fix: Properly sanitize the event context and SDK info (#1943)

We now properly sanitize the event context and SDK info, fixing the problem where using a `Date` in the context dictionary caused serialization issues and the context to be removed completely.

Author: kevinrenskers

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## Unreleased
+
+### Fixes
+
+- Properly sanitize the event context and SDK information (#1943)
+
 ## 7.20.0
 
 ### Features

Sources/Sentry/SentryEnvelope.m

@@ -101,49 +101,23 @@ - (instancetype)initWithEvent:(SentryEvent *)event
     NSData *json = [SentrySerialization dataWithJSONObject:[event serialize] error:&error];
 
     if (nil != error) {
-        // It could be the user added something to the context or the sdk that can't serialized.
-        event.context = nil;
-        event.sdk = nil;
-        error = nil;
-        [SentrySerialization dataWithJSONObject:[event serialize] error:&error];
-
-        // The context or the sdk was the problem for serialization. Add a breadcrumb that we are
-        // dropping the context and the sdk.
-        if (nil == error) {
-            NSMutableArray<SentryBreadcrumb *> *breadcrumbs = [event.breadcrumbs mutableCopy];
-            if (nil == breadcrumbs) {
-                breadcrumbs = [[NSMutableArray alloc] init];
-            }
-
-            SentryBreadcrumb *crumb = [[SentryBreadcrumb alloc] initWithLevel:kSentryLevelError
-                                                                     category:@"sentry.event"];
-            crumb.message = @"A value set to the context or sdk is not serializable. Dropping "
-                            @"context and sdk.";
-            crumb.type = @"error";
-            [breadcrumbs addObject:crumb];
-            event.breadcrumbs = breadcrumbs;
-
-            json = [SentrySerialization dataWithJSONObject:[event serialize] error:nil];
-        } else {
-            // We don't know what caused the serialization to fail.
-            SentryEvent *errorEvent = [[SentryEvent alloc] initWithLevel:kSentryLevelWarning];
-
-            // Add some context to the event. We can only set simple properties otherwise we
-            // risk that the conversion fails again.
-            NSString *message =
-                [NSString stringWithFormat:@"JSON conversion error for event with message: '%@'",
-                          event.message];
-
-            errorEvent.message = [[SentryMessage alloc] initWithFormatted:message];
-            errorEvent.releaseName = event.releaseName;
-            errorEvent.environment = event.environment;
-            errorEvent.platform = event.platform;
-            errorEvent.timestamp = event.timestamp;
-
-            // We accept the risk that this simple serialization fails. Therefore we ignore the
-            // error on purpose.
-            json = [SentrySerialization dataWithJSONObject:[errorEvent serialize] error:nil];
-        }
+        // We don't know what caused the serialization to fail.
+        SentryEvent *errorEvent = [[SentryEvent alloc] initWithLevel:kSentryLevelWarning];
+
+        // Add some context to the event. We can only set simple properties otherwise we
+        // risk that the conversion fails again.
+        NSString *message = [NSString
+            stringWithFormat:@"JSON conversion error for event with message: '%@'", event.message];
+
+        errorEvent.message = [[SentryMessage alloc] initWithFormatted:message];
+        errorEvent.releaseName = event.releaseName;
+        errorEvent.environment = event.environment;
+        errorEvent.platform = event.platform;
+        errorEvent.timestamp = event.timestamp;
+
+        // We accept the risk that this simple serialization fails. Therefore we ignore the
+        // error on purpose.
+        json = [SentrySerialization dataWithJSONObject:[errorEvent serialize] error:nil];
     }
 
     // event.type can be nil and the server infers error if there's a stack trace, otherwise

Sources/Sentry/SentryEvent.m

@@ -118,7 +118,7 @@ - (void)addThreads:(NSMutableDictionary *)serializedData
 
 - (void)addSimpleProperties:(NSMutableDictionary *)serializedData
 {
-    [serializedData setValue:self.sdk forKey:@"sdk"];
+    [serializedData setValue:[self.sdk sentry_sanitize] forKey:@"sdk"];
     [serializedData setValue:self.releaseName forKey:@"release"];
     [serializedData setValue:self.dist forKey:@"dist"];
     [serializedData setValue:self.environment forKey:@"environment"];
@@ -138,7 +138,7 @@ - (void)addSimpleProperties:(NSMutableDictionary *)serializedData
 
     [serializedData setValue:[self serializeBreadcrumbs] forKey:@"breadcrumbs"];
 
-    [serializedData setValue:self.context forKey:@"contexts"];
+    [serializedData setValue:[self.context sentry_sanitize] forKey:@"contexts"];
 
     if (nil != self.message) {
         [serializedData setValue:[self.message serialize] forKey:@"message"];

