Sanitize event data before they are sent to async job. #936

edariedl · 2019-11-01T12:58:45Z

All of the error parameters should be sanitized before they are passed to the async job.

When sentry is configured to send data asynchronously, all the data passed to the async job are not sanitized. This can cause potential security problems. If you are using background job processing to send data to sentry, unsanitized parameters are send to the background job and sometimes they are logged to the application log.

Eg. ActiveJob is logging all of the data captured by sentry, currently including passwords, tokens, cookies, Authorization headers, etc.. Sanitization is done during background job processing just before data are sent to Sentry.

Changes proposed by this pull request should fix it.

edariedl · 2019-11-15T09:36:11Z

Hi guys, is there a possibility to address this issue? Your proposed solution in the readme for the async job:

config.async = lambda { |event| SentryJob.perform_later(event) }

class SentryJob < ActiveJob::Base
  queue_as :default

  def perform(event)
    Raven.send_event(event)
  end
end

leads to writing the sensitive informations (passwords, Authorizatino headers, tokens, etc) to the log in readable form in probably hundreds maybe even thousands of apps (according to used by number here on github). It doesn't matter if you merge this pull request, but it should be fixed.

HazAT · 2019-12-17T09:08:22Z

@edariedl But all the processors would run twice then?
Also, why is ActiveJob logging anything?

edariedl · 2019-12-17T11:13:36Z

@HazAT Thank you for the reply.

You are right, processor would run twice in my proposed solution. They would run for the first time before the data will be sent to the async job and second time in the background job before the data are sent to the sentry. But it shouldn't be a problem second run is not necessary but it also does not do any harm.

Active job is alway logging all of the parameters when the job is Enqueued and again when the job is started.

Steps to simulate the problem

I created a new rails 6.0.2 application, added sentry gem and one scaffold controller with parameters :name and :password:

class UsersController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]

  def index
    @users = User.all
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(user_params)

    raise "Something bad happend" # <------------ Exception
    if @user.save
      redirect_to @user, notice: 'User was successfully created.'
    else
      render :new
    end
  end

  private
    def set_user
      @user = User.find(params[:id])
    end

    def user_params
      params.require(:user).permit(:name, :password)
    end
end

SentryJob

class SentryJob < ApplicationJob
  def perform(event)
    Raven.send_event(event)
  end
end

Sentry configuration:

Raven.configure do |config|
  environments = %w(production development)

  # dns is just some random characters
  config.dsn = "https://adfvuopasdnfjbasajfsfdsd:adfvuopasdnfjbasajfsfdsd@sentry.io/112576"
  config.environments = environments
  config.current_environment = Rails.env

  config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)

  config.async = lambda { |event|
    SentryJob.perform_later(event.to_hash)
  }

  config.silence_ready = true
end

Filtered params initializer:

# Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [:password]

I started the rails server and performed the following request to the create action:

Started POST "/users" for 127.0.0.1 at 2019-12-17 11:22:50 +0100
Processing by UsersController#create as HTML
  Parameters: {"authenticity_token"=>"EE1m/o+p3z2Qu0bF9KlzYzJKmPzN1I02CUwmI9HcohprTRQYWzmsNAJOByHBWMylnoI/7gMHGtsF4Mv75R5Pdw==", "user"=>{"name"=>"Name", "password"=>"[FILTERED]"}, "commit"=>"Create User"}
Completed 500 Internal Server Error in 1ms (ActiveRecord: 0.0ms | Allocations: 787)

This is ActiveJob part of the log:

