def test_without_ip_values(self):
out = {
'sentry.interfaces.User': {},
'sentry.interfaces.Http': {
'env': {},
},
}
ensure_has_ip(out, '127.0.0.1')
assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def test_with_user_ip(self):
inp = {
'sentry.interfaces.User': {
'ip_address': '192.168.0.1',
},
}
out = inp.copy()
ensure_has_ip(out, '127.0.0.1')
assert inp == out
def test_with_user_ip(self):
inp = {
'sentry.interfaces.User': {
'ip_address': '192.168.0.1',
},
}
out = inp.copy()
ensure_has_ip(out, '127.0.0.1')
assert inp == out
def test_without_ip_values(self):
out = {
'sentry.interfaces.User': {
},
'sentry.interfaces.Http': {
'env': {},
},
}
ensure_has_ip(out, '127.0.0.1')
assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def process(self, request, project, auth, data, **kwargs):
event_received.send_robust(ip=request.META['REMOTE_ADDR'],
sender=type(self))
# TODO: improve this API (e.g. make RateLimit act on __ne__)
rate_limit = safe_execute(app.quotas.is_rate_limited, project=project)
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
if rate_limit is not None and rate_limit.is_limited:
raise APIRateLimited(rate_limit.retry_after)
result = plugins.first('has_perm', request.user, 'create_event',
project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' %
(six.text_type(e), type(e)))
# mutates data
manager = EventManager(data)
data = manager.normalize()
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# We filter data immediately before it ever gets into the queue
inst = SensitiveDataFilter()
inst.apply(data)
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
project.slug, event_id)
return event_id
def test_with_remote_addr(self):
inp = {
'sentry.interfaces.Http': {
'env': {
'REMOTE_ADDR': '192.168.0.1',
},
},
}
out = inp.copy()
ensure_has_ip(out, '127.0.0.1')
assert inp == out
def test_with_remote_addr(self):
inp = {
'sentry.interfaces.Http': {
'env': {
'REMOTE_ADDR': '192.168.0.1',
},
},
}
out = inp.copy()
ensure_has_ip(out, '127.0.0.1')
assert inp == out
def process(self, request, project, auth, data, **kwargs):
event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))
# TODO: improve this API (e.g. make RateLimit act on __ne__)
rate_limit = safe_execute(app.quotas.is_rate_limited, project=project)
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
if rate_limit is not None and rate_limit.is_limited:
raise APIRateLimited(rate_limit.retry_after)
result = plugins.first('has_perm', request.user, 'create_event', project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e)))
# mutates data
manager = EventManager(data)
data = manager.normalize()
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# We filter data immediately before it ever gets into the queue
inst = SensitiveDataFilter()
inst.apply(data)
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)
return event_id
def process(self, request, project, auth, data, **kwargs):
event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))
rate_limits = [safe_execute(app.quotas.is_rate_limited, project=project)]
for plugin in plugins.all():
rate_limit = safe_execute(plugin.is_rate_limited, project=project)
# We must handle the case of plugins not returning new RateLimit objects
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
rate_limits.append(rate_limit)
if any(limit.is_limited for limit in rate_limits):
raise APIRateLimited(max(limit.retry_after for limit in rate_limits))
result = plugins.first('has_perm', request.user, 'create_event', project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
# mutates data
Group.objects.normalize_event_data(data)
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)
return event_id
def process(self, request, project, auth, data, **kwargs):
event_received.send(ip=request.META["REMOTE_ADDR"], sender=type(self))
is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project)
for plugin in plugins.all():
if safe_execute(plugin.is_rate_limited, project=project):
is_rate_limited = True
if is_rate_limited:
raise APIRateLimited
result = plugins.first("has_perm", request.user, "create_event", project)
if result is False:
raise APIForbidden("Creation of this event was blocked")
content_encoding = request.META.get("HTTP_CONTENT_ENCODING", "")
if content_encoding == "gzip":
data = decompress_gzip(data)
elif content_encoding == "deflate":
data = decompress_deflate(data)
elif not data.startswith("{"):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e)))
# mutates data
Group.objects.normalize_event_data(data)
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META["REMOTE_ADDR"])
event_id = data["event_id"]
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug("New event from project %s/%s (id=%s)", project.team.slug, project.slug, event_id)
return event_id
def process(self, request, project, auth, data, **kwargs):
event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self))
is_rate_limited = safe_execute(app.quotas.is_rate_limited,
project=project)
for plugin in plugins.all():
if safe_execute(plugin.is_rate_limited, project=project):
is_rate_limited = True
if is_rate_limited:
raise APIRateLimited
result = plugins.first('has_perm', request.user, 'create_event',
