Merge branch 'main' into fix/#3545

bricefriha · bricefriha · commit 3cd6f48b4403 · 2024-11-13T13:02:09.000Z
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -212,7 +212,7 @@ jobs:
           java-version: '17'
 
       - name: Setup Android SDK
-        uses: android-actions/setup-android@00854ea68c109d98c75d956347303bf7c45b0277 # v3.2.1
+        uses: android-actions/setup-android@9fc6c4e9069bf8d3d10b2204b1fb8f6ef7065407 # v3.2.2
 
       - run: dotnet workload install android maui-android
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,12 +5,13 @@
 ### Fixes
 
 - prevent event duplication and missing attachements when `JavaBackgroundThread` crashes occur ([#3756](https://github.com/getsentry/sentry-dotnet/pull/3756))
+- Fixed ArgumentNullException in FormRequestPayloadExtractor when handling invalid form data on ASP.NET ([#3734](https://github.com/getsentry/sentry-dotnet/pull/3734))
 
 ### Dependencies
 
 - Bump Cocoa SDK from v8.36.0 to v8.39.0 ([#3727](https://github.com/getsentry/sentry-dotnet/pull/3727))
-    - [changelog](https://github.com/getsentry/sentry-cocoa/blob/main/CHANGELOG.md#8390)
-    - [diff](https://github.com/getsentry/sentry-cocoa/compare/8.36.0...8.39.0)
+  - [changelog](https://github.com/getsentry/sentry-cocoa/blob/main/CHANGELOG.md#8390)
+  - [diff](https://github.com/getsentry/sentry-cocoa/compare/8.36.0...8.39.0)
 - Bump Native SDK from v0.7.11 to v0.7.12 ([#3731](https://github.com/getsentry/sentry-dotnet/pull/3731))
   - [changelog](https://github.com/getsentry/sentry-native/blob/master/CHANGELOG.md#0712)
   - [diff](https://github.com/getsentry/sentry-native/compare/0.7.11...0.7.12)
diff --git a/src/Sentry.AspNet/Internal/SystemWebHttpRequest.cs b/src/Sentry.AspNet/Internal/SystemWebHttpRequest.cs
@@ -1,3 +1,4 @@
+using System.Collections.Specialized;
 using Sentry.Extensibility;
 
 namespace Sentry.AspNet.Internal;
@@ -12,8 +13,19 @@ internal class SystemWebHttpRequest : IHttpRequest
 
     public Stream? Body => _request?.InputStream;
 
-    public IEnumerable<KeyValuePair<string, IEnumerable<string>>>? Form
-        => _request.Form.AllKeys.Select(kv => new KeyValuePair<string, IEnumerable<string>>(kv, _request.Form.GetValues(kv)));
+    public IEnumerable<KeyValuePair<string, IEnumerable<string>>>? Form => GetFormData(_request.Form);
 
     public SystemWebHttpRequest(HttpRequest request) => _request = request;
+
+    internal static IEnumerable<KeyValuePair<string, IEnumerable<string>>> GetFormData(NameValueCollection formdata)
+    {
+        return StripNulls(formdata.AllKeys).Select(key => new KeyValuePair<string, IEnumerable<string>>(
+            key, StripNulls(formdata.GetValues(key)
+            )));
+
+        // Poorly constructed form submissions can result in null keys/values on .NET Framework.
+        // See: https://github.com/getsentry/sentry-dotnet/issues/3701
+        IEnumerable<string> StripNulls(IEnumerable<string>? values) => values?.Where(x => x is not null) ?? [];
+    }
+
 }
diff --git a/src/Sentry.Bindings.Cocoa/Sentry.Bindings.Cocoa.csproj b/src/Sentry.Bindings.Cocoa/Sentry.Bindings.Cocoa.csproj
@@ -91,6 +91,7 @@
   <!-- Generate bindings -->
   <Target Name="_GenerateSentryCocoaBindings" AfterTargets="SetupCocoaSDK"
           Condition="$([MSBuild]::IsOSPlatform('OSX')) and Exists('$(SentryCocoaFrameworkHeaders)')"
+          Inputs="../../modules/sentry-cocoa.properties"
           Outputs="ApiDefinitions.cs;StructsAndEnums.cs">
     <MSBuild Projects="$(MSBuildProjectFile)" Targets="_InnerGenerateSentryCocoaBindings" Properties="TargetFramework=once" />
   </Target>
diff --git a/src/Sentry/Extensibility/FormRequestPayloadExtractor.cs b/src/Sentry/Extensibility/FormRequestPayloadExtractor.cs
@@ -10,9 +10,9 @@ public class FormRequestPayloadExtractor : BaseRequestPayloadExtractor
     /// <summary>
     /// Supports <see cref="IHttpRequest"/> with content type application/x-www-form-urlencoded.
     /// </summary>
-    protected override bool IsSupported(IHttpRequest request)
-        => SupportedContentType
-            .Equals(request.ContentType, StringComparison.InvariantCulture);
+    protected override bool IsSupported(IHttpRequest request) =>
+        SupportedContentType.Equals(request.ContentType, StringComparison.InvariantCulture)
+        || (request.ContentType?.StartsWith($"{SupportedContentType};", StringComparison.InvariantCulture) == true);
 