Tests/SentryTests/Protocol/SentryEnvelopeTests.swift

@@ -36,37 +36,18 @@ class SentryEnvelopeTests: XCTestCase {
             event.message = SentryMessage(formatted: "Don't do this")
             event.releaseName = "releaseName1.0.0"
             event.environment = "save the environment"
-            event.sdk = ["version": sdkVersion]
-            return event
-        }
-
-        var eventWithFaultyContext: Event {
-            let event = self.event
-            event.context = ["dont": ["dothis": Date()]]
-            return event
-        }
-
-        var eventWithFaultySDK: Event {
-            let event = self.event
-            event.sdk = ["dont": ["dothis": Date()]]
-            return event
-        }
-
-        var eventWithFaultyContextAndBreadrumb: Event {
-            let event = eventWithFaultyContext
-            event.breadcrumbs = [breadcrumb]
+            event.sdk = ["version": sdkVersion, "date": Date()]
             return event
         }
 
         var eventWithContinousSerializationFailure: Event {
-            let event = EventSerilazationFailure()
+            let event = EventSerializationFailure()
             event.message = SentryMessage(formatted: "Failure")
             event.releaseName = "release"
             event.environment = "environment"
             event.platform = "platform"
             return event
         }
-        
     }
 
     private let fixture = Fixture()
@@ -204,49 +185,6 @@ class SentryEnvelopeTests: XCTestCase {
         XCTAssertEqual(expected, actual)
     }
 
-    func testInitWithEvent_FaultyContextNoBreadcrumbs_SendsEventWithBreadcrumb() {
-        let event = fixture.eventWithFaultyContext
-        let envelope = SentryEnvelope(event: event)
-
-        XCTAssertEqual(1, envelope.items.count)
-        XCTAssertNotNil(envelope.items.first?.data)
-        if let data = envelope.items.first?.data {
-            let json = String(data: data, encoding: .utf8) ?? ""
-            assertContainsBreadcrumbForDroppingContextAndSDK(json)
-            assertEventDoesNotContainContext(json)
-        }
-    }
-
-    func testInitWithEvent_FaultySDKNoBreadcrumbs_SendsEventWithBreadcrumb() {
-        let event = fixture.eventWithFaultySDK
-        let envelope = SentryEnvelope(event: event)
-
-        XCTAssertEqual(1, envelope.items.count)
-        XCTAssertNotNil(envelope.items.first?.data)
-        if let data = envelope.items.first?.data {
-            let json = String(data: data, encoding: .utf8) ?? ""
-            assertContainsBreadcrumbForDroppingContextAndSDK(json)
-            assertEventDoesNotContainContext(json)
-        }
-    }
-
-    func testInitWithEvent_FaultyContextAndBreadcrumb_SendsEventWithBreadcrumbs() {
-        let event = fixture.eventWithFaultyContextAndBreadrumb
-
-        let envelope = SentryEnvelope(event: event)
-
-        XCTAssertEqual(1, envelope.items.count)
-        XCTAssertNotNil(envelope.items.first?.data)
-        if let data = envelope.items.first?.data {
-            let json = String(data: data, encoding: .utf8) ?? ""
-
-            assertContainsBreadcrumbForDroppingContextAndSDK(json)
-            assertEventDoesNotContainContext(json)
-
-            json.assertContains(fixture.breadcrumb.message!, "breadrumb message")
-        }
-    }
-
     func testInitWithEvent_SerializationFails_SendsEventWithSerializationFailure() {
         let event = fixture.eventWithContinousSerializationFailure
         let envelope = SentryEnvelope(event: event)
@@ -348,19 +286,11 @@ class SentryEnvelopeTests: XCTestCase {
         }
     }
 
-    private func assertContainsBreadcrumbForDroppingContextAndSDK(_ json: String) {
-        json.assertContains("A value set to the context or sdk is not serializable. Dropping context and sdk.", "breadcrumb message")
-
-        json.assertContains("\"category\":\"sentry.event\"", "breadcrumb category")
-        json.assertContains("\"type\":\"error\"", "breadcrumb type")
-        json.assertContains("\"level\":\"error\"", "breadcrumb level")
-    }
-
     private func assertEventDoesNotContainContext(_ json: String) {
         XCTAssertFalse(json.contains("\"contexts\":{"))
     }
 
-    private class EventSerilazationFailure: Event {
+    private class EventSerializationFailure: Event {
         override func serialize() -> [String: Any] {
             return ["is going": ["to fail": Date()]]
         }

Tests/SentryTests/Protocol/SentryEventTests.swift

@@ -47,8 +47,10 @@ class SentryEventTests: XCTestCase {
         XCTAssertEqual(1, crumbs?.count)
 
         let context = actual["contexts"] as? [String: [String: Any]]
-        XCTAssertEqual(1, context?.count)
-        XCTAssertEqual(TestData.context["context"], context?["context"] as? [String: String])
+        XCTAssertEqual(context?.count, 1)
+        XCTAssertEqual(context?["context"]?.count, 2)
+        XCTAssertEqual(context?["context"]?["c"] as! String, "a")
+        XCTAssertEqual(context?["context"]?["date"] as! String, "1970-01-01T00:00:10.000Z")
 
         XCTAssertNotNil(actual["message"] as? [String: Any])
 

Tests/SentryTests/Protocol/TestData.swift

@@ -12,7 +12,7 @@ class TestData {
         }
     }
     static let sdk = ["name": SentryMeta.sdkName, "version": SentryMeta.versionString]
-    static let context = ["context": ["c": "a"]]
+    static let context = ["context": ["c": "a", "date": timestamp]]
 
     static var crumb: Breadcrumb {
         let crumb = Breadcrumb()