[ActiveJob] Enqueued SentryJob (Job ID: e0a9a3aa-f523-4cdb-9657-31e511dfcd5e) to DelayedJob(default) with arguments: {"environment"=>"development", "event_id"=>"7ac9db7d5c894179895d3cbfe4c8796d", "extra"=>{"server"=>{"os"=>{"name"=>"Darwin", "version"=>"Darwin Kernel Version 19.0.0: Thu Oct 17 16:17:15 PDT 2019; root:xnu-6153.41.3~29/RELEASE_X86_64", "build"=>"19.0.0", "kernel_version"=>"Darwin Edas-MBP-6 19.0.0 Darwin Kernel Version 19.0.0: Thu Oct 17 16:17:15 PDT 2019; root:xnu-6153.41.3~29/RELEASE_X86_64 x86_64"}, "runtime"=>{"name"=>"ruby", "version"=>"ruby 2.6.5p114 (2019-10-01 revision 67812) [x86_64-darwin18]"}}}, "level"=>"error", "logger"=>"ruby", "modules"=>{"rake"=>"13.0.1", "concurrent-ruby"=>"1.1.5", "i18n"=>"1.7.0", "minitest"=>"5.13.0", "thread_safe"=>"0.3.6", "tzinfo"=>"1.2.5", "zeitwerk"=>"2.2.2", "activesupport"=>"6.0.2", "builder"=>"3.2.4", "erubi"=>"1.9.0", "mini_portile2"=>"2.4.0", "nokogiri"=>"1.10.7", "rails-dom-testing"=>"2.0.3", "crass"=>"1.0.5", "loofah"=>"2.4.0", "rails-html-sanitizer"=>"1.3.0", "actionview"=>"6.0.2", "rack"=>"2.0.7", "rack-test"=>"1.1.0", "actionpack"=>"6.0.2", "nio4r"=>"2.5.2", "websocket-extensions"=>"0.1.4", "websocket-driver"=>"0.7.1", "actioncable"=>"6.0.2", "globalid"=>"0.4.2", "activejob"=>"6.0.2", "activemodel"=>"6.0.2", "activerecord"=>"6.0.2", "mimemagic"=>"0.3.3", "marcel"=>"0.3.3", "activestorage"=>"6.0.2", "mini_mime"=>"1.0.2", "mail"=>"2.7.1", "actionmailbox"=>"6.0.2", "actionmailer"=>"6.0.2", "actiontext"=>"6.0.2", "public_suffix"=>"4.0.1", "addressable"=>"2.7.0", "bindex"=>"0.8.1", "msgpack"=>"1.3.1", "bootsnap"=>"1.4.5", "bundler"=>"1.17.3", "byebug"=>"11.0.1", "regexp_parser"=>"1.6.0", "xpath"=>"3.2.0", "capybara"=>"3.29.0", "childprocess"=>"3.0.0", "delayed_job"=>"4.1.8", "delayed_job_active_record"=>"4.1.4", "multipart-post"=>"2.1.1", "faraday"=>"0.17.1", "ffi"=>"1.11.3", "jbuilder"=>"2.9.1", "rb-fsevent"=>"0.10.3", "rb-inotify"=>"0.10.0", "ruby_dep"=>"1.5.0", "listen"=>"3.1.5", "method_source"=>"0.9.2", "puma"=>"4.3.1", "rack-proxy"=>"0.6.5", "thor"=>"1.0.0", "railties"=>"6.0.2", "sprockets"=>"4.0.0", "sprockets-rails"=>"3.2.1", "rails"=>"6.0.2", "rubyzip"=>"2.0.0", "sassc"=>"2.2.1", "tilt"=>"2.0.10", "sassc-rails"=>"2.1.2", "sass-rails"=>"6.0.0", "selenium-webdriver"=>"3.142.6", "sentry-raven"=>"2.12.3", "spring"=>"2.1.0", "spring-watcher-listen"=>"2.0.1", "sqlite3"=>"1.4.1", "turbolinks-source"=>"5.2.0", "turbolinks"=>"5.2.1", "web-console"=>"4.0.1", "webdrivers"=>"4.1.3", "webpacker"=>"4.2.2"}, "platform"=>"ruby", "sdk"=>{"name"=>"raven-ruby", "version"=>"2.12.3"}, "server_name"=>"Edas-MBP-6", "tags"=>{}, "time_spent"=>20, "timestamp"=>"2019-12-17T10:22:50", "transaction"=>"UsersController#create", "user"=>{"ip_address"=>"127.0.0.1"}, "exception"=>{"values"=>[{"type"=>"RuntimeError", "value"=>"Something bad happend", "module"=>"", "stacktrace"=>{"frames"=>[{"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/puma-4.3.1/lib/puma/thread_pool.rb", "function"=>"block in spawn_thread", "lineno"=>134, "in_app"=>false, "pre_context"=>["          end\n", "\n", "          begin\n"], "context_line"=>"            block.call(work, *extra)\n", "post_context"=>["          rescue Exception => e\n", "            STDERR.puts \"Error reached top of thread-pool: \#{e.message} (\#{e.class})\"\n", "          end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"puma/thread_pool.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/puma-4.3.1/lib/puma/server.rb", "function"=>"block in run", "lineno"=>328, "in_app"=>false, "pre_context"=>["          client.close\n", "        else\n", "          if process_now\n"], "context_line"=>"            process_client client, buffer\n", "post_context"=>["          else\n", "            client.set_timeout @first_data_timeout\n", "            @reactor.add client\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"puma/server.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/puma-4.3.1/lib/puma/server.rb", "function"=>"process_client", "lineno"=>472, "in_app"=>false, "pre_context"=>["        requests = 0\n", "\n", "        while true\n"], "context_line"=>"          case handle_request(client, buffer)\n", "post_context"=>["          when false\n", "            return\n", "          when :async\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"puma/server.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/puma-4.3.1/lib/puma/server.rb", "function"=>"handle_request", "lineno"=>681, "in_app"=>false, "pre_context"=>["\n", "      begin\n", "        begin\n"], "context_line"=>"          status, headers, res_body = @app.call(env)\n", "post_context"=>["\n", "          return :async if req.hijacked\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"puma/server.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/puma-4.3.1/lib/puma/configuration.rb", "function"=>"call", "lineno"=>228, "in_app"=>false, "pre_context"=>["\n", "      def call(env)\n", "        env[Const::PUMA_CONFIG] = @config\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      end\n", "    end\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"puma/configuration.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/railties-6.0.2/lib/rails/engine.rb", "function"=>"call", "lineno"=>526, "in_app"=>false, "pre_context"=>["    # Define the Rack API for this engine.\n", "    def call(env)\n", "      req = build_request env\n"], "context_line"=>"      app.call req.env\n", "post_context"=>["    end\n", "\n", "    # Defines additional Rack env configuration that is added on each call.\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rails/engine.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-proxy-0.6.5/lib/rack/proxy.rb", "function"=>"call", "lineno"=>57, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      rewrite_response(perform_request(rewrite_env(env)))\n", "post_context"=>["    end\n", "\n", "    # Return modified env\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/proxy.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/webpacker-4.2.2/lib/webpacker/dev_server_proxy.rb", "function"=>"perform_request", "lineno"=>23, "in_app"=>false, "pre_context"=>["\n", "      super(env)\n", "    else\n"], "context_line"=>"      @app.call(env)\n", "post_context"=>["    end\n", "  end\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"webpacker/dev_server_proxy.