Skip to content

fix: Sanitize UserInfo of NSError and NSException #770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 15, 2020
Merged

fix: Sanitize UserInfo of NSError and NSException #770

merged 3 commits into from
Oct 15, 2020
+15 −1

Conversation

koenpunt
Copy link
Contributor

@koenpunt koenpunt commented Oct 8, 2020
edited
Loading

📜 Description

This PR add sanatizing to the error's user info dictionary.

💡 Motivation and Context

Certain errors would cause the event to drop the sdk and context properties, because the error's user info contained values that couldn't be serialized as JSON.

💚 How did you test it?

Changed the library in my project locally, and saw the error being reported in Sentry without the "A value set to the context or sdk is not serializable. Dropping context and sdk." breadcrumb, and with the context and sdk properties present.

I'm not sure where I should introduce a test for it. Preferably I would like to add a test that handles an error with problematic user info, and fails without my changes. But since the formatting of the event happens in SentryClient (covered by SentryClientTests), and the serialization in SentrySerialization (covered by SentrySerializationTests), there currently is no way to do that.

📝 Checklist

  • I reviewed the submitted code
  • I added tests to verify the changes
  • I updated the CHANGELOG
  • I updated the docs if needed
  • No breaking changes

🔮 Next steps

Sorry, something went wrong.

@codecov-io
Copy link

codecov-io commented Oct 8, 2020
edited
Loading

Codecov Report

Merging #770 into master will decrease coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #770      +/-   ##
==========================================
- Coverage   92.83%   92.83%   -0.01%     
==========================================
  Files          73       73              
  Lines        3212     3211       -1     
==========================================
- Hits         2982     2981       -1     
  Misses        230      230
Impacted Files Coverage Δ
Sources/Sentry/SentryClient.m 92.35% <100.00%> (ø)
Sources/Sentry/SentryNSURLRequest.m 65.15% <0.00%> (-0.53%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7c1f1d0...606d9a7. Read the comment docs.

@bruno-garcia bruno-garcia changed the title Patch 1 Sanitize values in userinfo dictionary. Oct 8, 2020
@bruno-garcia
Copy link
Member

@koenpunt Thanks for contributing!
Could you please add some tests to validate this? Also, CI doesn't seem happy

@koenpunt
Copy link
Contributor Author

koenpunt commented Oct 9, 2020

Could you please add some tests to validate this?

As I mentioned in the description; I'm not really sure where I should add a test.

@philipphofmann
Copy link
Member

philipphofmann commented Oct 13, 2020
edited
Loading

As I mentioned in the description; I'm not really sure where I should add a test.

Thanks for opening up this PR. You can add a test in SentryClientTests. You just need to pass an NSError to for example client.captureError and set non-serializable values, like a Date, to the userInfo of the error. Then you check if the date in the userInfo is serialized correctly into the context of the event.

You could add something like this below testCaptureErrorWithUserInfo

func testCaptureErrorWithDateInUserInfo() {
    let expectedValue = (fixture.currentDateProvider.date() as NSDate).sentry_toIso8601String()
    let error = NSError(domain: "domain", code: 0, userInfo: ["key": fixture.currentDateProvider.date()])
    let eventId = fixture.getSut().capture(error: error, scope: fixture.scope)

    XCTAssertNotNil(eventId)
    assertLastSentEvent { actual in
        XCTAssertEqual(expectedValue, actual.context!["user info"]!["key"] as? String)
    }
}

But you need to add let currentDateProvider = TestCurrentDateProvider() to the fixture.

@koenpunt
Copy link
Contributor Author

@philipphofmann thanks, I'll try that!

@koenpunt
Copy link
Contributor Author

@philipphofmann I used an URL instead, because that's what was causing the issue for me. Should be good to go!

@koenpunt
Copy link
Contributor Author

The build is failing due to the branch name(?):

  Error: Error: error: pathspec 'patch-1' did not match any file(s) known to git

@koenpunt
sentry_sanitize error user info
64461fc 
Without sanitizing the user info, `NSURLError`s would cause the sdk and context to be stripped from the event, because the user info of that error contains NSURL object.
@koenpunt
add CHANGELOG entry
4ddf2a7
@koenpunt
add test for error user info sanitization
3afeedf
@codecov-commenter
Copy link

Codecov Report

Merging #770 into master will decrease coverage by 0.00%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #770      +/-   ##
==========================================
- Coverage   92.83%   92.83%   -0.01%     
==========================================
  Files          73       73              
  Lines        3212     3211       -1     
==========================================
- Hits         2982     2981       -1     
  Misses        230      230
Impacted Files Coverage Δ
Sources/Sentry/SentryClient.m 92.35% <100.00%> (ø)
Sources/Sentry/SentryNSURLRequest.m 65.15% <0.00%> (-0.53%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7c1f1d0...3afeedf. Read the comment docs.

@koenpunt
Copy link
Contributor Author

Oh I get it, it tried to commit formatting changes. Now ran clang-format locally and updated the PR.

philipphofmann
philipphofmann approved these changes Oct 15, 2020
View reviewed changes
Copy link
Member

@philipphofmann philipphofmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome thanks. The entry in the changelog is in the wrong section, but never worry I'm going to fix it in another PR :).

@philipphofmann philipphofmann changed the title Sanitize values in userinfo dictionary. fix: Sanitize values from UserInfo of NSError and NSException Oct 15, 2020
@philipphofmann philipphofmann changed the title fix: Sanitize values from UserInfo of NSError and NSException fix: Sanitize UserInfo of NSError and NSException Oct 15, 2020
@philipphofmann philipphofmann merged commit 42070f6 into getsentry:master Oct 15, 2020
philipphofmann added a commit that referenced this pull request Oct 15, 2020
@philipphofmann
meta: Fix Changelog for #770
624fcb2
philipphofmann added a commit that referenced this pull request Oct 15, 2020
@philipphofmann
meta: Fix Changelog for #770 (#795)
a0f1ed4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philipphofmann philipphofmann

@bruno-garcia bruno-garcia

@HazAT HazAT

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@koenpunt @codecov-io @bruno-garcia @philipphofmann @codecov-commenter