First read the raw body data
+            # It is important to read this first because if it is Django
+            # it will cache the body and then we can read the cached version
+            # again in parsed_body() (or json() or wherever).
+            raw_data = None
+            try:
+                raw_data = self.raw_data()
+            except (RawPostDataException, ValueError):
+                # If DjangoRestFramework is used it already read the body for us
+                # so reading it here will fail. We can ignore this.
+                pass
+
             parsed_body = self.parsed_body()
             if parsed_body is not None:
                 data = parsed_body
-            elif self.raw_data():
-                data = AnnotatedValue(
-                    "",
-                    {"rem": [["!raw", "x", 0, content_length]], "len": content_length},
-                )
+            elif raw_data:
+                data = AnnotatedValue.removed_because_raw_data()
             else:
                 data = None
 
         if data is not None:
             request_info["data"] = data
 
-        event["request"] = request_info
+        event["request"] = deepcopy(request_info)
 
     def content_length(self):
         # type: () -> int
@@ -92,7 +136,7 @@ class RequestExtractor(object):
             return 0
 
     def cookies(self):
-        # type: () -> Dict[str, Any]
+        # type: () -> MutableMapping[str, Any]
         raise NotImplementedError()
 
     def raw_data(self):
@@ -105,15 +149,22 @@ class RequestExtractor(object):
 
     def parsed_body(self):
         # type: () -> Optional[Dict[str, Any]]
-        form = self.form()
-        files = self.files()
+        try:
+            form = self.form()
+        except Exception:
+            form = None
+        try:
+            files = self.files()
+        except Exception:
+            files = None
+
         if form or files:
-            data = dict(iteritems(form))
-            for k, v in iteritems(files):
-                size = self.size_of_file(v)
-                data[k] = AnnotatedValue(
-                    "", {"len": size, "rem": [["!raw", "x", 0, size]]}
-                )
+            data = {}
+            if form:
+                data = dict(form.items())
+            if files:
+                for key in files.keys():
+                    data[key] = AnnotatedValue.removed_because_raw_data()
 
             return data
 
@@ -129,11 +180,17 @@ class RequestExtractor(object):
             if not self.is_json():
                 return None
 
-            raw_data = self.raw_data()
+            try:
+                raw_data = self.raw_data()
+            except (RawPostDataException, ValueError):
+                # The body might have already been read, in which case this will
+                # fail
+                raw_data = None
+
             if raw_data is None:
                 return None
 
-            if isinstance(raw_data, text_type):
+            if isinstance(raw_data, str):
                 return json.loads(raw_data)
             else:
                 return json.loads(raw_data.decode("utf-8"))
@@ -166,15 +223,49 @@ def _is_json_content_type(ct):
 
 
 def _filter_headers(headers):
-    # type: (Dict[str, str]) -> Dict[str, str]
-    if _should_send_default_pii():
+    # type: (Mapping[str, str]) -> Mapping[str, Union[AnnotatedValue, str]]
+    if should_send_default_pii():
         return headers
 
     return {
         k: (
             v
             if k.upper().replace("-", "_") not in SENSITIVE_HEADERS
-            else AnnotatedValue("", {"rem": [["!config", "x", 0, len(v)]]})
+            else AnnotatedValue.removed_because_over_size_limit()
         )
-        for k, v in iteritems(headers)
+        for k, v in headers.items()
     }
+
+
+def _in_http_status_code_range(code, code_ranges):
+    # type: (object, list[HttpStatusCodeRange]) -> bool
+    for target in code_ranges:
+        if isinstance(target, int):
+            if code == target:
+                return True
+            continue
+
+        try:
+            if code in target:
+                return True
+        except TypeError:
+            logger.warning(
+                "failed_request_status_codes has to be a list of integers or containers"
+            )
+
+    return False
+
+
+class HttpCodeRangeContainer:
+    """
+    Wrapper to make it possible to use list[HttpStatusCodeRange] as a Container[int].
+    Used for backwards compatibility with the old `failed_request_status_codes` option.
+    """
+
+    def __init__(self, code_ranges):
+        # type: (list[HttpStatusCodeRange]) -> None
+        self._code_ranges = code_ranges
+
+    def __contains__(self, item):
+        # type: (object) -> bool
+        return _in_http_status_code_range(item, self._code_ranges)