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/sentry-raven-2.12.3/lib/raven/integrations/rack.rb", "function"=>"call", "lineno"=>51, "in_app"=>false, "pre_context"=>["      Raven.context.transaction.push(env[\"PATH_INFO\"]) if env[\"PATH_INFO\"]\n", "\n", "      begin\n"], "context_line"=>"        response = @app.call(env)\n", "post_context"=>["      rescue Error\n", "        raise # Don't capture Raven errors\n", "      rescue Exception => e\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"raven/integrations/rack.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/host_authorization.rb", "function"=>"call", "lineno"=>83, "in_app"=>false, "pre_context"=>["\n", "      if authorized?(request)\n", "        mark_as_authorized(request)\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      else\n", "        @response_app.call(env)\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/host_authorization.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/sendfile.rb", "function"=>"call", "lineno"=>111, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["      if body.respond_to?(:to_path)\n", "        case type = variation(env)\n", "        when 'X-Accel-Redirect'\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/sendfile.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/static.rb", "function"=>"call", "lineno"=>126, "in_app"=>false, "pre_context"=>["        end\n", "      end\n", "\n"], "context_line"=>"      @app.call(req.env)\n", "post_context"=>["    end\n", "  end\n", "end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/static.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/executor.rb", "function"=>"call", "lineno"=>14, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      state = @executor.run!\n", "      begin\n"], "context_line"=>"        response = @app.call(env)\n", "post_context"=>["        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }\n", "      ensure\n", "        state.complete! unless returned\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/executor.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/cache/strategy/local_cache_middleware.rb", "function"=>"call", "lineno"=>29, "in_app"=>false, "pre_context"=>["\n", "          def call(env)\n", "            LocalCacheRegistry.set_cache_for(local_cache_key, LocalStore.new)\n"], "context_line"=>"            response = @app.call(env)\n", "post_context"=>["            response[2] = ::Rack::BodyProxy.new(response[2]) do\n", "              LocalCacheRegistry.set_cache_for(local_cache_key, nil)\n", "            end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/cache/strategy/local_cache_middleware.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/runtime.rb", "function"=>"call", "lineno"=>22, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      start_time = Utils.clock_time\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["      request_time = Utils.clock_time - start_time\n", "\n", "      unless headers.has_key?(@header_name)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/runtime.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/method_override.rb", "function"=>"call", "lineno"=>22, "in_app"=>false, "pre_context"=>["        end\n", "      end\n", "\n"], "context_line"=>"      @app.call(env)\n", "post_context"=>["    end\n", "\n", "    def method_override(env)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/method_override.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/request_id.rb", "function"=>"call", "lineno"=>27, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      req = ActionDispatch::Request.new env\n", "      req.request_id = make_request_id(req.x_request_id)\n"], "context_line"=>"      @app.call(env).tap { |_status, headers, _body| headers[X_REQUEST_ID] = req.request_id }\n", "post_context"=>["    end\n", "\n", "    private\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/request_id.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/remote_ip.rb", "function"=>"call", "lineno"=>81, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      req = ActionDispatch::Request.new env\n", "      req.remote_ip = GetIp.new(req, check_ip, proxies)\n"], "context_line"=>"      @app.call(req.env)\n", "post_context"=>["    end\n", "\n", "    # The GetIp class exists as a way to defer processing of the request data\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/remote_ip.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/sprockets-rails-3.2.1/lib/sprockets/rails/quiet_assets.rb", "function"=>"call", "lineno"=>13, "in_app"=>false, "pre_context"=>["        if env['PATH_INFO'] =~ @assets_regex\n", "          ::Rails.logger.silence { @app.call(env) }\n", "        else\n"], "context_line"=>"          @app.call(env)\n", "post_context"=>["        end\n", "      end\n", "    end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"sprockets/rails/quiet_assets.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/railties-6.0.2/lib/rails/rack/logger.rb", "function"=>"call", "lineno"=>26, "in_app"=>false, "pre_context"=>["        request = ActionDispatch::Request.new(env)\n", "\n", "        if logger.respond_to?(:tagged)\n"], "context_line"=>"          logger.tagged(compute_tags(request)) { call_app(request, env) }\n", "post_context"=>["        else\n", "          call_app(request, env)\n", "        end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rails/rack/logger.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/tagged_logging.rb", "function"=>"tagged", "lineno"=>80, "in_app"=>false, "pre_context"=>["    delegate :push_tags, :pop_tags, :clear_tags!, to: :formatter\n", "\n", "    def tagged(*tags)\n"], "context_line"=>"      formatter.tagged(*tags) { yield self }\n", "post_context"=>["    end\n", "\n", "    def flush\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/tagged_logging.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/tagged_logging.rb", "function"=>"tagged", "lineno"=>28, "in_app"=>false, "pre_context"=>["\n", "      def tagged(*tags)\n", "        new_tags = push_tags(*tags)\n"], "context_line"=>"        yield self\n", "post_context"=>["      ensure\n", "        pop_tags(new_tags.size)\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/tagged_logging.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/tagged_logging.rb", "function"=>"block in tagged", "lineno"=>80, "in_app"=>false, "pre_context"=>["    delegate :push_tags, :pop_tags, :clear_tags!, to: :formatter\n", "\n", "    def tagged(*tags)\n"], "context_line"=>"      formatter.tagged(*tags) { yield self }\n", "post_context"=>["    end\n", "\n", "    def flush\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/tagged_logging.