def test_without_ip_values(self): out = { 'sentry.interfaces.User': {}, 'sentry.interfaces.Http': { 'env': {}, }, } ensure_has_ip(out, '127.0.0.1') assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def test_with_user_ip(self): inp = { 'sentry.interfaces.User': { 'ip_address': '192.168.0.1', }, } out = inp.copy() ensure_has_ip(out, '127.0.0.1') assert inp == out
def test_without_ip_values(self): out = { 'sentry.interfaces.User': { }, 'sentry.interfaces.Http': { 'env': {}, }, } ensure_has_ip(out, '127.0.0.1') assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: raise APIRateLimited(rate_limit.retry_after) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data) data = manager.normalize() # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter() inst.apply(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def test_with_remote_addr(self): inp = { 'sentry.interfaces.Http': { 'env': { 'REMOTE_ADDR': '192.168.0.1', }, }, } out = inp.copy() ensure_has_ip(out, '127.0.0.1') assert inp == out
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) rate_limits = [safe_execute(app.quotas.is_rate_limited, project=project)] for plugin in plugins.all(): rate_limit = safe_execute(plugin.is_rate_limited, project=project) # We must handle the case of plugins not returning new RateLimit objects if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) rate_limits.append(rate_limit) if any(limit.is_limited for limit in rate_limits): raise APIRateLimited(max(limit.retry_after for limit in rate_limits)) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def process(self, request, project, auth, data, **kwargs): event_received.send(ip=request.META["REMOTE_ADDR"], sender=type(self)) is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project) for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): is_rate_limited = True if is_rate_limited: raise APIRateLimited result = plugins.first("has_perm", request.user, "create_event", project) if result is False: raise APIForbidden("Creation of this event was blocked") content_encoding = request.META.get("HTTP_CONTENT_ENCODING", "") if content_encoding == "gzip": data = decompress_gzip(data) elif content_encoding == "deflate": data = decompress_deflate(data) elif not data.startswith("{"): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META["REMOTE_ADDR"]) event_id = data["event_id"] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug("New event from project %s/%s (id=%s)", project.team.slug, project.slug, event_id) return event_id
def process(self, request, project, auth, data, **kwargs): event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self)) is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project) for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): is_rate_limited = True if is_rate_limited: raise APIRateLimited result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def test_without_any_values(self): out = {} ensure_has_ip(out, '127.0.0.1') assert out['sentry.interfaces.User']['ip_address'] == '127.0.0.1'
def process(self, request, project, auth, data, **kwargs): metrics.incr('events.total', 1) event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project, _with_transaction=False) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.project_total_rejected, project.id), (app.tsdb.models.organization_total_received, project.organization_id), (app.tsdb.models.organization_total_rejected, project.organization_id), ]) metrics.incr('events.dropped', 1) raise APIRateLimited(rate_limit.retry_after) else: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.organization_total_received, project.organization_id), ]) result = plugins.first('has_perm', request.user, 'create_event', project, version=1) if result is False: metrics.incr('events.dropped', 1) raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data, version=auth.version) data = manager.normalize() scrub_ip_address = project.get_option('sentry:scrub_ip_address', False) # insert IP address if not available if auth.is_public and not scrub_ip_address: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # TODO(dcramer): ideally we'd only validate this if the event_id was # supplied by the user cache_key = 'ev:%s:%s' % (project.id, event_id,) if cache.get(cache_key) is not None: logger.warning('Discarded recent duplicate event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) raise InvalidRequest('An event with the same ID already exists.') if project.get_option('sentry:scrub_data', True): # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter(project.get_option('sentry:sensitive_fields', None)) inst.apply(data) if scrub_ip_address: # We filter data immediately before it ever gets into the queue ensure_does_not_have_ip(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) cache.set(cache_key, '', 60 * 5) logger.debug('New event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) return event_id
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project, _with_transaction=False) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.project_total_rejected, project.id), (app.tsdb.models.organization_total_received, project.organization_id), (app.tsdb.models.organization_total_rejected, project.organization_id), ]) raise APIRateLimited(rate_limit.retry_after) else: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.organization_total_received, project.organization_id), ]) result = plugins.first('has_perm', request.user, 'create_event', project, version=1) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data, version=auth.version) data = manager.normalize() scrub_ip_address = project.get_option('sentry:scrub_ip_address', False) # insert IP address if not available if auth.is_public and not scrub_ip_address: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # TODO(dcramer): ideally we'd only validate this if the event_id was # supplied by the user cache_key = 'ev:%s:%s' % ( project.id, event_id, ) if cache.get(cache_key) is not None: logger.warning( 'Discarded recent duplicate event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) raise InvalidRequest('An event with the same ID already exists.') if project.get_option('sentry:scrub_data', True): # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter() inst.apply(data) if scrub_ip_address: # We filter data immediately before it ever gets into the queue ensure_does_not_have_ip(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) cache.set(cache_key, '', 60 * 5) logger.debug('New event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) return event_id
class StoreView(APIView): """ The primary endpoint for storing new events. This will validate the client's authentication and data, and if successful pass on the payload to the internal database handler. Authentication works in three flavors: 1. Explicit signed requests These are implemented using the documented signed request protocol, and require an authentication header which is signed using with the project member's secret key. 2. CORS Secured Requests Generally used for communications with client-side platforms (such as JavaScript in the browser), they require a standard header, excluding the signature and timestamp requirements, and must be listed in the origins for the given project (or the global origins). 3. Implicit trusted requests Used by the Sentry core, they are only available from same-domain requests and do not require any authentication information. They only require that the user be authenticated, and a project_id be sent in the GET variables. """ @never_cache def post(self, request, project, auth, **kwargs): data = request.raw_post_data response_or_event_id = self.process(request, project, auth, data, **kwargs) if isinstance(response_or_event_id, HttpResponse): return response_or_event_id return HttpResponse(json.dumps({ 'id': response_or_event_id, }), content_type='application/json') @never_cache def get(self, request, project, auth, **kwargs): data = request.GET.get('sentry_data', '') response_or_event_id = self.process(request, project, auth, data, **kwargs) # Return a simple 1x1 gif for browser so they don't throw a warning response = HttpResponse(PIXEL, 'image/gif') if not isinstance(response_or_event_id, HttpResponse): response['X-Sentry-ID'] = response_or_event_id return response def process(self, request, project, auth, data, **kwargs): if safe_execute(app.quotas.is_rate_limited, project=project): raise APIRateLimited for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): raise APIRateLimited result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id