def test_invalid_interface_args(self): with self.assertRaises(InvalidData): validate_data(self.project, { 'project': self.project.id, 'message': 'foo', 'tests.manager.tests.DummyInterface': {'foo': 'bar'} })
def test_invalid_interface_import_path(self): with self.assertRaises(InvalidInterface): validate_data(self.project, { 'project': self.project.id, 'message': 'foo', 'sentry.interfaces.Exception2': 'bar', })
def test_invalid_interface_name(self): with self.assertRaises(InvalidInterface): validate_data(self.project, { 'project': self.project.id, 'message': 'foo', 'foo.baz': 'bar', })
def handle(self, data, address): from sentry.utils.auth import parse_auth_header from sentry.coreapi import (project_from_auth_vars, decode_and_decompress_data, safely_load_json_string, validate_data, insert_data_to_database, APIError) try: try: auth_header, data = data.split("\n\n", 1) except ValueError: raise APIError("missing auth header") project = project_from_auth_vars(parse_auth_header(auth_header), data) if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data) except InvalidTimestamp: # Log the error, remove the timestamp, and revalidate logger.error('Client %r passed an invalid value for timestamp %r' % ( data['timestamp'], client or '<unknown client>', )) del data['timestamp'] validate_data(project, data) return insert_data_to_database(data) except APIError, error: logger.error('bad message from %s: %s' % (address, error.msg)) return error
def handle_sentry(data, address): from sentry.exceptions import InvalidData from sentry.coreapi import project_from_auth_vars, decode_and_decompress_data, \ safely_load_json_string, validate_data, insert_data_to_database, APIError from sentry.utils.auth import parse_auth_header try: try: auth_header, data = data.split('\n\n', 1) except ValueError: raise APIError('missing auth header') auth_vars = parse_auth_header(auth_header) project = project_from_auth_vars(auth_vars, data) client = auth_vars.get('sentry_client') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, client) except InvalidData, e: raise APIError(unicode(e)) return insert_data_to_database(data)
def store(request): try: auth_vars = extract_auth_vars(request) data = request.raw_post_data if auth_vars: server_version = auth_vars.get('sentry_version', '1.0') else: server_version = request.GET.get('version', '1.0') if server_version not in ('1.0', '2.0'): raise APIError('Client/server version mismatch. Unsupported version: %r' % server_version) if auth_vars: project = project_from_auth_vars(auth_vars, data) elif request.GET.get('api_key') and request.GET.get('project_id') and request.is_secure(): # ssl requests dont have to have signature verification project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id']) elif request.GET.get('project_id') and request.user.is_authenticated(): # authenticated users are simply trusted to provide the right id project = project_from_id(request) else: raise APIUnauthorized() if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) validate_data(project, data) insert_data_to_database(data) except APIError, error: return HttpResponse(error.msg, status=error.http_status)
def post(self, request, project, auth, **kwargs): data = request.raw_post_data if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, auth.client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
def process(self, request, project, auth, data, **kwargs): result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, auth.client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: raise APIRateLimited(rate_limit.retry_after) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data) data = manager.normalize() # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter() inst.apply(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) rate_limits = [safe_execute(app.quotas.is_rate_limited, project=project)] for plugin in plugins.all(): rate_limit = safe_execute(plugin.is_rate_limited, project=project) # We must handle the case of plugins not returning new RateLimit objects if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) rate_limits.append(rate_limit) if any(limit.is_limited for limit in rate_limits): raise APIRateLimited(max(limit.retry_after for limit in rate_limits)) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def test_log_level_as_string(self): data = validate_data(self.project, { 'project': self.project.id, 'message': 'foo', 'level': 'error', }) self.assertEquals(data['level'], 40)
def test_unknown_attribute(self): data = validate_data(self.project, { 'project': self.project.slug, 'message': 'foo', 'foo': 'bar', }) self.assertFalse('foo' in data)