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/railties-6.0.2/lib/rails/rack/logger.rb", "function"=>"block in call", "lineno"=>26, "in_app"=>false, "pre_context"=>["        request = ActionDispatch::Request.new(env)\n", "\n", "        if logger.respond_to?(:tagged)\n"], "context_line"=>"          logger.tagged(compute_tags(request)) { call_app(request, env) }\n", "post_context"=>["        else\n", "          call_app(request, env)\n", "        end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rails/rack/logger.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/railties-6.0.2/lib/rails/rack/logger.rb", "function"=>"call_app", "lineno"=>38, "in_app"=>false, "pre_context"=>["          instrumenter = ActiveSupport::Notifications.instrumenter\n", "          instrumenter.start \"request.action_dispatch\", request: request\n", "          logger.info { started_request_message(request) }\n"], "context_line"=>"          status, headers, body = @app.call(env)\n", "post_context"=>["          body = ::Rack::BodyProxy.new(body) { finish(request) }\n", "          [status, headers, body]\n", "        rescue Exception\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rails/rack/logger.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/show_exceptions.rb", "function"=>"call", "lineno"=>33, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      request = ActionDispatch::Request.new env\n"], "context_line"=>"      @app.call(env)\n", "post_context"=>["    rescue Exception => exception\n", "      if request.show_exceptions?\n", "        render_exception(request, exception)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/show_exceptions.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/web-console-4.0.1/lib/web_console/middleware.rb", "function"=>"call", "lineno"=>17, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      app_exception = catch :app_exception do\n", "post_context"=>["        request = create_regular_or_whiny_request(env)\n", "        return call_app(env) unless request.permitted?\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"web_console/middleware.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/web-console-4.0.1/lib/web_console/middleware.rb", "function"=>"catch", "lineno"=>17, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      app_exception = catch :app_exception do\n", "post_context"=>["        request = create_regular_or_whiny_request(env)\n", "        return call_app(env) unless request.permitted?\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"web_console/middleware.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/web-console-4.0.1/lib/web_console/middleware.rb", "function"=>"block in call", "lineno"=>28, "in_app"=>false, "pre_context"=>["        end\n", "\n", "\n"], "context_line"=>"        status, headers, body = call_app(env)\n", "post_context"=>["\n", "        if (session = Session.from(Thread.current)) && acceptable_content_type?(headers)\n", "          headers[\"X-Web-Console-Session-Id\"] = session.id\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"web_console/middleware.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/web-console-4.0.1/lib/web_console/middleware.rb", "function"=>"call_app", "lineno"=>132, "in_app"=>false, "pre_context"=>["      end\n", "\n", "      def call_app(env)\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      rescue => e\n", "        throw :app_exception, e\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"web_console/middleware.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/debug_exceptions.rb", "function"=>"call", "lineno"=>32, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      request = ActionDispatch::Request.new env\n"], "context_line"=>"      _, headers, body = response = @app.call(env)\n", "post_context"=>["\n", "      if headers[\"X-Cascade\"] == \"pass\"\n", "        body.close if body.respond_to?(:close)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/debug_exceptions.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/actionable_exceptions.rb", "function"=>"call", "lineno"=>17, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      request = ActionDispatch::Request.new(env)\n"], "context_line"=>"      return @app.call(env) unless actionable_request?(request)\n", "post_context"=>["\n", "      ActiveSupport::ActionableError.dispatch(request.params[:error].to_s.safe_constantize, request.params[:action])\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/actionable_exceptions.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/executor.rb", "function"=>"call", "lineno"=>14, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      state = @executor.run!\n", "      begin\n"], "context_line"=>"        response = @app.call(env)\n", "post_context"=>["        returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }\n", "      ensure\n", "        state.complete! unless returned\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/executor.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/callbacks.rb", "function"=>"call", "lineno"=>26, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      error = nil\n"], "context_line"=>"      result = run_callbacks :call do\n", "post_context"=>["        @app.call(env)\n", "      rescue => error\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/callbacks.rb", "function"=>"run_callbacks", "lineno"=>101, "in_app"=>false, "pre_context"=>["      callbacks = __callbacks[kind.to_sym]\n", "\n", "      if callbacks.empty?\n"], "context_line"=>"        yield if block_given?\n", "post_context"=>["      else\n", "        env = Filters::Environment.new(self, false, nil)\n", "        next_sequence = callbacks.compile\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/callbacks.rb", "function"=>"block in call", "lineno"=>27, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      error = nil\n", "      result = run_callbacks :call do\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      rescue => error\n", "      end\n", "      raise error if error\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activerecord-6.0.2/lib/active_record/migration.rb", "function"=>"call", "lineno"=>567, "in_app"=>false, "pre_context"=>["          ActiveRecord::Migration.check_pending!(connection)\n", "          @last_check = mtime\n", "        end\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      end\n", "\n", "      private\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_record/migration.