sentry_sdk/integrations/aiohttp.py

@@ -1,21 +1,40 @@
 import sys
 import weakref
-
-from sentry_sdk._compat import reraise
-from sentry_sdk.hub import Hub
-from sentry_sdk.integrations import Integration, DidNotEnable
+from functools import wraps
+
+import sentry_sdk
+from sentry_sdk.api import continue_trace
+from sentry_sdk.consts import OP, SPANSTATUS, SPANDATA
+from sentry_sdk.integrations import (
+    _DEFAULT_FAILED_REQUEST_STATUS_CODES,
+    _check_minimum_version,
+    Integration,
+    DidNotEnable,
+)
 from sentry_sdk.integrations.logging import ignore_logger
+from sentry_sdk.sessions import track_session
 from sentry_sdk.integrations._wsgi_common import (
     _filter_headers,
     request_body_within_bounds,
 )
-from sentry_sdk.tracing import Transaction
+from sentry_sdk.tracing import (
+    BAGGAGE_HEADER_NAME,
+    SOURCE_FOR_STYLE,
+    TransactionSource,
+)
+from sentry_sdk.tracing_utils import should_propagate_trace, add_http_request_source
 from sentry_sdk.utils import (
     capture_internal_exceptions,
+    ensure_integration_enabled,
     event_from_exception,
+    logger,
+    parse_url,
+    parse_version,
+    reraise,
     transaction_from_function,
     HAS_REAL_CONTEXTVARS,
     CONTEXTVARS_ERROR_MESSAGE,
+    SENSITIVE_DATA_SUBSTITUTE,
     AnnotatedValue,
 )
 
@@ -23,42 +42,57 @@ try:
     import asyncio
 
     from aiohttp import __version__ as AIOHTTP_VERSION
+    from aiohttp import ClientSession, TraceConfig
     from aiohttp.web import Application, HTTPException, UrlDispatcher
 except ImportError:
     raise DidNotEnable("AIOHTTP not installed")
 
-from sentry_sdk._types import MYPY
+from typing import TYPE_CHECKING
 
-if MYPY:
+if TYPE_CHECKING:
     from aiohttp.web_request import Request
-    from aiohttp.abc import AbstractMatchInfo
+    from aiohttp.web_urldispatcher import UrlMappingMatchInfo
+    from aiohttp import TraceRequestStartParams, TraceRequestEndParams
+
+    from collections.abc import Set
+    from types import SimpleNamespace
     from typing import Any
-    from typing import Dict
     from typing import Optional
     from typing import Tuple
-    from typing import Callable
     from typing import Union
 
     from sentry_sdk.utils import ExcInfo
-    from sentry_sdk._types import EventProcessor
+    from sentry_sdk._types import Event, EventProcessor
+
+
+TRANSACTION_STYLE_VALUES = ("handler_name", "method_and_path_pattern")
 
 
 class AioHttpIntegration(Integration):
     identifier = "aiohttp"
+    origin = f"auto.http.{identifier}"
+
+    def __init__(
+        self,
+        transaction_style="handler_name",  # type: str
+        *,
+        failed_request_status_codes=_DEFAULT_FAILED_REQUEST_STATUS_CODES,  # type: Set[int]
+    ):
+        # type: (...) -> None
+        if transaction_style not in TRANSACTION_STYLE_VALUES:
+            raise ValueError(
+                "Invalid value for transaction_style: %s (must be in %s)"
+                % (transaction_style, TRANSACTION_STYLE_VALUES)
+            )
+        self.transaction_style = transaction_style
+        self._failed_request_status_codes = failed_request_status_codes
 
     @staticmethod
     def setup_once():
         # type: () -> None
 
-        try:
-            version = tuple(map(int, AIOHTTP_VERSION.split(".")[:2]))
-        except (TypeError, ValueError):
-            raise DidNotEnable(
-                "AIOHTTP version unparseable: {}".format(AIOHTTP_VERSION)
-            )
-
-        if version < (3, 4):
-            raise DidNotEnable("AIOHTTP 3.4 or newer required.")
+        version = parse_version(AIOHTTP_VERSION)
+        _check_minimum_version(AioHttpIntegration, version)
 
         if not HAS_REAL_CONTEXTVARS:
             # We better have contextvars or we're going to leak state between
@@ -74,75 +108,195 @@ class AioHttpIntegration(Integration):
 
         async def sentry_app_handle(self, request, *args, **kwargs):
             # type: (Any, Request, *Any, **Any) -> Any
-            hub = Hub.current
-            if hub.get_integration(AioHttpIntegration) is None:
+            integration = sentry_sdk.get_client().get_integration(AioHttpIntegration)
+            if integration is None:
                 return await old_handle(self, request, *args, **kwargs)
 
             weak_request = weakref.ref(request)
 
-            with Hub(Hub.current) as hub:
-                # Scope data will not leak between requests because aiohttp
-                # create a task to wrap each request.
-                with hub.configure_scope() as scope:
+            with sentry_sdk.isolation_scope() as scope:
+                with track_session(scope, session_mode="request"):
+                    # Scope data will not leak between requests because aiohttp
+                    # create a task to wrap each request.
+                    scope.generate_propagation_context()
                     scope.clear_breadcrumbs()
                     scope.add_event_processor(_make_request_processor(weak_request))
 