def process(self, request, project, auth, data, **kwargs): event_received.send(ip=request.META["REMOTE_ADDR"], sender=type(self)) is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project) for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): is_rate_limited = True if is_rate_limited: raise APIRateLimited result = plugins.first("has_perm", request.user, "create_event", project) if result is False: raise APIForbidden("Creation of this event was blocked") content_encoding = request.META.get("HTTP_CONTENT_ENCODING", "") if content_encoding == "gzip": data = decompress_gzip(data) elif content_encoding == "deflate": data = decompress_deflate(data) elif not data.startswith("{"): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META["REMOTE_ADDR"]) event_id = data["event_id"] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug("New event from project %s/%s (id=%s)", project.team.slug, project.slug, event_id) return event_id
def handle_sentry(data, address): from sentry.coreapi import ( project_from_auth_vars, decode_and_decompress_data, safely_load_json_string, validate_data, insert_data_to_database, APIError, APIForbidden, ) from sentry.models import Group from sentry.exceptions import InvalidData from sentry.plugins import plugins from sentry.utils.auth import parse_auth_header try: try: auth_header, data = data.split("\n\n", 1) except ValueError: raise APIError("missing auth header") try: auth_vars = parse_auth_header(auth_header) except (ValueError, IndexError): raise APIError("invalid auth header") project, user = project_from_auth_vars(auth_vars) result = plugins.first("has_perm", user, "create_event", project) if result is False: raise APIForbidden("Creation of this event was blocked") client = auth_vars.get("sentry_client") if not data.startswith("{"): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, client) except InvalidData, e: raise APIError(u"Invalid data: %s (%s)" % (unicode(e), type(e))) Group.objects.normalize_event_data(data) return insert_data_to_database(data)
def process(self, request, project, auth, data, **kwargs): for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): return HttpResponse('Creation of this event was denied due to rate limiting.', content_type='text/plain', status=405) result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
def test_does_expand_list(self): data = validate_data(self.project, { 'message': 'foo', 'exception': [{ 'type': 'ValueError', 'value': 'hello world', 'module': 'foo.bar', }] }) assert 'sentry.interfaces.Exception' in data
def test_an_alias_maps_correctly(self, import_string): alias, full_path = INTERFACE_ALIASES.items()[0] result = validate_data(self.project, {"project": self.project.id, "message": "foo", alias: {"foo": "bar"}}) import_string.assert_called_once_with(full_path) interface = import_string.return_value interface.assert_called_once_with(foo="bar") assert alias not in result assert full_path in result assert result[full_path] == interface.return_value.serialize.return_value
def process(self, request, project, auth, data, **kwargs): if safe_execute(app.quotas.is_rate_limited, project=project): raise APIRateLimited for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): raise APIRateLimited result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e)))
def handle(self, data, address): from sentry.utils.auth import parse_auth_header from sentry.coreapi import (project_from_auth_vars, decode_and_decompress_data, safely_load_json_string, validate_data, insert_data_to_database, APIError) try: try: auth_header, data = data.split("\n\n", 1) except ValueError: raise APIError("missing auth header") project = project_from_auth_vars(parse_auth_header(auth_header), data) if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) validate_data(project, data) return insert_data_to_database(data) except APIError, error: logger.error('bad message from %s: %s' % (address, error.msg)) return error
def process(self, request, project, auth, data, **kwargs): event_received.send(ip=request.META['REMOTE_ADDR'], sender=type(self)) is_rate_limited = safe_execute(app.quotas.is_rate_limited, project=project) for plugin in plugins.all(): if safe_execute(plugin.is_rate_limited, project=project): is_rate_limited = True if is_rate_limited: raise APIRateLimited result = plugins.first('has_perm', request.user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) # mutates data Group.objects.normalize_event_data(data) # insert IP address if not available if auth.is_public: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # mutates data (strips a lot of context if not queued) insert_data_to_database(data) logger.debug('New event from project %s/%s (id=%s)', project.team.slug, project.slug, event_id) return event_id
def test_an_alias_maps_correctly(self, import_string): alias, full_path = INTERFACE_ALIASES.items()[0] result = validate_data(self.project, { 'project': self.project.id, 'message': 'foo', alias: {'foo': 'bar'}, }) import_string.assert_called_once_with(full_path) interface = import_string.return_value interface.assert_called_once_with(foo='bar') assert alias not in result assert full_path in result assert result[full_path] == interface.return_value.serialize.return_value
