actually add files in node lol

Lms24 · Lms24 · commit a40028518481 · 2024-08-02T11:30:48.000+02:00
diff --git a/packages/node/src/utils/meta.ts b/packages/node/src/utils/meta.ts
@@ -0,0 +1,84 @@
+import {
+  getDynamicSamplingContextFromClient,
+  getDynamicSamplingContextFromSpan,
+  getRootSpan,
+  spanToTraceHeader,
+} from '@sentry/core';
+import type { Client, Scope, Span } from '@sentry/types';
+import {
+  TRACEPARENT_REGEXP,
+  dynamicSamplingContextToSentryBaggageHeader,
+  generateSentryTraceHeader,
+  logger,
+} from '@sentry/utils';
+
+/**
+ * Extracts the tracing data from the current span or from the client's scope (via transaction or propagation context)
+ * and serializes the data to <meta> tag contents.
+ *
+ * Use this function to obtain the tracing meta tags you can inject when rendering an HTML response to continue
+ * the server-initiated trace on the client.
+ *
+ * @param span the currently active span
+ * @param client the SDK's client
+ *
+ * @returns an object with the two meta tags. The object keys are the name of the meta tag,
+ * the respective value is the content.
+ */
+export function getTracingMetaTags(
+  span: Span | undefined,
+  scope: Scope,
+  client: Client | undefined,
+): { 'sentry-trace': string; baggage?: string } {
+  const { dsc, sampled, traceId } = scope.getPropagationContext();
+  const rootSpan = span && getRootSpan(span);
+
+  const sentryTrace = span ? spanToTraceHeader(span) : generateSentryTraceHeader(traceId, undefined, sampled);
+
+  const dynamicSamplingContext = rootSpan
+    ? getDynamicSamplingContextFromSpan(rootSpan)
+    : dsc
+      ? dsc
+      : client
+        ? getDynamicSamplingContextFromClient(traceId, client)
+        : undefined;
+
+  const baggage = dynamicSamplingContextToSentryBaggageHeader(dynamicSamplingContext);
+
+  const isValidSentryTraceHeader = TRACEPARENT_REGEXP.test(sentryTrace);
+  if (!isValidSentryTraceHeader) {
+    logger.warn('Invalid sentry-trace data. Returning empty "sentry-trace" meta tag');
+  }
+
+  const validBaggage = isValidBaggageString(baggage);
+  if (!validBaggage) {
+    logger.warn('Invalid baggage data. Not returning "baggage" meta tag');
+  }
+
+  return {
+    'sentry-trace': isValidSentryTraceHeader ? sentryTrace : '',
+    ...(validBaggage && { baggage }),
+  };
+}
+
+/**
+ * Tests string against baggage spec as defined in:
+ *
+ * - W3C Baggage grammar: https://www.w3.org/TR/baggage/#definition
+ * - RFC7230 token definition: https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6
+ *
+ * exported for testing
+ */
+export function isValidBaggageString(baggage?: string): boolean {
+  if (!baggage || !baggage.length) {
+    return false;
+  }
+  const keyRegex = "[-!#$%&'*+.^_`|~A-Za-z0-9]+";
+  const valueRegex = '[!#-+-./0-9:<=>?@A-Z\\[\\]a-z{-}]+';
+  const spaces = '\\s*';
+  // eslint-disable-next-line @sentry-internal/sdk/no-regexp-constructor -- RegExp for readability, no user input
+  const baggageRegex = new RegExp(
+    `^${keyRegex}${spaces}=${spaces}${valueRegex}(${spaces},${spaces}${keyRegex}${spaces}=${spaces}${valueRegex})*$`,
+  );
+  return baggageRegex.test(baggage);
+}
diff --git a/packages/node/test/utils/meta.test.ts b/packages/node/test/utils/meta.test.ts
@@ -0,0 +1,188 @@
+import * as SentryCore from '@sentry/core';
+import { SentrySpan } from '@sentry/core';
+
+import { getTracingMetaTags, isValidBaggageString } from '../../src/utils/meta';
+
+const TRACE_FLAG_SAMPLED = 1;
+
+const mockedSpan = new SentrySpan({
+  traceId: '12345678901234567890123456789012',
+  spanId: '1234567890123456',
+  sampled: true,
+});
+
+const mockedClient = {} as any;
+
+const mockedScope = {
+  getPropagationContext: () => ({
+    traceId: '123',
+  }),
+} as any;
+
+describe('getTracingMetaTags', () => {
+  it('returns the tracing meta tags from the span, if it is provided', () => {
+    {
+      jest.spyOn(SentryCore, 'getDynamicSamplingContextFromSpan').mockReturnValueOnce({
+        environment: 'production',
+      });
+
+      const tags = getTracingMetaTags(mockedSpan, mockedScope, mockedClient);
+
+      expect(tags).toEqual({
+        'sentry-trace': '12345678901234567890123456789012-1234567890123456-1',
+        baggage: 'sentry-environment=production',
+      });
+    }
+  });
+
+  it('returns propagationContext DSC data if no span is available', () => {
+    const tags = getTracingMetaTags(
+      undefined,
+      {
+        getPropagationContext: () => ({
+          traceId: '12345678901234567890123456789012',
+          sampled: true,
+          spanId: '1234567890123456',