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/middleware/cookies.rb", "function"=>"call", "lineno"=>648, "in_app"=>false, "pre_context"=>["    def call(env)\n", "      request = ActionDispatch::Request.new env\n", "\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["\n", "      if request.have_cookie_jar?\n", "        cookie_jar = request.cookie_jar\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/middleware/cookies.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/session/abstract/id.rb", "function"=>"call", "lineno"=>226, "in_app"=>false, "pre_context"=>["        end\n", "\n", "        def call(env)\n"], "context_line"=>"          context(env)\n", "post_context"=>["        end\n", "\n", "        def context(env, app=@app)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/session/abstract/id.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/session/abstract/id.rb", "function"=>"context", "lineno"=>232, "in_app"=>false, "pre_context"=>["        def context(env, app=@app)\n", "          req = make_request env\n", "          prepare_session(req)\n"], "context_line"=>"          status, headers, body = app.call(req.env)\n", "post_context"=>["          res = Rack::Response::Raw.new status, headers\n", "          commit_session(req, res)\n", "          [status, headers, body]\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/session/abstract/id.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/http/content_security_policy.rb", "function"=>"call", "lineno"=>18, "in_app"=>false, "pre_context"=>["\n", "      def call(env)\n", "        request = ActionDispatch::Request.new env\n"], "context_line"=>"        _, headers, _ = response = @app.call(env)\n", "post_context"=>["\n", "        return response unless html_response?(headers)\n", "        return response if policy_present?(headers)\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/http/content_security_policy.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/head.rb", "function"=>"call", "lineno"=>12, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["\n", "      if env[REQUEST_METHOD] == HEAD\n", "        [\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/head.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/conditional_get.rb", "function"=>"call", "lineno"=>38, "in_app"=>false, "pre_context"=>["        end\n", "        [status, headers, body]\n", "      else\n"], "context_line"=>"        @app.call(env)\n", "post_context"=>["      end\n", "    end\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/conditional_get.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/etag.rb", "function"=>"call", "lineno"=>25, "in_app"=>false, "pre_context"=>["    end\n", "\n", "    def call(env)\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["\n", "      if etag_status?(status) && etag_body?(body) && !skip_caching?(headers)\n", "        original_body = body\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/etag.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/rack-2.0.7/lib/rack/tempfile_reaper.rb", "function"=>"call", "lineno"=>15, "in_app"=>false, "pre_context"=>["\n", "    def call(env)\n", "      env[RACK_TEMPFILES] ||= []\n"], "context_line"=>"      status, headers, body = @app.call(env)\n", "post_context"=>["      body_proxy = BodyProxy.new(body) do\n", "        env[RACK_TEMPFILES].each(&:close!) unless env[RACK_TEMPFILES].nil?\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"rack/tempfile_reaper.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/routing/route_set.rb", "function"=>"call", "lineno"=>837, "in_app"=>false, "pre_context"=>["      def call(env)\n", "        req = make_request(env)\n", "        req.path_info = Journey::Router::Utils.normalize_path(req.path_info)\n"], "context_line"=>"        @router.serve(req)\n", "post_context"=>["      end\n", "\n", "      def recognize_path(path, environment = {})\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/routing/route_set.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/journey/router.rb", "function"=>"serve", "lineno"=>32, "in_app"=>false, "pre_context"=>["      end\n", "\n", "      def serve(req)\n"], "context_line"=>"        find_routes(req).each do |match, parameters, route|\n", "post_context"=>["          set_params  = req.path_parameters\n", "          path_info   = req.path_info\n", "          script_name = req.script_name\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/journey/router.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/journey/router.rb", "function"=>"each", "lineno"=>32, "in_app"=>false, "pre_context"=>["      end\n", "\n", "      def serve(req)\n"], "context_line"=>"        find_routes(req).each do |match, parameters, route|\n", "post_context"=>["          set_params  = req.path_parameters\n", "          path_info   = req.path_info\n", "          script_name = req.script_name\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/journey/router.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/journey/router.rb", "function"=>"block in serve", "lineno"=>49, "in_app"=>false, "pre_context"=>["\n", "          req.path_parameters = set_params.merge parameters\n", "\n"], "context_line"=>"          status, headers, body = route.app.serve(req)\n", "post_context"=>["\n", "          if \"pass\" == headers[\"X-Cascade\"]\n", "            req.script_name     = script_name\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/journey/router.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/routing/route_set.rb", "function"=>"serve", "lineno"=>33, "in_app"=>false, "pre_context"=>["          params     = req.path_parameters\n", "          controller = controller req\n", "          res        = controller.make_response! req\n"], "context_line"=>"          dispatch(controller, params[:action], req, res)\n", "post_context"=>["        rescue ActionController::RoutingError\n", "          if @raise_on_name_error\n", "            raise\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/routing/route_set.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_dispatch/routing/route_set.rb", "function"=>"dispatch", "lineno"=>51, "in_app"=>false, "pre_context"=>["        end\n", "\n", "        def dispatch(controller, action, req, res)\n"], "context_line"=>"          controller.dispatch(action, req, res)\n", "post_context"=>["        end\n", "      end\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_dispatch/routing/route_set.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal.rb", "function"=>"dispatch", "lineno"=>252, "in_app"=>false, "pre_context"=>["      if middleware_stack.any?