def handle_sentry(data, address): from sentry.coreapi import project_from_auth_vars, decode_and_decompress_data, \ safely_load_json_string, validate_data, insert_data_to_database, APIError, \ APIForbidden from sentry.exceptions import InvalidData from sentry.plugins import plugins from sentry.utils.auth import parse_auth_header try: try: auth_header, data = data.split('\n\n', 1) except ValueError: raise APIError('missing auth header') try: auth_vars = parse_auth_header(auth_header) except (ValueError, IndexError): raise APIError('invalid auth header') project, user = project_from_auth_vars(auth_vars) result = plugins.first('has_perm', user, 'create_event', project) if result is False: raise APIForbidden('Creation of this event was blocked') client = auth_vars.get('sentry_client') if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, client) except InvalidData, e: raise APIError(u'Invalid data: %s (%s)' % (unicode(e), type(e))) return insert_data_to_database(data)
def test_an_alias_maps_correctly(self, import_string): alias, full_path = INTERFACE_ALIASES.items()[0] result = validate_data(self.project, { 'project': self.project.id, 'message': 'foo', alias: { 'foo': 'bar' }, }) import_string.assert_called_once_with(full_path) interface = import_string.return_value interface.assert_called_once_with(foo='bar') assert alias not in result assert full_path in result assert result[ full_path] == interface.return_value.serialize.return_value
def test_invalid_interface_import_path(self): data = validate_data(self.project, { 'message': 'foo', 'sentry.interfaces.Exception2': 'bar', }) assert 'sentry.interfaces.Exception2' not in data
def test_unknown_attribute(self): data = validate_data(self.project, { 'message': 'foo', 'foo': 'bar', }) assert 'foo' not in data
def test_tags_as_invalid_pair(self): data = validate_data(self.project, { 'message': 'foo', 'tags': [('foo', 'bar'), ('biz', 'baz', 'boz')], }) assert data['tags'] == [('foo', 'bar')]
def test_invalid_log_level(self): data = validate_data(self.project, { 'message': 'foo', 'level': 'foobar', }) assert data['level'] == 40
def store(request): """ The primary endpoint for storing new events. This will validate the client's authentication and data, and if successfull pass on the payload to the internal database handler. Authentication works in three flavors: 1. Explicit signed requests These are implemented using the documented signed request protocol, and require an authentication header which is signed using with the project member's secret key. 2. Explicit trusted requests Generally used for communications with client-side platforms (such as JavaScript in the browser), they require the GET variables public_key and project_id, as well as an HTTP_REFERER to be set from a trusted domain. 3. Implicit trusted requests Used by the Sentry core, they are only available from same-domain requests and do not require any authentication information. They only require that the user be authenticated, and a project_id be sent in the GET variables. """ logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR']) client = '<unknown client>' try: if request.method == 'POST': auth_vars = extract_auth_vars(request) data = request.raw_post_data if auth_vars: server_version = auth_vars.get('sentry_version', '1.0') client = auth_vars.get('sentry_client') else: server_version = request.GET.get('version', '1.0') client = request.META.get('HTTP_USER_AGENT', request.GET.get('client')) if server_version not in ('1.0', '2.0'): raise APIError( 'Client/server version mismatch: Unsupported version: %r' % server_version) if server_version != '1.0' and not client: raise APIError( 'Client request error: Missing client version identifier.') referrer = request.META.get('HTTP_REFERER') if auth_vars: project = project_from_auth_vars(auth_vars, data) elif request.GET.get('api_key') and request.GET.get('project_id'): # public requests only need referrer validation for CSRF project = project_from_api_key_and_id( request.GET['api_key'], request.GET['project_id']) if not ProjectDomain.test(project, referrer): raise APIUnauthorized() elif request.GET.get('project_id') and request.user.is_authenticated() and \ is_same_domain(request.build_absolute_uri(), referrer): # authenticated users are simply trusted to provide the right id project = project_from_id(request) else: raise APIUnauthorized() if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, client) except InvalidData, e: raise APIError(unicode(e)) insert_data_to_database(data) except APIError, error: logging.error('Client %r raised API error: %s' % (client, error), exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_project_slug(self): data = validate_data(self.project, { 'project': self.project.slug, 'message': 'foo', }) assert data['project'] == self.project.id
def test_invalid_project_id(self): with self.assertRaises(APIForbidden): validate_data(self.project, { 'project': self.project.id + 1, 'message': 'foo', })
def test_invalid_event_id(self, uuid4): data = validate_data(self.project, { 'event_id': 'a' * 33, }) assert data['event_id'] == uuid4.return_value.hex
def test_invalid_interface_name(self): data = validate_data(self.project, { 'message': 'foo', 'foo.baz': 'bar', }) assert 'foo.baz' not in data