     /// <summary>
     /// Extracts the request form data as a dictionary.
diff --git a/test/Sentry.AspNet.Tests/Internal/SystemWebHttpRequestTests.cs b/test/Sentry.AspNet.Tests/Internal/SystemWebHttpRequestTests.cs
@@ -0,0 +1,48 @@
+using System.Collections.Specialized;
+using Sentry.AspNet.Internal;
+
+namespace Sentry.AspNet.Tests.Internal;
+
+public class SystemWebHttpRequestTests
+{
+    [Fact]
+    public void GetFormData_GoodData_ReturnsCorrectValues()
+    {
+        // Arrange
+        var formCollection = new NameValueCollection
+        {
+            { "key1", "value1" },
+            { "key2", "value2" }
+        };
+
+        // Act
+        var form = SystemWebHttpRequest.GetFormData(formCollection).ToDict();
+
+        // Assert
+        form.Should().NotBeNull();
+        form.Should().Contain(kvp => kvp.Key == "key1" && kvp.Value.Contains("value1"));
+        form.Should().Contain(kvp => kvp.Key == "key2" && kvp.Value.Contains("value2"));
+    }
+
+    [Fact]
+    public void GetFormData_BadData_ReturnsCorrectValues()
+    {
+        // Arrange
+        var formCollection = new NameValueCollection
+        {
+            { "key1", "value1" },
+            { "key2", "value2" },
+            { null, "badkey" },
+            { "badvalue", null },
+            { null, null }
+        };
+
+        // Act
+        var form = SystemWebHttpRequest.GetFormData(formCollection).ToDict();
+
+        // Assert
+        form.Should().NotBeNull();
+        form.Should().Contain(kvp => kvp.Key == "key1" && kvp.Value.Contains("value1"));
+        form.Should().Contain(kvp => kvp.Key == "key2" && kvp.Value.Contains("value2"));
+    }
+}
diff --git a/test/Sentry.AspNetCore.Tests/BaseRequestPayloadExtractorTests.cs b/test/Sentry.AspNetCore.Tests/BaseRequestPayloadExtractorTests.cs
@@ -32,6 +32,7 @@ public void ExtractPayload_OriginalStreamPosition_Reset()
     {
         const int originalPosition = 100;
         _ = TestFixture.Stream.Position.Returns(originalPosition);
+        TestFixture.HttpRequestCore.ContentType.Returns(SupportedContentType);
 
         var sut = TestFixture.GetSut();
 
@@ -40,6 +41,8 @@ public void ExtractPayload_OriginalStreamPosition_Reset()
         TestFixture.Stream.Received().Position = originalPosition;
     }
 
+    protected abstract string SupportedContentType { get; }
+
     [Fact]
     public void ExtractPayload_OriginalStream_NotClosed()
     {
diff --git a/test/Sentry.AspNetCore.Tests/DefaultRequestPayloadExtractorTests.cs b/test/Sentry.AspNetCore.Tests/DefaultRequestPayloadExtractorTests.cs
@@ -2,6 +2,8 @@ namespace Sentry.AspNetCore.Tests;
 
 public class DefaultRequestPayloadExtractorTests : BaseRequestPayloadExtractorTests<DefaultRequestPayloadExtractor>
 {
+    protected override string SupportedContentType => string.Empty;
+
     [Fact]
     public void ExtractPayload_StringData_ReadCorrectly()
     {
diff --git a/test/Sentry.AspNetCore.Tests/FormRequestPayloadExtractorTests.cs b/test/Sentry.AspNetCore.Tests/FormRequestPayloadExtractorTests.cs
@@ -5,15 +5,20 @@ namespace Sentry.AspNetCore.Tests;
 
 public class FormRequestPayloadExtractorTests : BaseRequestPayloadExtractorTests<FormRequestPayloadExtractor>
 {
+    protected override string SupportedContentType => "application/x-www-form-urlencoded";
+
     public FormRequestPayloadExtractorTests()
     {
         TestFixture = new Fixture();
-        _ = TestFixture.HttpRequest.ContentType.Returns("application/x-www-form-urlencoded");
     }
 