\n", "        middleware_stack.build(name) { |env| new.dispatch(name, req, res) }.call req.env\n", "      else\n"], "context_line"=>"        new.dispatch(name, req, res)\n", "post_context"=>["      end\n", "    end\n", "  end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal.rb", "function"=>"dispatch", "lineno"=>191, "in_app"=>false, "pre_context"=>["    def dispatch(name, request, response) #:nodoc:\n", "      set_request!(request)\n", "      set_response!(response)\n"], "context_line"=>"      process(name)\n", "post_context"=>["      request.commit_flash\n", "      to_a\n", "    end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionview-6.0.2/lib/action_view/rendering.rb", "function"=>"process", "lineno"=>39, "in_app"=>false, "pre_context"=>["    # Overwrite process to setup I18n proxy.\n", "    def process(*) #:nodoc:\n", "      old_config, I18n.config = I18n.config, I18nProxy.new(I18n.config, lookup_context)\n"], "context_line"=>"      super\n", "post_context"=>["    ensure\n", "      I18n.config = old_config\n", "    end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_view/rendering.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/abstract_controller/base.rb", "function"=>"process", "lineno"=>136, "in_app"=>false, "pre_context"=>["\n", "      @_response_body = nil\n", "\n"], "context_line"=>"      process_action(action_name, *args)\n", "post_context"=>["    end\n", "\n", "    # Delegates to the class' ::controller_path\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"abstract_controller/base.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activerecord-6.0.2/lib/active_record/railties/controller_runtime.rb", "function"=>"process_action", "lineno"=>27, "in_app"=>false, "pre_context"=>["          # because of queries in middleware or in cases we are streaming\n", "          # and it won't be cleaned up by the method below.\n", "          ActiveRecord::LogSubscriber.reset_runtime\n"], "context_line"=>"          super\n", "post_context"=>["        end\n", "\n", "        def cleanup_view_runtime\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_record/railties/controller_runtime.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/params_wrapper.rb", "function"=>"process_action", "lineno"=>245, "in_app"=>false, "pre_context"=>["    # by the metal call stack.\n", "    def process_action(*args)\n", "      _perform_parameter_wrapping if _wrapper_enabled?\n"], "context_line"=>"      super\n", "post_context"=>["    end\n", "\n", "    private\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/params_wrapper.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/instrumentation.rb", "function"=>"process_action", "lineno"=>32, "in_app"=>false, "pre_context"=>["\n", "      ActiveSupport::Notifications.instrument(\"start_processing.action_controller\", raw_payload.dup)\n", "\n"], "context_line"=>"      ActiveSupport::Notifications.instrument(\"process_action.action_controller\", raw_payload) do |payload|\n", "post_context"=>["        super.tap do\n", "          payload[:status] = response.status\n", "        end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/instrumentation.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/notifications.rb", "function"=>"instrument", "lineno"=>180, "in_app"=>false, "pre_context"=>["\n", "      def instrument(name, payload = {})\n", "        if notifier.listening?(name)\n"], "context_line"=>"          instrumenter.instrument(name, payload) { yield payload if block_given? }\n", "post_context"=>["        else\n", "          yield payload if block_given?\n", "        end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/notifications.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/notifications/instrumenter.rb", "function"=>"instrument", "lineno"=>24, "in_app"=>false, "pre_context"=>["        # some of the listeners might have state\n", "        listeners_state = start name, payload\n", "        begin\n"], "context_line"=>"          yield payload if block_given?\n", "post_context"=>["        rescue Exception => e\n", "          payload[:exception] = [e.class.name, e.message]\n", "          payload[:exception_object] = e\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/notifications/instrumenter.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/notifications.rb", "function"=>"block in instrument", "lineno"=>180, "in_app"=>false, "pre_context"=>["\n", "      def instrument(name, payload = {})\n", "        if notifier.listening?(name)\n"], "context_line"=>"          instrumenter.instrument(name, payload) { yield payload if block_given? }\n", "post_context"=>["        else\n", "          yield payload if block_given?\n", "        end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/notifications.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/instrumentation.rb", "function"=>"block in process_action", "lineno"=>33, "in_app"=>false, "pre_context"=>["      ActiveSupport::Notifications.instrument(\"start_processing.action_controller\", raw_payload.dup)\n", "\n", "      ActiveSupport::Notifications.instrument(\"process_action.action_controller\", raw_payload) do |payload|\n"], "context_line"=>"        super.tap do\n", "post_context"=>["          payload[:status] = response.status\n", "        end\n", "      ensure\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/instrumentation.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/rescue.rb", "function"=>"process_action", "lineno"=>22, "in_app"=>false, "pre_context"=>["\n", "    private\n", "      def process_action(*args)\n"], "context_line"=>"        super\n", "post_context"=>["      rescue Exception => exception\n", "        request.env[\"action_dispatch.show_detailed_exceptions\"] ||= show_detailed_exceptions?\n", "        rescue_with_handler(exception) || raise\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/rescue.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/abstract_controller/callbacks.rb", "function"=>"process_action", "lineno"=>41, "in_app"=>false, "pre_context"=>["    # Override <tt>AbstractController::Base#process_action</tt> to run the\n", "    # <tt>process_action</tt> callbacks around the normal behavior.