mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-25 03:44:29 +03:00
Added allowlist for Sentry transactions (#19538)
refs [ARCH-41](https://linear.app/tryghost/issue/ARCH-41/add-allowlist-for-sentry-transactions) Added allowlist for Sentry transactions so that we can better control the data we are putting into Sentry
This commit is contained in:
parent
aa5cd13aec
commit
57810cd34e
@ -57,6 +57,27 @@ const beforeSend = function (event, hint) {
|
||||
}
|
||||
};
|
||||
|
||||
const ALLOWED_HTTP_TRANSACTIONS = [
|
||||
'/ghost/api',
|
||||
'/members/api'
|
||||
].map((path) => {
|
||||
// Sentry names HTTP transactions like: "<HTTP_METHOD> <PATH>" i.e. "GET /ghost/api/content/settings"
|
||||
return new RegExp(`^(GET|POST|PUT|DELETE)\\s(?<path>${path}\\/.+)`);
|
||||
});
|
||||
|
||||
const beforeSendTransaction = function (event) {
|
||||
// Drop transactions that are not in the allowed list
|
||||
for (const transaction of ALLOWED_HTTP_TRANSACTIONS) {
|
||||
const match = event.transaction.match(transaction);
|
||||
|
||||
if (match?.groups?.path) {
|
||||
return event;
|
||||
}
|
||||
}
|
||||
|
||||
return null;
|
||||
};
|
||||
|
||||
if (sentryConfig && !sentryConfig.disabled) {
|
||||
const Sentry = require('@sentry/node');
|
||||
const version = require('@tryghost/version').full;
|
||||
@ -72,7 +93,8 @@ if (sentryConfig && !sentryConfig.disabled) {
|
||||
environment: environment,
|
||||
maxValueLength: 1000,
|
||||
integrations: [],
|
||||
beforeSend
|
||||
beforeSend,
|
||||
beforeSendTransaction
|
||||
};
|
||||
|
||||
// Enable tracing if sentry.tracing.enabled is true
|
||||
@ -117,6 +139,7 @@ if (sentryConfig && !sentryConfig.disabled) {
|
||||
captureException: Sentry.captureException,
|
||||
captureMessage: Sentry.captureMessage,
|
||||
beforeSend: beforeSend,
|
||||
beforeSendTransaction: beforeSendTransaction,
|
||||
initQueryTracing: (knex) => {
|
||||
if (sentryConfig.tracing?.enabled === true) {
|
||||
const integration = new SentryKnexTracingIntegration(knex);
|
||||
|
@ -155,4 +155,26 @@ describe('UNIT: sentry', function () {
|
||||
assert.deepEqual(result, expected);
|
||||
});
|
||||
});
|
||||
|
||||
describe('beforeTransaction', function () {
|
||||
it('filters transactions based on an allow list', function () {
|
||||
sentry = require('../../../core/shared/sentry');
|
||||
|
||||
const beforeSendTransaction = sentry. beforeSendTransaction;
|
||||
|
||||
const allowedTransactions = [
|
||||
{transaction: 'GET /ghost/api/settings'},
|
||||
{transaction: 'PUT /members/api/member'},
|
||||
{transaction: 'POST /ghost/api/tiers'},
|
||||
{transaction: 'DELETE /members/api/member'}
|
||||
];
|
||||
|
||||
allowedTransactions.forEach((transaction) => {
|
||||
assert.equal(beforeSendTransaction(transaction), transaction);
|
||||
});
|
||||
|
||||
assert.equal(beforeSendTransaction({transaction: 'GET /foo/bar'}), null);
|
||||
assert.equal(beforeSendTransaction({transaction: 'Some other transaction'}), null);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user