-                transaction = Transaction.continue_from_headers(
-                    request.headers,
-                    op="http.server",
-                    # If this transaction name makes it to the UI, AIOHTTP's
-                    # URL resolver did not find a route or died trying.
-                    name="generic AIOHTTP request",
-                )
-
-                with hub.start_transaction(transaction):
-                    try:
-                        response = await old_handle(self, request)
-                    except HTTPException as e:
-                        transaction.set_http_status(e.status_code)
-                        raise
-                    except asyncio.CancelledError:
-                        transaction.set_status("cancelled")
-                        raise
-                    except Exception:
-                        # This will probably map to a 500 but seems like we
-                        # have no way to tell. Do not set span status.
-                        reraise(*_capture_exception(hub))
-
-                    transaction.set_http_status(response.status)
-                    return response
+                    headers = dict(request.headers)
+                    transaction = continue_trace(
+                        headers,
+                        op=OP.HTTP_SERVER,
+                        # If this transaction name makes it to the UI, AIOHTTP's
+                        # URL resolver did not find a route or died trying.
+                        name="generic AIOHTTP request",
+                        source=TransactionSource.ROUTE,
+                        origin=AioHttpIntegration.origin,
+                    )
+                    with sentry_sdk.start_transaction(
+                        transaction,
+                        custom_sampling_context={"aiohttp_request": request},
+                    ):
+                        try:
+                            response = await old_handle(self, request)
+                        except HTTPException as e:
+                            transaction.set_http_status(e.status_code)
+
+                            if (
+                                e.status_code
+                                in integration._failed_request_status_codes
+                            ):
+                                _capture_exception()
+
+                            raise
+                        except (asyncio.CancelledError, ConnectionResetError):
+                            transaction.set_status(SPANSTATUS.CANCELLED)
+                            raise
+                        except Exception:
+                            # This will probably map to a 500 but seems like we
+                            # have no way to tell. Do not set span status.
+                            reraise(*_capture_exception())
+
+                        try:
+                            # A valid response handler will return a valid response with a status. But, if the handler
+                            # returns an invalid response (e.g. None), the line below will raise an AttributeError.
+                            # Even though this is likely invalid, we need to handle this case to ensure we don't break
+                            # the application.
+                            response_status = response.status
+                        except AttributeError:
+                            pass
+                        else:
+                            transaction.set_http_status(response_status)
+
+                        return response
 
         Application._handle = sentry_app_handle
 
         old_urldispatcher_resolve = UrlDispatcher.resolve
 
+        @wraps(old_urldispatcher_resolve)
         async def sentry_urldispatcher_resolve(self, request):
-            # type: (UrlDispatcher, Request) -> AbstractMatchInfo
+            # type: (UrlDispatcher, Request) -> UrlMappingMatchInfo
             rv = await old_urldispatcher_resolve(self, request)
 
+            integration = sentry_sdk.get_client().get_integration(AioHttpIntegration)
+            if integration is None:
+                return rv
+
             name = None
 
             try:
-                name = transaction_from_function(rv.handler)
+                if integration.transaction_style == "handler_name":
+                    name = transaction_from_function(rv.handler)
+                elif integration.transaction_style == "method_and_path_pattern":
+                    route_info = rv.get_info()
+                    pattern = route_info.get("path") or route_info.get("formatter")
+                    name = "{} {}".format(request.method, pattern)
             except Exception:
                 pass
 
             if name is not None:
-                with Hub.current.configure_scope() as scope:
-                    scope.transaction = name
+                sentry_sdk.get_current_scope().set_transaction_name(
+                    name,
+                    source=SOURCE_FOR_STYLE[integration.transaction_style],
+                )
 