project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
# mutates data
Group.objects.normalize_event_data(data)
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
project.slug, event_id)
return event_id
def process(self, request, project, auth, data, **kwargs):
event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self))
is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project)
for plugin in plugins.all():
if safe_execute(plugin.is_rate_limited, project=project):
is_rate_limited = True
if is_rate_limited:
raise APIRateLimited
result = plugins.first('has_perm', request.user, 'create_event', project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
# mutates data
Group.objects.normalize_event_data(data)
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id)
return event_id
def test_without_any_values(self):
out = {}
ensure_has_ip(out, '127.0.0.1')
assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def process(self, request, project, auth, data, **kwargs):
metrics.incr('events.total', 1)
event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self))
# TODO: improve this API (e.g. make RateLimit act on __ne__)
rate_limit = safe_execute(app.quotas.is_rate_limited, project=project,
_with_transaction=False)
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
if rate_limit is not None and rate_limit.is_limited:
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_rejected, project.id),
(app.tsdb.models.organization_total_received, project.organization_id),
(app.tsdb.models.organization_total_rejected, project.organization_id),
])
metrics.incr('events.dropped', 1)
raise APIRateLimited(rate_limit.retry_after)
else:
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.organization_total_received, project.organization_id),
])
result = plugins.first('has_perm', request.user, 'create_event', project,
version=1)
if result is False:
metrics.incr('events.dropped', 1)
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e)))
# mutates data
manager = EventManager(data, version=auth.version)
data = manager.normalize()
scrub_ip_address = project.get_option('sentry:scrub_ip_address', False)
# insert IP address if not available
if auth.is_public and not scrub_ip_address:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# TODO(dcramer): ideally we'd only validate this if the event_id was
# supplied by the user
cache_key = 'ev:%s:%s' % (project.id, event_id,)
if cache.get(cache_key) is not None:
logger.warning('Discarded recent duplicate event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id)
raise InvalidRequest('An event with the same ID already exists.')
if project.get_option('sentry:scrub_data', True):
# We filter data immediately before it ever gets into the queue
inst = SensitiveDataFilter(project.get_option('sentry:sensitive_fields', None))
inst.apply(data)
if scrub_ip_address:
# We filter data immediately before it ever gets into the queue
ensure_does_not_have_ip(data)
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
cache.set(cache_key, '', 60 * 5)
logger.debug('New event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id)
return event_id
def process(self, request, project, auth, data, **kwargs):
event_received.send_robust(ip=request.META['REMOTE_ADDR'],
sender=type(self))
# TODO: improve this API (e.g. make RateLimit act on __ne__)
rate_limit = safe_execute(app.quotas.is_rate_limited,
project=project,
_with_transaction=False)
if isinstance(rate_limit, bool):
rate_limit = RateLimit(is_limited=rate_limit, retry_after=None)
if rate_limit is not None and rate_limit.is_limited:
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.project_total_rejected, project.id),
(app.tsdb.models.organization_total_received,
project.organization_id),
(app.tsdb.models.organization_total_rejected,
project.organization_id),
])
raise APIRateLimited(rate_limit.retry_after)
else:
app.tsdb.incr_multi([
(app.tsdb.models.project_total_received, project.id),
(app.tsdb.models.organization_total_received,
project.organization_id),
])
result = plugins.first('has_perm',
request.user,
'create_event',
project,
version=1)
if result is False:
raise APIForbidden('Creation of this event was blocked')
content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '')
if content_encoding == 'gzip':
data = decompress_gzip(data)
elif content_encoding == 'deflate':
data = decompress_deflate(data)
elif not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData as e:
raise APIError(u'Invalid data: %s (%s)' %
(six.text_type(e), type(e)))
# mutates data
manager = EventManager(data, version=auth.version)
data = manager.normalize()
scrub_ip_address = project.get_option('sentry:scrub_ip_address', False)
# insert IP address if not available
if auth.is_public and not scrub_ip_address:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# TODO(dcramer): ideally we'd only validate this if the event_id was
# supplied by the user
cache_key = 'ev:%s:%s' % (
project.id,
event_id,
)
if cache.get(cache_key) is not None:
logger.warning(
'Discarded recent duplicate event from project %s/%s (id=%s)',
project.organization.slug, project.slug, event_id)
raise InvalidRequest('An event with the same ID already exists.')