def store(request, project=None): """ The primary endpoint for storing new events. This will validate the client's authentication and data, and if successfull pass on the payload to the internal database handler. Authentication works in three flavors: 1. Explicit signed requests These are implemented using the documented signed request protocol, and require an authentication header which is signed using with the project member's secret key. 2. CORS Secured Requests Generally used for communications with client-side platforms (such as JavaScript in the browser), they require a standard header, excluding the signature and timestamp requirements, and must be listed in the origins for the given project (or the global origins). 3. Implicit trusted requests Used by the Sentry core, they are only available from same-domain requests and do not require any authentication information. They only require that the user be authenticated, and a project_id be sent in the GET variables. """ logger.debug('Inbound %r request from %r (%s)', request.method, request.META['REMOTE_ADDR'], request.META.get('HTTP_USER_AGENT')) client = '<unknown client>' response = HttpResponse() if request.method == 'POST': try: auth_vars = extract_auth_vars(request) data = request.raw_post_data if auth_vars: server_version = auth_vars.get('sentry_version', '1.0') client = auth_vars.get('sentry_client', request.META.get('HTTP_USER_AGENT')) else: server_version = request.GET.get('version', '1.0') client = request.META.get('HTTP_USER_AGENT', request.GET.get('client')) if server_version not in ('1.0', '2.0'): raise APIError( 'Client/server version mismatch: Unsupported version: %r' % server_version) if server_version != '1.0' and not client: raise APIError( 'Client request error: Missing client version identifier.') referrer = request.META.get('HTTP_REFERER') if auth_vars: # We only require a signature if a referrer was not set # (this is restricted via the CORS headers) project_ = project_from_auth_vars(auth_vars, data, require_signature=False) if not project: project = project_ elif project_ != project: raise APIError('Project ID mismatch') elif request.user.is_authenticated() and is_same_domain( request.build_absolute_uri(), referrer): # authenticated users are simply trusted to provide the right id project_ = project_from_id(request) if not project: project = project_ elif project_ != project: raise APIError('Project ID mismatch') else: raise APIUnauthorized() if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data, client) except InvalidData, e: raise APIError(u'Invalid data: %s' % unicode(e)) insert_data_to_database(data) except APIError, error: logger.error('Client %r raised API error: %s', client, error, extra={ 'request': request, }, exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_log_level_as_string(self): data = validate_data(self.project, { 'message': 'foo', 'level': 'error', }) assert data['level'] == 40
def test_tags_out_of_bounds(self): data = validate_data(self.project, { 'message': 'foo', 'tags': {'f' * 33: 'value', 'foo': 'v' * 201, 'bar': 'value'}, }) assert data['tags'] == [('bar', 'value')]
def test_tags_as_string(self): data = validate_data(self.project, { 'message': 'foo', 'tags': 'bar', }) assert 'tags' not in data
def test_project_slug(self): data = validate_data(self.project, { 'project': self.project.slug, 'message': 'foo', }) self.assertEquals(data['project'], self.project.id)
def test_extra_as_string(self): data = validate_data(self.project, { 'message': 'foo', 'extra': 'bar', }) assert 'extra' not in data
def test_missing_project_id(self): data = validate_data(self.project, { 'message': 'foo', }) assert data['project'] == self.project.id
def test_invalid_interface_args(self): data = validate_data(self.project, { 'message': 'foo', 'tests.manager.tests.DummyInterface': {'foo': 'bar'} }) assert 'tests.manager.tests.DummyInterface' not in data
def test_missing_event_id(self, uuid4): data = validate_data(self.project, {}) assert data['event_id'] == '031667ea1758441f92c7995a428d2d14'
def test_invalid_event_id(self): with self.assertRaises(InvalidData): validate_data(self.project, { 'event_id': 'a' * 33, })
def test_invalid_event_id(self, uuid4): data = validate_data(self.project, { 'event_id': 'a' * 33, }) assert data['event_id'] == '031667ea1758441f92c7995a428d2d14'
def test_missing_event_id(self, uuid4): data = validate_data(self.project, {}) assert data['event_id'] == uuid4.return_value.hex
