Improve error tracking error handling

Instead of failing with 500 error when payload is invalid or activerecord is invalid, we handle those scenarios and return a 400 error response to the client. Changelog: changed Signed-off-by: Dmytro Zaporozhets <dzaporozhets@gitlab.com>

Improve error tracking error handling
Instead of failing with 500 error when payload is invalid or activerecord is invalid, we handle those scenarios and return a 400 error response to the client. Changelog: changed Signed-off-by: Dmytro Zaporozhets <dzaporozhets@gitlab.com>
78e67fc8 · Dmytro Zaporozhets · 5c9fefb0 · 78e67fc8 · 78e67fc8 · 78e67fc8
Commit 78e67fc8 authored Nov 02, 2021 by Dmytro Zaporozhets
5 changed files
--- a/app/validators/json_schemas/error_tracking_event_payload.json
+++ b/app/validators/json_schemas/error_tracking_event_payload.json
 {
  "description": "Error tracking event payload",
  "type": "object",
-  "required": [],
+  "required": ["exception"],
  "properties": {
    "environment": {
      "type": "string"
@@ -14,7 +14,7 @@
    },
    "exception": {
      "type": "object",
-      "required": [],
+      "required": ["values"],
      "properties": {
        "values": {
          "type": "array",

--- a/lib/api/error_tracking/collector.rb
+++ b/lib/api/error_tracking/collector.rb
@@ -12,6 +12,10 @@ module API
    content_type :txt, 'text/plain'
    default_format :envelope
+    rescue_from ActiveRecord::RecordInvalid do |e|
+      render_api_error!(e.message, 400)
+    end
    before do
      not_found!('Project') unless project
      not_found! unless feature_enabled?
@@ -50,6 +54,12 @@ module API
          bad_request!('Failed to parse sentry request')
        end
      end
+      def validate_payload(payload)
+        unless ::ErrorTracking::Collector::PayloadValidator.new.valid?(payload)
+          bad_request!('Unsupported sentry payload')
+        end
+      end
    end
    desc 'Submit error tracking event to the project as envelope' do
@@ -88,6 +98,8 @@ module API
      # We don't have use for transaction request yet,
      # so we record only event one.
      if type == 'event'
+        validate_payload(parsed_request[:event])
        ::ErrorTracking::CollectErrorService
          .new(project, nil, event: parsed_request[:event])
          .execute
@@ -125,6 +137,8 @@ module API
        bad_request!('Failed to parse sentry request')
      end
+      validate_payload(parsed_body)
      ::ErrorTracking::CollectErrorService
        .new(project, nil, event: parsed_body)
        .execute

--- a/lib/error_tracking/collector/payload_validator.rb
+++ b/lib/error_tracking/collector/payload_validator.rb
+# frozen_string_literal: true
+module ErrorTracking
+  module Collector
+    class PayloadValidator
+      PAYLOAD_SCHEMA_PATH = Rails.root.join('app', 'validators', 'json_schemas', 'error_tracking_event_payload.json').to_s
+      def valid?(payload)
+        JSONSchemer.schema(Pathname.new(PAYLOAD_SCHEMA_PATH)).valid?(payload)
+      end
+    end
+  end
+end
--- a/spec/lib/error_tracking/collector/payload_validator_spec.rb
+++ b/spec/lib/error_tracking/collector/payload_validator_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe ErrorTracking::Collector::PayloadValidator do
+  describe '#valid?' do
+    RSpec.shared_examples 'valid payload' do
+      it 'returns true' do
+        expect(described_class.new.valid?(payload)).to be_truthy
+      end
+    end
+    RSpec.shared_examples 'invalid payload' do
+      it 'returns false' do
+        expect(described_class.new.valid?(payload)).to be_falsey
+      end
+    end
+    context 'ruby payload' do
+      let(:payload) { Gitlab::Json.parse(fixture_file('error_tracking/parsed_event.json')) }
+      it_behaves_like 'valid payload'
+    end
+    context 'python payload' do
+      let(:payload) { Gitlab::Json.parse(fixture_file('error_tracking/python_event.json')) }
+      it_behaves_like 'valid payload'
+    end
+    context 'browser payload' do
+      let(:payload) { Gitlab::Json.parse(fixture_file('error_tracking/browser_event.json')) }
+      it_behaves_like 'valid payload'
+    end
+    context 'empty payload' do
+      let(:payload) { '' }
+      it_behaves_like 'invalid payload'
+    end
+    context 'invalid payload' do
+      let(:payload) { { 'foo' => 'bar' } }
+      it_behaves_like 'invalid payload'
+    end
+  end
+end
--- a/spec/requests/api/error_tracking/collector_spec.rb
+++ b/spec/requests/api/error_tracking/collector_spec.rb
@@ -136,6 +136,21 @@ RSpec.describe API::ErrorTracking::Collector do
      it_behaves_like 'bad request'
    end
+    context 'body with string instead of json' do
+      let(:params) { '"********"' }
+      it_behaves_like 'bad request'
+    end
+    context 'collector fails with validation error' do
+      before do
+        allow(::ErrorTracking::CollectErrorService)
+          .to receive(:new).and_raise(ActiveRecord::RecordInvalid)
+      end
+      it_behaves_like 'bad request'
+    end
    context 'gzip body' do
      let(:headers) do
        {