if project.get_option('sentry:scrub_data', True):
# We filter data immediately before it ever gets into the queue
inst = SensitiveDataFilter()
inst.apply(data)
if scrub_ip_address:
# We filter data immediately before it ever gets into the queue
ensure_does_not_have_ip(data)
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
cache.set(cache_key, '', 60 * 5)
logger.debug('New event from project %s/%s (id=%s)',
project.organization.slug, project.slug, event_id)
return event_id
def test_without_any_values(self):
out = {}
ensure_has_ip(out, '127.0.0.1')
assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
class StoreView(APIView):
"""
The primary endpoint for storing new events.
This will validate the client's authentication and data, and if
successful pass on the payload to the internal database handler.
Authentication works in three flavors:
1. Explicit signed requests
These are implemented using the documented signed request protocol, and
require an authentication header which is signed using with the project
member's secret key.
2. CORS Secured Requests
Generally used for communications with client-side platforms (such as
JavaScript in the browser), they require a standard header, excluding
the signature and timestamp requirements, and must be listed in the
origins for the given project (or the global origins).
3. Implicit trusted requests
Used by the Sentry core, they are only available from same-domain requests
and do not require any authentication information. They only require that
the user be authenticated, and a project_id be sent in the GET variables.
"""
@never_cache
def post(self, request, project, auth, **kwargs):
data = request.raw_post_data
response_or_event_id = self.process(request, project, auth, data,
**kwargs)
if isinstance(response_or_event_id, HttpResponse):
return response_or_event_id
return HttpResponse(json.dumps({
'id': response_or_event_id,
}),
content_type='application/json')
@never_cache
def get(self, request, project, auth, **kwargs):
data = request.GET.get('sentry_data', '')
response_or_event_id = self.process(request, project, auth, data,
**kwargs)
# Return a simple 1x1 gif for browser so they don't throw a warning
response = HttpResponse(PIXEL, 'image/gif')
if not isinstance(response_or_event_id, HttpResponse):
response['X-Sentry-ID'] = response_or_event_id
return response
def process(self, request, project, auth, data, **kwargs):
if safe_execute(app.quotas.is_rate_limited, project=project):
raise APIRateLimited
for plugin in plugins.all():
if safe_execute(plugin.is_rate_limited, project=project):
raise APIRateLimited
result = plugins.first('has_perm', request.user, 'create_event',
project)
if result is False:
raise APIForbidden('Creation of this event was blocked')
if not data.startswith('{'):
data = decode_and_decompress_data(data)
data = safely_load_json_string(data)
try:
# mutates data
validate_data(project, data, auth.client)
except InvalidData, e:
raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
# mutates data
Group.objects.normalize_event_data(data)
# insert IP address if not available
if auth.is_public:
ensure_has_ip(data, request.META['REMOTE_ADDR'])
event_id = data['event_id']
# mutates data (strips a lot of context if not queued)
insert_data_to_database(data)
logger.debug('New event from project %s/%s (id=%s)', project.team.slug,
project.slug, event_id)
return event_id