-    [Fact]
-    public void ExtractPayload_SupportedContentType_ReadForm()
+    [Theory]
+    [InlineData("application/x-www-form-urlencoded")]
+    [InlineData("application/x-www-form-urlencoded; charset=utf-8")]
+    public void ExtractPayload_SupportedContentType_ReadForm(string contentType)
     {
+        TestFixture.HttpRequest.ContentType.Returns(contentType);
+
         var expected = new Dictionary<string, StringValues> { { "key", new StringValues("val") } };
         var f = new FormCollection(expected);
         _ = TestFixture.HttpRequestCore.Form.Returns(f);
@@ -32,7 +37,7 @@ public void ExtractPayload_SupportedContentType_ReadForm()
     [Fact]
     public void ExtractPayload_UnsupportedContentType_DoesNotReadStream()
     {
-        _ = TestFixture.HttpRequest.ContentType.Returns("application/json");
+        TestFixture.HttpRequest.ContentType.Returns("application/json");
 
         var sut = TestFixture.GetSut();
 

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ public void ExtractPayload_OriginalStreamPosition_Reset()`
`32`	`32`	`{`
`33`	`33`	`const int originalPosition = 100;`
`34`	`34`	`_ = TestFixture.Stream.Position.Returns(originalPosition);`
	`35`	`+ TestFixture.HttpRequestCore.ContentType.Returns(SupportedContentType);`
`35`	`36`
`36`	`37`	`var sut = TestFixture.GetSut();`
`37`	`38`
`@@ -40,6 +41,8 @@ public void ExtractPayload_OriginalStreamPosition_Reset()`
`40`	`41`	`TestFixture.Stream.Received().Position = originalPosition;`
`41`	`42`	`}`
`42`	`43`
	`44`	`+ protected abstract string SupportedContentType { get; }`
	`45`	`+`
`43`	`46`	`[Fact]`
`44`	`47`	`public void ExtractPayload_OriginalStream_NotClosed()`
`45`	`48`	`{`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@ namespace Sentry.AspNetCore.Tests;`
`2`	`2`
`3`	`3`	`public class DefaultRequestPayloadExtractorTests : BaseRequestPayloadExtractorTests<DefaultRequestPayloadExtractor>`
`4`	`4`	`{`
	`5`	`+ protected override string SupportedContentType => string.Empty;`
	`6`	`+`
`5`	`7`	`[Fact]`
`6`	`8`	`public void ExtractPayload_StringData_ReadCorrectly()`
`7`	`9`	`{`
Original file line number	Diff line number	Diff line change
`@@ -5,15 +5,20 @@ namespace Sentry.AspNetCore.Tests;`
`5`	`5`
`6`	`6`	`public class FormRequestPayloadExtractorTests : BaseRequestPayloadExtractorTests<FormRequestPayloadExtractor>`
`7`	`7`	`{`
	`8`	`+ protected override string SupportedContentType => "application/x-www-form-urlencoded";`
	`9`	`+`
`8`	`10`	`public FormRequestPayloadExtractorTests()`
`9`	`11`	`{`
`10`	`12`	`TestFixture = new Fixture();`
`11`		`- _ = TestFixture.HttpRequest.ContentType.Returns("application/x-www-form-urlencoded");`
`12`	`13`	`}`
`13`	`14`
`14`		`- [Fact]`
`15`		`- public void ExtractPayload_SupportedContentType_ReadForm()`
	`15`	`+ [Theory]`
	`16`	`+ [InlineData("application/x-www-form-urlencoded")]`
	`17`	`+ [InlineData("application/x-www-form-urlencoded; charset=utf-8")]`
	`18`	`+ public void ExtractPayload_SupportedContentType_ReadForm(string contentType)`
`16`	`19`	`{`
	`20`	`+ TestFixture.HttpRequest.ContentType.Returns(contentType);`
	`21`	`+`
`17`	`22`	`var expected = new Dictionary<string, StringValues> { { "key", new StringValues("val") } };`
`18`	`23`	`var f = new FormCollection(expected);`
`19`	`24`	`_ = TestFixture.HttpRequestCore.Form.Returns(f);`
`@@ -32,7 +37,7 @@ public void ExtractPayload_SupportedContentType_ReadForm()`
`32`	`37`	`[Fact]`
`33`	`38`	`public void ExtractPayload_UnsupportedContentType_DoesNotReadStream()`
`34`	`39`	`{`
`35`		`- _ = TestFixture.HttpRequest.ContentType.Returns("application/json");`
	`40`	`+ TestFixture.HttpRequest.ContentType.Returns("application/json");`
`36`	`41`
`37`	`42`	`var sut = TestFixture.GetSut();`
`38`	`43`