Skip to content

Commit

Permalink
Prevent panic in case url.Parsing fails in fasthttp and fiber (#912)
Browse files Browse the repository at this point in the history
  • Loading branch information
ribice authored Dec 2, 2024
1 parent 9ed1fa9 commit fd9725b
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 24 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@
- Add `sentryslog` integration ([#865](https://github.com/getsentry/sentry-go/pull/865))
- Always set Mechanism Type to generic ([#896](https://github.com/getsentry/sentry-go/pull/897))

### Bug Fixes

- Prevent panic in `fasthttp` and `fiber` integration in case a malformed URL has to be parsed ([#912](https://github.com/getsentry/sentry-go/pull/912))

### Misc

Drop support for Go 1.18, 1.19 and 1.20. The currently supported Go versions are the last 3 stable releases: 1.23, 1.22 and 1.21.
Expand Down
27 changes: 12 additions & 15 deletions fasthttp/sentryfasthttp.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,7 @@ import (
"github.com/valyala/fasthttp"
)

type contextKey int

const (
ContextKey = contextKey(1)
// The identifier of the FastHTTP SDK.
sdkIdentifier = "sentry.go.fasthttp"
valuesKey = "sentry"
transactionKey = "sentry_transaction"
Expand Down Expand Up @@ -76,11 +72,9 @@ func (h *Handler) Handle(handler fasthttp.RequestHandler) fasthttp.RequestHandle
sentry.WithSpanOrigin(sentry.SpanOriginFastHTTP),
}

method := string(ctx.Method())

transaction := sentry.StartTransaction(
sentry.SetHubOnContext(ctx, hub),
fmt.Sprintf("%s %s", method, string(ctx.Path())),
fmt.Sprintf("%s %s", r.Method, string(ctx.Path())),
options...,
)
defer func() {
Expand All @@ -90,7 +84,7 @@ func (h *Handler) Handle(handler fasthttp.RequestHandler) fasthttp.RequestHandle
transaction.Finish()
}()

transaction.SetData("http.request.method", method)
transaction.SetData("http.request.method", r.Method)

scope := hub.Scope()
scope.SetRequest(r)
Expand Down Expand Up @@ -146,17 +140,23 @@ func convert(ctx *fasthttp.RequestCtx) *http.Request {
r := new(http.Request)

r.Method = string(ctx.Method())

uri := ctx.URI()
// Ignore error.
r.URL, _ = url.Parse(fmt.Sprintf("%s://%s%s", uri.Scheme(), uri.Host(), uri.Path()))
url, err := url.Parse(fmt.Sprintf("%s://%s%s", uri.Scheme(), uri.Host(), uri.Path()))
if err == nil {
r.URL = url
r.URL.RawQuery = string(uri.QueryString())
}

host := string(ctx.Host())
r.Host = host

// Headers
r.Header = make(http.Header)
r.Header.Add("Host", string(ctx.Host()))
r.Header.Add("Host", host)
ctx.Request.Header.VisitAll(func(key, value []byte) {
r.Header.Add(string(key), string(value))
})
r.Host = string(ctx.Host())

// Cookies
ctx.Request.Header.VisitAllCookie(func(key, value []byte) {
Expand All @@ -166,9 +166,6 @@ func convert(ctx *fasthttp.RequestCtx) *http.Request {
// Env
r.RemoteAddr = ctx.RemoteAddr().String()

// QueryString
r.URL.RawQuery = string(ctx.URI().QueryString())

// Body
r.Body = io.NopCloser(bytes.NewReader(ctx.Request.Body()))

Expand Down
27 changes: 18 additions & 9 deletions fiber/sentryfiber.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,6 @@ func (h *handler) handle(ctx *fiber.Ctx) error {

r := convert(ctx)

method := ctx.Method()

transactionName := ctx.Path()
transactionSource := sentry.SourceURL

Expand All @@ -79,7 +77,7 @@ func (h *handler) handle(ctx *fiber.Ctx) error {

transaction := sentry.StartTransaction(
sentry.SetHubOnContext(ctx.Context(), hub),
fmt.Sprintf("%s %s", method, transactionName),
fmt.Sprintf("%s %s", r.Method, transactionName),
options...,
)

Expand All @@ -90,7 +88,7 @@ func (h *handler) handle(ctx *fiber.Ctx) error {
transaction.Finish()
}()

transaction.SetData("http.request.method", method)
transaction.SetData("http.request.method", r.Method)

scope := hub.Scope()
scope.SetRequest(r)
Expand Down Expand Up @@ -141,22 +139,33 @@ func convert(ctx *fiber.Ctx) *http.Request {
r := new(http.Request)

r.Method = utils.CopyString(ctx.Method())

uri := ctx.Request().URI()
r.URL, _ = url.Parse(fmt.Sprintf("%s://%s%s", uri.Scheme(), uri.Host(), uri.Path()))
url, err := url.Parse(fmt.Sprintf("%s://%s%s", uri.Scheme(), uri.Host(), uri.Path()))
if err == nil {
r.URL = url
r.URL.RawQuery = string(uri.QueryString())
}

host := utils.CopyString(ctx.Hostname())
r.Host = host

// Headers
r.Header = make(http.Header)
r.Header.Add("Host", host)

ctx.Request().Header.VisitAll(func(key, value []byte) {
r.Header.Add(string(key), string(value))
})
r.Host = utils.CopyString(ctx.Hostname())

// Cookies
ctx.Request().Header.VisitAllCookie(func(key, value []byte) {
r.AddCookie(&http.Cookie{Name: string(key), Value: string(value)})
})

// Env
r.RemoteAddr = ctx.Context().RemoteAddr().String()

// QueryString
r.URL.RawQuery = string(ctx.Request().URI().QueryString())

// Body
r.Body = io.NopCloser(bytes.NewReader(ctx.Request().Body()))

Expand Down

0 comments on commit fd9725b

Please sign in to comment.