+          dsc: {
+            environment: 'staging',
+            public_key: 'key',
+            trace_id: '12345678901234567890123456789012',
+          },
+        }),
+      } as any,
+      mockedClient,
+    );
+
+    expect(tags).toEqual({
+      'sentry-trace': expect.stringMatching(/12345678901234567890123456789012-(.{16})-1/),
+      baggage: 'sentry-environment=staging,sentry-public_key=key,sentry-trace_id=12345678901234567890123456789012',
+    });
+  });
+
+  it('returns only the `sentry-trace` tag if no DSC is available', () => {
+    jest.spyOn(SentryCore, 'getDynamicSamplingContextFromClient').mockReturnValueOnce({
+      trace_id: '',
+      public_key: undefined,
+    });
+
+    const tags = getTracingMetaTags(
+      // @ts-expect-error - we don't need to provide all the properties
+      {
+        isRecording: () => true,
+        spanContext: () => {
+          return {
+            traceId: '12345678901234567890123456789012',
+            spanId: '1234567890123456',
+            traceFlags: TRACE_FLAG_SAMPLED,
+          };
+        },
+      },
+      mockedScope,
+      mockedClient,
+    );
+
+    expect(tags).toEqual({
+      'sentry-trace': '12345678901234567890123456789012-1234567890123456-1',
+    });
+  });
+
+  it('returns only the `sentry-trace` tag if no DSC is available without a client', () => {
+    jest.spyOn(SentryCore, 'getDynamicSamplingContextFromClient').mockReturnValueOnce({
+      trace_id: '',
+      public_key: undefined,
+    });
+
+    const tags = getTracingMetaTags(
+      // @ts-expect-error - we don't need to provide all the properties
+      {
+        isRecording: () => true,
+        spanContext: () => {
+          return {
+            traceId: '12345678901234567890123456789012',
+            spanId: '1234567890123456',
+            traceFlags: TRACE_FLAG_SAMPLED,
+          };
+        },
+      },
+      mockedScope,
+      undefined,
+    );
+
+    expect(tags).toEqual({
+      'sentry-trace': '12345678901234567890123456789012-1234567890123456-1',
+    });
+    expect('baggage' in tags).toBe(false);
+  });
+});
+
+describe('isValidBaggageString', () => {
+  it.each([
+    'sentry-environment=production',
+    'sentry-environment=staging,sentry-public_key=key,sentry-trace_id=abc',
+    // @ is allowed in values
+    'sentry-release=project@1.0.0',
+    // spaces are allowed around the delimiters
+    'sentry-environment=staging ,   sentry-public_key=key  ,sentry-release=myproject@1.0.0',
+    'sentry-environment=staging ,   thirdparty=value  ,sentry-release=myproject@1.0.0',
+    // these characters are explicitly allowed for keys in the baggage spec:
+    "!#$%&'*+-.^_`|~1234567890abcxyzABCXYZ=true",
+    // special characters in values are fine (except for ",;\ - see other test)
+    'key=(value)',
+    'key=[{(value)}]',
+    'key=some$value',
+    'key=more#value',
+    'key=max&value',
+    'key=max:value',
+    'key=x=value',
+  ])('returns true if the baggage string is valid (%s)', baggageString => {
+    expect(isValidBaggageString(baggageString)).toBe(true);
+  });
+
+  it.each([
+    // baggage spec doesn't permit leading spaces
+    ' sentry-environment=production,sentry-publickey=key,sentry-trace_id=abc',
+    // no spaces in keys or values
+    'sentry-public key=key',
+    'sentry-publickey=my key',
+    // no delimiters ("(),/:;<=>?@[\]{}") in keys
+    'asdf(x=value',
+    'asdf)x=value',
+    'asdf,x=value',
+    'asdf/x=value',
+    'asdf:x=value',
+    'asdf;x=value',
+    'asdf<x=value',
+    'asdf>x=value',
+    'asdf?x=value',
+    'asdf@x=value',
+    'asdf[x=value',
+    'asdf]x=value',
+    'asdf\\x=value',
+    'asdf{x=value',
+    'asdf}x=value',
+    // no ,;\" in values
+    'key=va,lue',
+    'key=va;lue',
+    'key=va\\lue',
+    'key=va"lue"',
+    // baggage headers can have properties but we currently don't support them
+    'sentry-environment=production;prop1=foo;prop2=bar,nextkey=value',
+    // no fishy stuff
+    'absolutely not a valid baggage string',
+    'val"/><script>alert("xss")</script>',
+    'something"/>',
+    '<script>alert("xss")</script>',
+    '/>',
+    '" onblur="alert("xss")',
+  ])('returns false if the baggage string is invalid (%s)', baggageString => {
+    expect(isValidBaggageString(baggageString)).toBe(false);
+  });
+
+  it('returns false if the baggage string is empty', () => {
+    expect(isValidBaggageString('')).toBe(false);
+  });
+
+  it('returns false if the baggage string is empty', () => {
+    expect(isValidBaggageString(undefined)).toBe(false);
+  });
+});
