Add latest changes from gitlab-org/gitlab@master

4 files changed, 63 insertions, 21 deletions

diff --git a/lib/gitlab/error_tracking.rb b/lib/gitlab/error_tracking.rb
index 38ac5d9af74..635e84d799f 100644
--- a/lib/gitlab/error_tracking.rb
+++ b/lib/gitlab/error_tracking.rb
@@ -19,22 +19,21 @@ module Gitlab
     PROCESSORS = [
       ::Gitlab::ErrorTracking::Processor::SidekiqProcessor,
       ::Gitlab::ErrorTracking::Processor::GrpcErrorProcessor,
-      ::Gitlab::ErrorTracking::Processor::ContextPayloadProcessor
+      ::Gitlab::ErrorTracking::Processor::ContextPayloadProcessor,
+      # IMPORTANT: this processor must stay at the bottom, right before
+      # sending the event to Sentry.
+      ::Gitlab::ErrorTracking::Processor::SanitizerProcessor
     ].freeze
 
     class << self
       def configure
-        Raven.configure do |config|
+        Sentry.init do |config|
           config.dsn = sentry_dsn
           config.release = Gitlab.revision
-          config.current_environment = Gitlab.config.sentry.environment
-
-          # Sanitize fields based on those sanitized from Rails.
-          config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
-
-          # Sanitize authentication headers
-          config.sanitize_http_headers = %w[Authorization Private-Token]
+          config.environment = Gitlab.config.sentry.environment
           config.before_send = method(:before_send)
+          config.background_worker_threads = 0
+          config.send_default_pii = true
 
           yield config if block_given?
         end
@@ -108,8 +107,11 @@ module Gitlab
       def process_exception(exception, sentry: false, logging: true, extra:)
         context_payload = Gitlab::ErrorTracking::ContextPayloadGenerator.generate(exception, extra)
 
-        if sentry && Raven.configuration.server
-          Raven.capture_exception(exception, **context_payload)
+        # There is a possibility that this method is called before Sentry is
+        # configured. Since Sentry 4.0, some methods of Sentry are forwarded to
+        # to `nil`, hence we have to check the client as well.
+        if sentry && ::Sentry.get_current_client && ::Sentry.configuration.dsn
+          ::Sentry.capture_exception(exception, **context_payload)
         end
 
         if logging
diff --git a/lib/gitlab/error_tracking/log_formatter.rb b/lib/gitlab/error_tracking/log_formatter.rb
index d004c4e20bb..92ef4d957f3 100644
--- a/lib/gitlab/error_tracking/log_formatter.rb
+++ b/lib/gitlab/error_tracking/log_formatter.rb
@@ -3,7 +3,7 @@
 module Gitlab
   module ErrorTracking
     class LogFormatter
-      # Note: all the accesses to Raven's contexts here are to keep the
+      # Note: all the accesses to Sentry's contexts here are to keep the
       # backward-compatibility to Sentry's built-in integrations. In future,
       # they can be removed.
       def generate_log(exception, context_payload)
@@ -20,21 +20,27 @@ module Gitlab
       private
 
       def append_user_to_log!(payload, context_payload)
-        user_context = Raven.context.user.merge(context_payload[:user])
+        return if current_scope.blank?
+
+        user_context = current_scope.user.merge(context_payload[:user])
         user_context.each do |key, value|
           payload["user.#{key}"] = value
         end
       end
 
       def append_tags_to_log!(payload, context_payload)
-        tags_context = Raven.context.tags.merge(context_payload[:tags])
+        return if current_scope.blank?
+
+        tags_context = current_scope.tags.merge(context_payload[:tags])
         tags_context.each do |key, value|
           payload["tags.#{key}"] = value
         end
       end
 
       def append_extra_to_log!(payload, context_payload)
-        extra = Raven.context.extra.merge(context_payload[:extra])
+        return if current_scope.blank?
+
+        extra = current_scope.extra.merge(context_payload[:extra])
         extra = extra.except(:server)
 
         # The extra value for sidekiq is a hash whose keys are strings.
@@ -50,6 +56,10 @@ module Gitlab
           payload["extra.#{key}"] = value
         end
       end
+
+      def current_scope
+        Sentry.get_current_scope
+      end
     end
   end
 end
diff --git a/lib/gitlab/error_tracking/processor/grpc_error_processor.rb b/lib/gitlab/error_tracking/processor/grpc_error_processor.rb
index e2a9192806f..0c2f1b2be67 100644
--- a/lib/gitlab/error_tracking/processor/grpc_error_processor.rb
+++ b/lib/gitlab/error_tracking/processor/grpc_error_processor.rb
@@ -17,8 +17,7 @@ module Gitlab
           # Sentry can report multiple exceptions in an event. Sanitize
           # only the first one since that's what is used for grouping.
           def process_first_exception_value(event)
-            # Better in new version, will be event.exception.values
-            exceptions = event.instance_variable_get(:@interfaces)[:exception]&.values
+            exceptions = event.exception&.instance_variable_get(:@values)
 
             return unless exceptions.is_a?(Array)
 
@@ -33,9 +32,7 @@ module Gitlab
 
             message, debug_str = split_debug_error_string(raw_message)
 
-            # Worse in new version, no setter! Have to poke at the
-            # instance variable
-            exception.value = message if message
+            exception.instance_variable_set(:@value, message) if message
             event.extra[:grpc_debug_error_string] = debug_str if debug_str
           end
 
@@ -66,7 +63,7 @@ module Gitlab
 
           def valid_exception?(exception)
             case exception
-            when Raven::SingleExceptionInterface
+            when Sentry::SingleExceptionInterface
               exception&.value
             else
               false
diff --git a/lib/gitlab/error_tracking/processor/sanitizer_processor.rb b/lib/gitlab/error_tracking/processor/sanitizer_processor.rb
new file mode 100644
index 00000000000..32d441fcdef
--- /dev/null
+++ b/lib/gitlab/error_tracking/processor/sanitizer_processor.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module ErrorTracking
+    module Processor
+      module SanitizerProcessor
+        SANITIZED_HTTP_HEADERS = %w[Authorization Private-Token].freeze
+        SANITIZED_ATTRIBUTES = %i[user contexts extra tags].freeze
+
+        # This processor removes sensitive fields or headers from the event
+        # before sending. Sentry versions above 4.0 don't support
+        # sanitized_fields and sanitized_http_headers anymore. The official
+        # document recommends using before_send instead.
+        #
+        # For more information, please visit:
+        # https://docs.sentry.io/platforms/ruby/guides/rails/configuration/filtering/#using-beforesend
+        def self.call(event)
+          if event.request.present? && event.request.headers.is_a?(Hash)
+            header_filter = ActiveSupport::ParameterFilter.new(SANITIZED_HTTP_HEADERS)
+            event.request.headers = header_filter.filter(event.request.headers)
+          end
+
+          attribute_filter = ActiveSupport::ParameterFilter.new(Rails.application.config.filter_parameters)
+          SANITIZED_ATTRIBUTES.each do |attribute|
+            event.send("#{attribute}=", attribute_filter.filter(event.send(attribute))) # rubocop:disable GitlabSecurity/PublicSend
+          end
+
+          event
+        end
+      end
+    end
+  end
+end