Merge branch 'api-sentry-extra' into 'master'

Send API parameters as extra data for sentry errors See merge request gitlab-org/gitlab-ce!14644
2017-10-06 13:41:01 +00:00 · 2017-10-06 13:41:01 +00:00 · 7f8e720f41
parent f55f24c497 60a35e4230
commit 7f8e720f41
3 changed files with 31 additions and 3 deletions
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@ -2,7 +2,7 @@

 require 'gitlab/current_settings'

-if Rails.env.production?
+def configure_sentry
  # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
  begin
    sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled
@ -23,3 +23,5 @@ if Rails.env.production?
    end
  end
 end
+
+configure_sentry if Rails.env.production?
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@ -287,7 +287,7 @@ module API
      if sentry_enabled? && report_exception?(exception)
        define_params_for_grape_middleware
        sentry_context
-        Raven.capture_exception(exception)
+        Raven.capture_exception(exception, extra: params)
      end

      # lifted from https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb#L60
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@ -1,4 +1,6 @@
 require 'spec_helper'
+require 'raven/transports/dummy'
+require_relative '../../../config/initializers/sentry'

 describe API::Helpers do
  include API::APIGuard::HelperMethods
@ -476,7 +478,7 @@ describe API::Helpers do
      allow(exception).to receive(:backtrace).and_return(caller)

      expect_any_instance_of(self.class).to receive(:sentry_context)
-      expect(Raven).to receive(:capture_exception).with(exception)
+      expect(Raven).to receive(:capture_exception).with(exception, extra: {})

      handle_api_exception(exception)
    end
@ -501,6 +503,30 @@ describe API::Helpers do
        expect(json_response['message']).to start_with("\nRuntimeError (Runtime Error!):")
      end
    end
+
+    context 'extra information' do
+      # Sentry events are an array of the form [auth_header, data, options]
+      let(:event_data) { Raven.client.transport.events.first[1] }
+
+      before do
+        stub_application_setting(
+          sentry_enabled: true,
+          sentry_dsn: "dummy://12345:67890@sentry.localdomain/sentry/42"
+        )
+        configure_sentry
+        Raven.client.configuration.encoding = 'json'
+      end
+
+      it 'sends the params, excluding confidential values' do
+        expect(Gitlab::Sentry).to receive(:enabled?).twice.and_return(true)
+        expect(ProjectsFinder).to receive(:new).and_raise('Runtime Error!')
+
+        get api('/projects', user), password: 'dont_send_this', other_param: 'send_this'
+
+        expect(event_data).to include('other_param=send_this')
+        expect(event_data).to include('password=********')
+      end
+    end
  end

  describe '.authenticate_non_get!' do