io.sentry.spring.jakarta.SentryRequestResolver Maven / Gradle / Ivy
package io.sentry.spring.jakarta;
import com.jakewharton.nopen.annotation.Open;
import io.sentry.IScopes;
import io.sentry.SentryLevel;
import io.sentry.protocol.Request;
import io.sentry.util.HttpUtils;
import io.sentry.util.Objects;
import io.sentry.util.UrlUtils;
import jakarta.servlet.ServletContext;
import jakarta.servlet.SessionCookieConfig;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@Open
public class SentryRequestResolver {
private final @NotNull IScopes scopes;
private volatile @Nullable List extraSecurityCookies;
public SentryRequestResolver(final @NotNull IScopes scopes) {
this.scopes = Objects.requireNonNull(scopes, "options is required");
}
// httpRequest.getRequestURL() returns StringBuffer which is considered an obsolete class.
@SuppressWarnings("JdkObsolete")
public @NotNull Request resolveSentryRequest(final @NotNull HttpServletRequest httpRequest) {
final Request sentryRequest = new Request();
sentryRequest.setMethod(httpRequest.getMethod());
final @NotNull UrlUtils.UrlDetails urlDetails =
UrlUtils.parse(httpRequest.getRequestURL().toString());
urlDetails.applyToRequest(sentryRequest);
sentryRequest.setQueryString(httpRequest.getQueryString());
final @NotNull List additionalSecurityCookieNames =
extractSecurityCookieNamesOrUseCached(httpRequest);
sentryRequest.setHeaders(resolveHeadersMap(httpRequest, additionalSecurityCookieNames));
if (scopes.getOptions().isSendDefaultPii()) {
String cookieName = HttpUtils.COOKIE_HEADER_NAME;
final @Nullable List filteredHeaders =
HttpUtils.filterOutSecurityCookiesFromHeader(
httpRequest.getHeaders(cookieName), cookieName, additionalSecurityCookieNames);
sentryRequest.setCookies(toString(filteredHeaders));
}
return sentryRequest;
}
@NotNull
Map resolveHeadersMap(
final @NotNull HttpServletRequest request,
final @NotNull List additionalSecurityCookieNames) {
final Map headersMap = new HashMap<>();
for (String headerName : Collections.list(request.getHeaderNames())) {
// do not copy personal information identifiable headers
if (scopes.getOptions().isSendDefaultPii()
|| !HttpUtils.containsSensitiveHeader(headerName)) {
final @Nullable List filteredHeaders =
HttpUtils.filterOutSecurityCookiesFromHeader(
request.getHeaders(headerName), headerName, additionalSecurityCookieNames);
headersMap.put(headerName, toString(filteredHeaders));
}
}
return headersMap;
}
private List extractSecurityCookieNamesOrUseCached(
final @NotNull HttpServletRequest httpRequest) {
if (extraSecurityCookies == null) {
synchronized (SentryRequestResolver.class) {
if (extraSecurityCookies == null) {
extraSecurityCookies = extractSecurityCookieNames(httpRequest);
}
}
}
return extraSecurityCookies;
}
private List extractSecurityCookieNames(final @NotNull HttpServletRequest httpRequest) {
try {
final @Nullable ServletContext servletContext = httpRequest.getServletContext();
if (servletContext != null) {
final @Nullable SessionCookieConfig sessionCookieConfig =
servletContext.getSessionCookieConfig();
if (sessionCookieConfig != null) {
final @Nullable String cookieName = sessionCookieConfig.getName();
if (cookieName != null) {
return Arrays.asList(cookieName);
}
}
}
} catch (Throwable t) {
scopes
.getOptions()
.getLogger()
.log(SentryLevel.WARNING, "Failed to extract session cookie name from request.", t);
}
return Collections.emptyList();
}
private static @Nullable String toString(final @Nullable List list) {
return list != null ? String.join(",", list) : null;
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy