getsentry / sentry-php Goto Github PK

We need to ensure we coerce all values to valid utf-8 before json_encode

Otherwise it will transform strings to "null" without telling you

We are using Sentry/raven-php in our application to log user actions, such as log in and purchasing. raven-php sends all $_POST data to the sentry server, which includes things like passwords and credit card details in these cases. This is not optimal.

Looking at the source code, there is no way to filter $_POST data before it is sent, or to not send it at all. We do not want to be responsible for storing sensitive client information in our logging application, nor transmitting such information across the internet.

Can some options be added to either disable the sending of $_POST/$_GET/etc data for some requests, or to filter the data that is sent through a user supplied callback?

This leads to a PHP Catchable fatal error

Sample PHP code to demonstrate implode failing on objects

Code

<?php

$data = array(
    "one" => 1,
    "text" => "",
    "obj" => (object) array("key" => "value")
);


var_dump($data);
var_dump(implode($data));

?>

Output

>>> php-implode-fail.php

array(3) {
  ["one"]=>
  int(1)
  ["text"]=>
  string(0) ""
  ["obj"]=>
  object(stdClass)#1 (1) {
    ["key"]=>
    string(5) "value"
  }
}
PHP Catchable fatal error:  Object of class stdClass could not be converted to string in /Users/ram/Desktop/php-implode-fail.php on line 11

Hi!

Stacktraces for exception are missed in Sentry web interface. This is an issue with argument processing of require statement in Raven_Stacktrace.

The result of the following code will converted to array, instead of object in JSON:

// see Raven_Stacktrace::get_frame_context
// https://github.com/getsentry/raven-php/blob/b87bdb0caed236e2f9ea452811cf08954ce6e51a/lib/Raven/Stacktrace.php#L131
return array($frame['args'][0]);

In Python we receive this dictionary:

{ 
    'function': u'require',
    'abs_path': u'system/core/Bootstrap.php',
    'pre_context': [ ... ],
    'vars': [u'system/core/Bootstrap.php'],
    'module': u'Bootstrap.php',
    'filename': u'system/core/Bootstrap.php',
    'lineno': 55,
    'colno': None,
    'in_app': None,
    'data': {},
    'context_line': ...
}

In which type of vars not equal to dict and stacktrace will be discarded in Sentry.

We use Sentry 6.2.0 and raven-php from master.

I received data in PHP with php://input by a ajax request to send json string in POST.

However, Sentry do not display data like $_POST and $_GET

It seems you haven't set up the automatic hook that creates a new package entry on packagist when you push a tag. When I asked you to create a tag you made 0.5.0 but since you don't have the hook setup and and forgot about pushing the force update button on packagist, the package can't be installed when required with composer. Please setup the hook. Thanks!

Hello,

Today my Sentry server went down and so one production website.
They are on two completely different servers.

I restarted Sentry and everything went back to normal so I guess Raven was trying to connect to Sentry and just never timed out until Nginx did...

So is there some sort of way to set a timeout or something?

Thanks.

Hello again!

So last time I rambled about something in the issue comments about a proxy server not working and whatnot, and I've come here to document a potential solution and let it be up in the air as to whether you want to patch this special case.

Here's what's happening.

• raven-php is creating HTTP body to send to Sentry server
• PHP cURL library is used to set a number of headers and then send the request
• PHP cURL automatically sets the Expect: 100-continue header for POST requests
• My lighttpd server was rejecting this unknown (to it) header and returning a 417 HTTP status code
• raven-php was silently failing to send the error log to the Sentry server

The fix is quite simple; roundabout line 346 of lib/Raven/Client.php, after the foreach(), add array_push($new_headers, 'Expect:');. This removes the Expect header and all will be well.

A brief posting on the subject: http://pilif.github.com/2007/02/the-return-of-except-100-continue/

This seems like a pretty special case to me, but if you're interested in putting it in the library I can create a pull request. Thoughts?

Installing from github

And include it in your scripts:

require_once '/path/to/Raven/library/Raven.php';

Actually this file doesn't exist anymore.

I keep getting "Undefined offset: 16" in get_stack_info with version 0.5.1

  public static function get_stack_info($frames, $trace=false, $shiftvars=true, $errcontext = null)
    {
        /**
         * PHP's way of storing backstacks seems bass-ackwards to me
         * 'function' is not the function you're in; it's any function being
         * called, so we have to shift 'function' down by 1. Ugh.
         */    
         $result = array();
         for ($i = 0; $i < count($frames); $i++) {
             $frame = $frames[$i];
             $nextframe = @$frames[$i + 1];

"PHP message: PHP Notice:  Undefined index: HTTP_HOST in /home/.../common/vendor/raven/raven/lib/Raven/Client.php on line 594

https://github.com/getsentry/raven-php/blob/master/lib/Raven/Client.php#L594

Maybe we should check if HTTP_HOST is defined.

The Travis-CI image is red, because one of the three Travis-CI jobs (the one for PHP 5.2) is failing:

https://secure.travis-ci.org/#!/getsentry/raven-php/jobs/611711

I use 2 clients, Raven-JS and Raven-PHP. Raven-JS files all my Javascript errors under the logger "Javascript", while PHP files them under the logger "root".

Is there a way to configure raven-php to use another logger?

In my logs I've been seeing lots of:

PHP Warning: mb_convert_encoding() expects parameter 1 to be string, resource given in vendor/raven/raven/lib/Raven/Serializer.php on line 69

It turned out it was caused by serializeValue() receiving floating point values such as: 149.71428571429

This patch seems to fix it.

--- Serializer.php.orig 2012-12-04 15:40:40.239712000 -0600
+++ Serializer.php      2012-12-05 10:13:54.115712093 -0600
@@ -66,9 +66,9 @@
             return (integer)$value;
         } else {
             if (function_exists('mb_convert_encoding')) {
-                $value = mb_convert_encoding($value, 'UTF-8', 'UTF-8');
+                $value = mb_convert_encoding((string)$value, 'UTF-8', 'UTF-8');
             }
             return (string)$value;
         }
     }

I see theres code for handleFatalError(), is raven-php able to automatically catch fatal errors? I've registered the error handlers using:

// Install error handlers
$error_handler = new Raven_ErrorHandler($client);
$error_handler->registerExceptionHandler();
$error_handler->registerErrorHandler();

Fatal errors still show up in my PHP error log, but nothing shows up in Sentry. (Warnings and notices work).

Is this a problem with my PHP.ini / config, or is it simply not supported?

Thanks.

Hello! Recently, I catch some errors of sentry client library(raven-php) on my project, developed on yii framework:
[25-Oct-2013 12:27:38 Europe/Moscow] PHP Warning: socket_sendto(): unable to write to socket [1]: Операция не позволяется( <- Operation is not permitted) in */protected/extensions/yii-sentry/lib/Raven/Client.php on line 453

It's a phantom error, that appear sometimes, with no any logs and other problems.

There are no checks of socket creation in a code:

        $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
        socket_sendto($sock, $raw_data, strlen($raw_data), 0, $host, $port);
        socket_close($sock);

        return true;

maybe it will be more pleasant to use it, if it will look like:

        $sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
        if ($sock === false) {
            return false;
        }
        $sent = @socket_sendto($sock, $raw_data, strlen($raw_data), 0, $host, $port);
        socket_close($sock);
        return $sent === false;

or something else, with some error processing.

P.S. "@" used only for example!

Thanks.

The Raven_Stacktrace class doesn't handle frame context when frame is a Closure. In this case get_frame_context method throws the uncaught exception on the line:

$reflection = new ReflectionMethod($frame['class'], '__call');

Enviroment:

• PHP 5.4.13
• ZF2-based project

Can an updated tag be created for this repo, the last one 0.5.1 was created 4 months ago and bugs have been fixed since then.
Thanks

I'm been integrating raven-php with a Yii project, which has it's own strack trace handling.

What is the correct way to disable raven-php's stack trace handling? I might even need to pass it the Yii stack trace.

Thanks

composer.json lists license as "Apache License 2", but the license file text is the BSD 3-Clause License

I looked in Client.php and see that there is a check for REQUEST_URI to exist, to not throw errors if we are running from the command line.

Would it be better to check HTTP_HOST for that? When running a command line script in Laravel 4, it seems like Raven threw this error itself, caught it and reported it.

Happy to send a pull request with that, just want to double check if that is an acceptable solution!

Currently curl success is not checked.

I would to able to know in my code if the request to capture an exception has been handled successfully.
I am suggesting something like this in the send_http:

Either by throwing an exception that user has to catch.
(cleaner to me but not very php like)
if(curl_exec($curl) === false)
{
throw new RavenException(curl_error($curl));
}

or returning false (more php like)
$ret = (curl_exec($curl) !== false);
curl_close($curl);
return $ret;

I am working to implement this raven library for my Sentry setup; when I pulled the repo this morning I started with this error:

Notice: Undefined variable: step in /mysite/libs/raven/lib/Raven/Stacktrace.php on line 107

It would seem that instead of $step it should be $frame and indeed that resolves the error. However, I don't really know what's going on in this library so I'm hesitant to patch it myself!

After changing this variable name, I am still unable to get visible errors to push to Sentry, but perhaps that's something else...

Thanks!

It looks like there's cases where we aren't getting the inner frames from a backtrace.

For example:

exception 'CHttpException' with message 'Response for this user already exists' in /var/www/omitted/protected/modules/api/controllers/ResponseController.php:69

Stacktrace (most recent call last):

  File "/var/www/framework.yii.1.1/framework/base/CApplication.php", line 713, in handleException
    $handler->handle($event);
  File "/var/www/framework.yii.1.1/framework/base/CErrorHandler.php", line 130, in handle
    $this->handleException($event->exception);
  File "/var/www/framework.yii.1.1/framework/base/CErrorHandler.php", line 205, in handleException
    $this->render('error',$data);
  File "/var/www/framework.yii.1.1/framework/base/CErrorHandler.php", line 332, in render
    Yii::app()->runController($this->errorAction);
  File "/var/www/framework.yii.1.1/framework/web/CWebApplication.php", line 283, in runController
    $controller->run($actionID);
  File "/var/www/framework.yii.1.1/framework/web/CController.php", line 266, in run
    $this->runActionWithFilters($action,$this->filters());
  File "/var/www/framework.yii.1.1/framework/web/CController.php", line 287, in runActionWithFilters
    $this->runAction($action);
  File "/var/www/framework.yii.1.1/framework/web/CController.php", line 309, in runAction
    if($action->runWithParams($this->getActionParams())===false)
  File "/var/www/framework.yii.1.1/framework/web/actions/CInlineAction.php", line 50, in runWithParams
    return $controller->$methodName();
  File "/var/www/omitted/protected/modules/api/controllers/DefaultController.php", line 14, in actionError
    $this->_sendResponse($code, CJSON::encode($message));
  File "/var/www/omitted/protected/extensions/OneResult/Api/Api_Controller.php", line 140, in _sendResponse
    Yii::app()->end();
  File "/var/www/framework.yii.1.1/framework/base/CApplication.php", line 178, in end
    $this->onEndRequest(new CEvent($this));
  File "/var/www/framework.yii.1.1/framework/base/CApplication.php", line 201, in onEndRequest
    $this->raiseEvent('onEndRequest',$event);
  File "/var/www/framework.yii.1.1/framework/base/CComponent.php", line 559, in raiseEvent
    $object->$method($event);
  File "/var/www/framework.yii.1.1/framework/logging/CLogRouter.php", line 124, in processLogs
    $route->collectLogs($logger,true);
  File "/var/www/framework.yii.1.1/framework/logging/CLogRoute.php", line 97, in collectLogs
    $this->processLogs($this->logs);
  File "/var/www/omitted/protected/components/yii-sentry-log/RSentryLog.php", line 82, in processLogs
    $this->_client->captureMessage($title, array(), $level, true);

Not sure yet if this is an issue with raven-php or the yii-sentry-log extension

What extensions should be enabled in PHP for this plugin to work?

It seems like we could use the curl_multi stuff to do async http requests with fairly large compatibility

http://us3.php.net/manual/en/function.curl-multi-init.php

Is it possible to tag a new version like v0.4.0 ?

When I capture exception and pass it into sentry, in Sentry event page, in tab user, just Authenticated and ID appears, but there is no SESSION data

I use lastest version of raven-php from github and Sentry 5.1.2

When a credit card number is posted as an array, sanitizing would be nice. I'll post a failing test case shortly.