def process(self, request, project, auth, data, **kwargs): event_received.send_robust(ip=request.META['REMOTE_ADDR'], sender=type(self)) # TODO: improve this API (e.g. make RateLimit act on __ne__) rate_limit = safe_execute(app.quotas.is_rate_limited, project=project, _with_transaction=False) if isinstance(rate_limit, bool): rate_limit = RateLimit(is_limited=rate_limit, retry_after=None) if rate_limit is not None and rate_limit.is_limited: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.project_total_rejected, project.id), (app.tsdb.models.organization_total_received, project.organization_id), (app.tsdb.models.organization_total_rejected, project.organization_id), ]) raise APIRateLimited(rate_limit.retry_after) else: app.tsdb.incr_multi([ (app.tsdb.models.project_total_received, project.id), (app.tsdb.models.organization_total_received, project.organization_id), ]) result = plugins.first('has_perm', request.user, 'create_event', project, version=1) if result is False: raise APIForbidden('Creation of this event was blocked') content_encoding = request.META.get('HTTP_CONTENT_ENCODING', '') if content_encoding == 'gzip': data = decompress_gzip(data) elif content_encoding == 'deflate': data = decompress_deflate(data) elif not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: # mutates data validate_data(project, data, auth.client) except InvalidData as e: raise APIError(u'Invalid data: %s (%s)' % (six.text_type(e), type(e))) # mutates data manager = EventManager(data, version=auth.version) data = manager.normalize() scrub_ip_address = project.get_option('sentry:scrub_ip_address', False) # insert IP address if not available if auth.is_public and not scrub_ip_address: ensure_has_ip(data, request.META['REMOTE_ADDR']) event_id = data['event_id'] # TODO(dcramer): ideally we'd only validate this if the event_id was # supplied by the user cache_key = 'ev:%s:%s' % ( project.id, event_id, ) if cache.get(cache_key) is not None: logger.warning( 'Discarded recent duplicate event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) raise InvalidRequest('An event with the same ID already exists.') if project.get_option('sentry:scrub_data', True): # We filter data immediately before it ever gets into the queue inst = SensitiveDataFilter() inst.apply(data) if scrub_ip_address: # We filter data immediately before it ever gets into the queue ensure_does_not_have_ip(data) # mutates data (strips a lot of context if not queued) insert_data_to_database(data) cache.set(cache_key, '', 60 * 5) logger.debug('New event from project %s/%s (id=%s)', project.organization.slug, project.slug, event_id) return event_id
def test_missing_project_id(self): data = validate_data(self.project, { 'message': 'foo', }) self.assertEquals(data['project'], self.project.id)
def store(request): """ The primary endpoint for storing new events. This will validate the client's authentication and data, and if successfull pass on the payload to the internal database handler. Authentication works in three flavors: 1. Explicit signed requests These are implemented using the documented signed request protocol, and require an authentication header which is signed using with the project member's secret key. 2. Explicit trusted requests Generally used for communications with client-side platforms (such as JavaScript in the browser), they require the GET variables public_key and project_id, as well as an HTTP_REFERER to be set from a trusted domain. 3. Implicit trusted requests Used by the Sentry core, they are only available from same-domain requests and do not require any authentication information. They only require that the user be authenticated, and a project_id be sent in the GET variables. """ logger.debug('Inbound %r request from %r', request.method, request.META['REMOTE_ADDR']) client = '<unknown client>' try: if request.method == 'POST': auth_vars = extract_auth_vars(request) data = request.raw_post_data if auth_vars: server_version = auth_vars.get('sentry_version', '1.0') client = auth_vars.get('sentry_client') else: server_version = request.GET.get('version', '1.0') client = request.META.get('HTTP_USER_AGENT', request.GET.get('client')) if server_version not in ('1.0', '2.0'): raise APIError('Client/server version mismatch: Unsupported version: %r' % server_version) if server_version != '1.0' and not client: raise APIError('Client request error: Missing client version identifier.') referrer = request.META.get('HTTP_REFERER') if auth_vars: project = project_from_auth_vars(auth_vars, data) elif request.GET.get('api_key') and request.GET.get('project_id'): # public requests only need referrer validation for CSRF project = project_from_api_key_and_id(request.GET['api_key'], request.GET['project_id']) if not ProjectDomain.test(project, referrer): raise APIUnauthorized() elif request.GET.get('project_id') and request.user.is_authenticated() and \ is_same_domain(request.build_absolute_uri(), referrer): # authenticated users are simply trusted to provide the right id project = project_from_id(request) else: raise APIUnauthorized() if not data.startswith('{'): data = decode_and_decompress_data(data) data = safely_load_json_string(data) try: validate_data(project, data) except InvalidTimestamp: # Log the error, remove the timestamp, and revalidate error_logger.error('Client %r passed an invalid value for timestamp %r' % ( data['timestamp'], client or '<unknown client>', )) del data['timestamp'] validate_data(project, data) insert_data_to_database(data) except APIError, error: logging.error('Client %r raised API error: %s' % (client, error), exc_info=True) response = HttpResponse(unicode(error.msg), status=error.http_status)
def test_long_culprit(self): data = validate_data(self.project, { 'culprit': 'x' * (MAX_CULPRIT_LENGTH + 1) }) assert len(data['culprit']) == MAX_CULPRIT_LENGTH