             return rv
 
         UrlDispatcher.resolve = sentry_urldispatcher_resolve
 
+        old_client_session_init = ClientSession.__init__
+
+        @ensure_integration_enabled(AioHttpIntegration, old_client_session_init)
+        def init(*args, **kwargs):
+            # type: (Any, Any) -> None
+            client_trace_configs = list(kwargs.get("trace_configs") or ())
+            trace_config = create_trace_config()
+            client_trace_configs.append(trace_config)
+
+            kwargs["trace_configs"] = client_trace_configs
+            return old_client_session_init(*args, **kwargs)
+
+        ClientSession.__init__ = init
+
+
+def create_trace_config():
+    # type: () -> TraceConfig
+
+    async def on_request_start(session, trace_config_ctx, params):
+        # type: (ClientSession, SimpleNamespace, TraceRequestStartParams) -> None
+        if sentry_sdk.get_client().get_integration(AioHttpIntegration) is None:
+            return
+
+        method = params.method.upper()
+
+        parsed_url = None
+        with capture_internal_exceptions():
+            parsed_url = parse_url(str(params.url), sanitize=False)
+
+        span = sentry_sdk.start_span(
+            op=OP.HTTP_CLIENT,
+            name="%s %s"
+            % (method, parsed_url.url if parsed_url else SENSITIVE_DATA_SUBSTITUTE),
+            origin=AioHttpIntegration.origin,
+        )
+        span.set_data(SPANDATA.HTTP_METHOD, method)
+        if parsed_url is not None:
+            span.set_data("url", parsed_url.url)
+            span.set_data(SPANDATA.HTTP_QUERY, parsed_url.query)
+            span.set_data(SPANDATA.HTTP_FRAGMENT, parsed_url.fragment)
+
+        client = sentry_sdk.get_client()
+
+        if should_propagate_trace(client, str(params.url)):
+            for (
+                key,
+                value,
+            ) in sentry_sdk.get_current_scope().iter_trace_propagation_headers(
+                span=span
+            ):
+                logger.debug(
+                    "[Tracing] Adding `{key}` header {value} to outgoing request to {url}.".format(
+                        key=key, value=value, url=params.url
+                    )
+                )
+                if key == BAGGAGE_HEADER_NAME and params.headers.get(
+                    BAGGAGE_HEADER_NAME
+                ):
+                    # do not overwrite any existing baggage, just append to it
+                    params.headers[key] += "," + value
+                else:
+                    params.headers[key] = value
+
+        trace_config_ctx.span = span
+
+    async def on_request_end(session, trace_config_ctx, params):
+        # type: (ClientSession, SimpleNamespace, TraceRequestEndParams) -> None
+        if trace_config_ctx.span is None:
+            return
+
+        span = trace_config_ctx.span
+        span.set_http_status(int(params.response.status))
+        span.set_data("reason", params.response.reason)
+        span.finish()
+
+        with capture_internal_exceptions():
+            add_http_request_source(span)
+
+    trace_config = TraceConfig()
+
+    trace_config.on_request_start.append(on_request_start)
+    trace_config.on_request_end.append(on_request_end)
+
+    return trace_config
+
 
 def _make_request_processor(weak_request):
-    # type: (Callable[[], Request]) -> EventProcessor
+    # type: (weakref.ReferenceType[Request]) -> EventProcessor
     def aiohttp_processor(
-        event,  # type: Dict[str, Any]
-        hint,  # type: Dict[str, Tuple[type, BaseException, Any]]
+        event,  # type: Event
+        hint,  # type: dict[str, Tuple[type, BaseException, Any]]
     ):
-        # type: (...) -> Dict[str, Any]
+        # type: (...) -> Event
         request = weak_request()
         if request is None:
             return event
@@ -159,47 +313,42 @@ def _make_request_processor(weak_request):
             request_info["query_string"] = request.query_string
             request_info["method"] = request.method
             request_info["env"] = {"REMOTE_ADDR": request.remote}
-
-            hub = Hub.current
             request_info["headers"] = _filter_headers(dict(request.headers))
 
             # Just attach raw data here if it is within bounds, if available.
             # Unfortunately there's no way to get structured data from aiohttp
             # without awaiting on some coroutine.
-            request_info["data"] = get_aiohttp_request_data(hub, request)
+            request_info["data"] = get_aiohttp_request_data(request)
 
         return event
 
     return aiohttp_processor
 
 
-def _capture_exception(hub):
-    # type: (Hub) -> ExcInfo
+def _capture_exception():
+    # type: () -> ExcInfo
     exc_info = sys.exc_info()
     event, hint = event_from_exception(
         exc_info,
-        client_options=hub.client.options,  # type: ignore
+        client_options=sentry_sdk.get_client().options,
         mechanism={"type": "aiohttp", "handled": False},
     )
-    hub.capture_event(event, hint=hint)
+    sentry_sdk.capture_event(event, hint=hint)
     return exc_info
 
 
 BODY_NOT_READ_MESSAGE = "[Can't show request body due to implementation details.]"
 
 
-def get_aiohttp_request_data(hub, request):
-    # type: (Hub, Request) -> Union[Optional[str], AnnotatedValue]
+def get_aiohttp_request_data(request):
+    # type: (Request) -> Union[Optional[str], AnnotatedValue]
     bytes_body = request._read_bytes
 
     if bytes_body is not None:
         # we have body to show
-        if not request_body_within_bounds(hub.client, len(bytes_body)):
+        if not request_body_within_bounds(sentry_sdk.get_client(), len(bytes_body)):
+            return AnnotatedValue.removed_because_over_size_limit()
 
-            return AnnotatedValue(
-                "",
-                {"rem": [["!config", "x", 0, len(bytes_body)]], "len": len(bytes_body)},
-            )
         encoding = request.charset or "utf-8"
         return bytes_body.decode(encoding, "replace")