\n", "    def process_action(*args)\n"], "context_line"=>"      run_callbacks(:process_action) do\n", "post_context"=>["        super\n", "      end\n", "    end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"abstract_controller/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/callbacks.rb", "function"=>"run_callbacks", "lineno"=>139, "in_app"=>false, "pre_context"=>["          next_sequence.invoke_after(env)\n", "          env.value\n", "        else\n"], "context_line"=>"          invoke_sequence.call\n", "post_context"=>["        end\n", "      end\n", "    end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/callbacks.rb", "function"=>"block in run_callbacks", "lineno"=>121, "in_app"=>false, "pre_context"=>["              next_sequence = next_sequence.nested\n", "              begin\n", "                target, block, method, *arguments = current.expand_call_template(env, invoke_sequence)\n"], "context_line"=>"                target.send(method, *arguments, &block)\n", "post_context"=>["              ensure\n", "                next_sequence = current\n", "              end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/callbacks.rb", "function"=>"instance_exec", "lineno"=>121, "in_app"=>false, "pre_context"=>["              next_sequence = next_sequence.nested\n", "              begin\n", "                target, block, method, *arguments = current.expand_call_template(env, invoke_sequence)\n"], "context_line"=>"                target.send(method, *arguments, &block)\n", "post_context"=>["              ensure\n", "                next_sequence = current\n", "              end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/sentry-raven-2.12.3/lib/raven/integrations/rails/controller_transaction.rb", "function"=>"block in included", "lineno"=>7, "in_app"=>false, "pre_context"=>["      def self.included(base)\n", "        base.prepend_around_action do |controller, block|\n", "          Raven.context.transaction.push \"\#{controller.class}#\#{controller.action_name}\"\n"], "context_line"=>"          block.call\n", "post_context"=>["          Raven.context.transaction.pop\n", "        end\n", "      end\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"raven/integrations/rails/controller_transaction.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/activesupport-6.0.2/lib/active_support/callbacks.rb", "function"=>"block in run_callbacks", "lineno"=>112, "in_app"=>false, "pre_context"=>["            current = next_sequence\n", "            current.invoke_before(env)\n", "            if current.final?\n"], "context_line"=>"              env.value = !env.halted && (!block_given? || yield)\n", "post_context"=>["            elsif current.skip?(env)\n", "              (skipped ||= []) << current\n", "              next_sequence = next_sequence.nested\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"active_support/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/abstract_controller/callbacks.rb", "function"=>"block in process_action", "lineno"=>42, "in_app"=>false, "pre_context"=>["    # <tt>process_action</tt> callbacks around the normal behavior.\n", "    def process_action(*args)\n", "      run_callbacks(:process_action) do\n"], "context_line"=>"        super\n", "post_context"=>["      end\n", "    end\n", "\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"abstract_controller/callbacks.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/rendering.rb", "function"=>"process_action", "lineno"=>30, "in_app"=>false, "pre_context"=>["    # Before processing, set the request formats in current controller formats.\n", "    def process_action(*) #:nodoc:\n", "      self.formats = request.formats.map(&:ref).compact\n"], "context_line"=>"      super\n", "post_context"=>["    end\n", "\n", "    # Check for double render errors and set the content_type after rendering.\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/rendering.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/abstract_controller/base.rb", "function"=>"process_action", "lineno"=>196, "in_app"=>false, "pre_context"=>["      # Notice that the first argument is the method to be dispatched\n", "      # which is *not* necessarily the same as the action name.\n", "      def process_action(method_name, *args)\n"], "context_line"=>"        send_action(method_name, *args)\n", "post_context"=>["      end\n", "\n", "      # Actually call the method associated with the action. Override\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"abstract_controller/base.rb"}, {"abs_path"=>"/Users/edariedl/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/actionpack-6.0.2/lib/action_controller/metal/basic_implicit_render.rb", "function"=>"send_action", "lineno"=>6, "in_app"=>false, "pre_context"=>["module ActionController\n", "  module BasicImplicitRender # :nodoc:\n", "    def send_action(method, *args)\n"], "context_line"=>"      super.tap { default_render unless performed? }\n", "post_context"=>["    end\n", "\n", "    def default_render\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"action_controller/metal/basic_implicit_render.rb"}, {"abs_path"=>"/Users/edariedl/Programming/sentry_test/app/controllers/users_controller.rb", "function"=>"create", "lineno"=>15, "in_app"=>true, "pre_context"=>["  def create\n", "    @user = User.new(user_params)\n", "\n"], "context_line"=>"    raise \"Something bad happend\"\n", "post_context"=>["    if @user.save\n", "      redirect_to @user, notice: 'User was successfully created.'\n", "    else\n"], "project_root"=>"/Users/edariedl/Programming/sentry_test", "filename"=>"app/controllers/users_controller.rb"}]}}]}, "request"=>{"headers"=>{"Host"=>"127.0.0.1:3000", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Encoding"=>"gzip, deflate", "Accept-Language"=>"en-us", "Content-Type"=>"application/x-www-form-urlencoded", "Origin"=>"http://127.0.0.1:3000", "User-Agent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15", "Connection"=>"keep-alive", "Upgrade-Insecure-Requests"=>"1", "Referer"=>"http://127.0.0.1:3000/users/new", "Content-Length"=>"185"}, "env"=>{"SERVER_NAME"=>"127.0.0.1", "SERVER_PORT"=>"3000", "REMOTE_ADDR"=>"127.0.0.1"}, "cookies"=>{"_sentry_test_session"=>"o6X6tyOJ0+5fQ53bczQmnyvukZUaKwdJRwjayLCoIZmPe0pHKikbuo/SfqrtfhBZGdBuO1TWdNNUS1sx63PAJ3FfuxZlabXz2sDMUSqndQ2NbqkHwuMRqySkLHGU7dKGo7Ux/7eUyozgOqcFOHN7Bvdd14bt0YdCqA/40DAbRCpTa9B2mehIsJEGWDhz5a/dZcSDfRPVElBaEIcxF5OxeIb8XfTfi/vRfpr0onZPLbGxEGT2tzi6JxmszJH0SQyhgVGsdqc9FYLKbpJMoIjE9ZWN28a4V+btw9fhww==--gjlmErkrOTp2B2sN--cP9gjp/YM0YdkTYUuIzAkA=="}, "url"=>"http://127.0.0.1:3000/users", "method"=>"POST", "query_string"=>"", "data"=>{"authenticity_token"=>"EE1m/o+p3z2Qu0bF9KlzYzJKmPzN1I02CUwmI9HcohprTRQYWzmsNAJOByHBWMylnoI/7gMHGtsF4Mv75R5Pdw==", "user"=>{"name"=>"Name", "password"=>"topsecret"}, "commit"=>"Create User"}}}