The instruction suggest that you instantiate error reporting using:

set_error_handler(array($error_handler, 'handleError');
set_exception_handler(array($error_handler, 'handleException'));

However, should you not use:

$error_handler->registerExceptionHandler();
$error_handler->registerErrorHandler();

? The latter approach lets you configure which errors are handled, for example, by passing error constants as a second parameter to the registerErrorHandler() function.

While using captureMessage() whith $msg, what contains sql query

DATE_FORMAT( start_date , '%H-%d-%m-%Y' )

raise error "vsprintf(): Too few arguments"

How do I pass the error level?

I wanted to use the user interface, found that the functionality is not covered by a test. Added one. :)

Because functions gzcompress() and base64_encode() require too much memory when handling a memory exhausted fatal error. I should usualy reserve about 2mb of memory to track this errors.

Current master doesn't work in php 5.3.8, because
https://bugs.php.net/bug.php?id=60149 or
https://bugs.php.net/bug.php?id=54054

You can declare php 5.4 as minimum version, but I prefer apply patch

diff --git a/lib/Raven/Client.php b/lib/Raven/Client.php
index 35dbcd0..27f494a 100644
--- a/lib/Raven/Client.php
+++ b/lib/Raven/Client.php
@@ -353,6 +353,9 @@ class Raven_Client
         }

         if (!empty($stack)) {
+            if (!class_exists('Raven_Stacktrace')) { // php bug https://bugs.php.net/bug.php?id=60149
+                spl_autoload_call('Raven_Stacktrace');
+            }
             if (!isset($data['sentry.interfaces.Stacktrace'])) {
                 $data['sentry.interfaces.Stacktrace'] = array(
                     'frames' => Raven_Stacktrace::get_stack_info($stack, $this->trace, $this->shift_vars, $vars),
@@ -381,6 +384,9 @@ class Raven_Client

     public function sanitize(&$data)
     {
+        if (!class_exists('Raven_Serializer')) {  // php bug https://bugs.php.net/bug.php?id=60149
+            spl_autoload_call('Raven_Serializer');
+        }
         $data = Raven_Serializer::serialize($data);
     }

Hello.

Could you tag a new release to get this commit getsentry/raven-php@62701ba in a stable version ?

Thanks

While using captureMessage() whith $stack=false and auto_log_stacks=false
raise error "Undefined index: args" in

$args = (is_array($frame['args']) ? implode(',', $frame['args']) : $frame['args']);

The license file is empty however file headers refer to a license file

Quoting:

• For the full copyright and license information, please view the LICENSE
• file that was distributed with this source code.

In line 301 there is a property referenced $user, but it is _user.

PR follows.

Quick one, issue and fix. I was getting this error from curl.

Expectation Failed

The expectation given in the Expect request-header
field could not be met by this server.
The client sent

Expect: 100-continue

Only the 100-continue expectation is supported.

The quick fix was to add this to your code (line 454 of Client PHP)

      $headers = array(
            'User-Agent' => $client_string,
            'X-Sentry-Auth' => $this->get_auth_header(
                $timestamp, $client_string, $this->public_key,
                $this->secret_key),
            'Content-Type' => 'application/octet-stream',
            'Expect'=>''
        );

http://php.net/manual/en/language.exceptions.extending.php

Proposal to add some easy support of injecting the default handler handler via:

http://php.net/manual/en/function.set-error-handler.php

This seems logical to me, though I'm not a day-to-day PHP guy anymore so it may have its downsides

You re-introduced a problem that was solved before: https://github.com/getsentry/raven-php/pull/76

Now we get a bunch of those again:

When variable is too long it's impossible to send in sentry.

http://www.php.net/manual/en/exception.getprevious.php

Hello,

I have many question about handler exception.

When I execute an exception with this code below, it work, I received an error message to sentry server:
throw new Exception('test');

But if I execute an exception handler from a class with a namespace defined, it not work, I not received an error message to sentry server:
throw new \Exception('test-namespace');

Why there is a difference between Exception and \Exception ?
Can you help me ?

Thank you in advence.

hi,

i get an

Raven_Client->remove_invalid_utf8( )

Don't know how to resolve it...

Can someone help me?

Thank's!