ActiveJob log is super long so here is just the relevant part:

"request"=>{
  "headers"=>{"Host"=>"127.0.0.1:3000", "Accept"=>"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Encoding"=>"gzip, deflate", "Accept-Language"=>"en-us", "Content-Type"=>"application/x-www-form-urlencoded", "Origin"=>"http://127.0.0.1:3000", "User-Agent"=>"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Safari/605.1.15", "Connection"=>"keep-alive", "Upgrade-Insecure-Requests"=>"1", "Referer"=>"http://127.0.0.1:3000/users/new", "Content-Length"=>"185"}, 
  "env"=>{"SERVER_NAME"=>"127.0.0.1", "SERVER_PORT"=>"3000", "REMOTE_ADDR"=>"127.0.0.1"}, "cookies"=>{"_sentry_test_session"=>"o6X6tyOJ0+5fQ53bczQmnyvukZUaKwdJRwjayLCoIZmPe0pHKikbuo/SfqrtfhBZGdBuO1TWdNNUS1sx63PAJ3FfuxZlabXz2sDMUSqndQ2NbqkHwuMRqySkLHGU7dKGo7Ux/7eUyozgOqcFOHN7Bvdd14bt0YdCqA/40DAbRCpTa9B2mehIsJEGWDhz5a/dZcSDfRPVElBaEIcxF5OxeIb8XfTfi/vRfpr0onZPLbGxEGT2tzi6JxmszJH0SQyhgVGsdqc9FYLKbpJMoIjE9ZWN28a4V+btw9fhww==--gjlmErkrOTp2B2sN--cP9gjp/YM0YdkTYUuIzAkA=="}, 
  "url"=>"http://127.0.0.1:3000/users", 
  "method"=>"POST", 
  "query_string"=>"", 
  "data"=>{
    "authenticity_token"=>"EE1m/o+p3z2Qu0bF9KlzYzJKmPzN1I02CUwmI9HcohprTRQYWzmsNAJOByHBWMylnoI/7gMHGtsF4Mv75R5Pdw==", 
    "user"=>{"name"=>"Name", "password"=>"topsecret"}, 
    "commit"=>"Create User"
  }
}

As you can see, the password is in the log in the plain text even if it definitely shouldn't be.

HazAT

I will merge it, thanks for your explanation!

edariedl · 2019-12-18T20:38:12Z

Awesome, thanks!

edariedl added 2 commits November 1, 2019 13:37

Sanitize event data before they are sent to async job.

4dd0d92

Fix spelling.

1df5973

HazAT approved these changes Dec 17, 2019

View reviewed changes

HazAT merged commit ad440b9 into getsentry:master Dec 17, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sanitize event data before they are sent to async job. #936

Sanitize event data before they are sent to async job. #936

edariedl commented Nov 1, 2019 •

edited

edariedl commented Nov 15, 2019

HazAT commented Dec 17, 2019

edariedl commented Dec 17, 2019

HazAT left a comment

edariedl commented Dec 18, 2019

Sanitize event data before they are sent to async job. #936

Sanitize event data before they are sent to async job. #936

Conversation

edariedl commented Nov 1, 2019 • edited

edariedl commented Nov 15, 2019

HazAT commented Dec 17, 2019

edariedl commented Dec 17, 2019

Steps to simulate the problem

HazAT left a comment

Choose a reason for hiding this comment

edariedl commented Dec 18, 2019

edariedl commented Nov 1, 2019 •

edited