Add test

Author: timfish

dev-packages/node-integration-tests/suites/reporting-api/index.html

@@ -1,20 +1,14 @@
-import * as https from 'https';
-import { loggingTransport } from '@sentry-internal/node-integration-tests';
+import { loggingTransport, startExpressServerAndSendPortToRunner } from '@sentry-internal/node-integration-tests';
 import { defaultStackParser as browserStackParser } from '@sentry/browser';
 import { handleReportingApi } from '@sentry/core';
 import * as Sentry from '@sentry/node';
 
-const __dirname = new URL('.', import.meta.url).pathname;
-
 Sentry.init({
-  debug: true,
   dsn: 'https://[email protected]/1337',
   release: '1.0',
   transport: loggingTransport,
 });
 
-import { readFileSync } from 'fs';
-import { join } from 'path';
 import express from 'express';
 
 const app = express();
@@ -26,33 +20,38 @@ app.post('/reporting-api', async (req, res) => {
   res.sendStatus(200);
 });
 
-const port = 9000;
-
-app.get('/', (req, res) => {
-  const file = readFileSync(join(__dirname, 'index.html'), { encoding: 'utf-8' });
-
-  res.setHeader('Content-Type', 'text/html');
-  res.setHeader(
-    'Reporting-Endpoints',
-    `csp-endpoint="https://localhost:${port}/reporting-api", default="https://localhost:${port}/reporting-api"`,
-  );
-  res.setHeader('Content-Security-Policy', "default-src 'self'; report-to csp-endpoint");
-  res.setHeader(
-    'Origin-Trial',
-    'ApD+E2izWNtaaRBeZ5BXu46aV0l1MSUzJTPERkU3yf+53pAOHj3rARpjb08itVJklPYx7iNEv5//s2dtXUFIvgMAAABzeyJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo5MDAwIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQyMzQyMzk5fQ==',
-  );
-  res.setHeader('Document-Policy', 'include-js-call-stacks-in-crash-reports');
-  res.send(file);
-});
-
-const options = {
-  key: readFileSync(join(__dirname, 'localhost-key.pem')),
-  cert: readFileSync(join(__dirname, 'localhost.pem')),
-};
-
-const server = https.createServer(options, app);
-
-server.listen(port, () => {
-  // eslint-disable-next-line no-console
-  console.log(`{"port":${port}}`);
-});
+startExpressServerAndSendPortToRunner(app);
+
+// Below is to support testing with a browser. We don't test this yet because we don't want to add the overhead of
+// installing playwright to the node-integration-tests. We should consider this in the future.
+
+// const port = 9000;
+
+// app.get('/', (req, res) => {
+//   const file = readFileSync(join(__dirname, 'index.html'), { encoding: 'utf-8' });
+
+//   res.setHeader('Content-Type', 'text/html');
+//   res.setHeader(
+//     'Reporting-Endpoints',
+//     `csp-endpoint="https://localhost:${port}/reporting-api", default="https://localhost:${port}/reporting-api"`,
+//   );
+//   res.setHeader('Content-Security-Policy', "default-src 'self'; report-to csp-endpoint");
+//   res.setHeader('Document-Policy', 'include-js-call-stacks-in-crash-reports');
+//   res.setHeader(
+//     'Origin-Trial',
+//     'ApD+E2izWNtaaRBeZ5BXu46aV0l1MSUzJTPERkU3yf+53pAOHj3rARpjb08itVJklPYx7iNEv5//s2dtXUFIvgMAAABzeyJvcmlnaW4iOiJodHRwczovL2xvY2FsaG9zdDo5MDAwIiwiZmVhdHVyZSI6IkRvY3VtZW50UG9saWN5SW5jbHVkZUpTQ2FsbFN0YWNrc0luQ3Jhc2hSZXBvcnRzIiwiZXhwaXJ5IjoxNzQyMzQyMzk5fQ==',
+//   );
+//   res.send(file);
+// });
+
+// const options = {
+//   key: readFileSync(join(__dirname, 'localhost-key.pem')),
+//   cert: readFileSync(join(__dirname, 'localhost.pem')),
+// };
+
+// const server = https.createServer(options, app);
+
+// server.listen(port, () => {
+//   // eslint-disable-next-line no-console
+//   console.log(`{"port":${port}}`);
+// });

dev-packages/node-integration-tests/suites/reporting-api/localhost-key.pem

@@ -0,0 +1,52 @@
+import { cleanupChildProcesses, createRunner } from '../../utils/runner';
+
+describe('Reporting API', () => {
+  afterAll(() => {
+    cleanupChildProcesses();
+  });
+
+  test('should forward Reporting API requests as raw CSP envelopes', done => {
+    const runner = createRunner(__dirname, 'server.mjs')
+      .expect({
+        raw_security: {
+          'csp-report': {
+            'document-uri': 'https://localhost:9000/',
+            referrer: '',
+            'blocked-uri': 'https://example.com/script.js',
+            'effective-directive': 'script-src-elem',
+            'original-policy': "default-src 'self'; report-to csp-endpoint",
+            disposition: 'enforce',
+            'status-code': 200,
+            status: '200',
+            sample: '',
+          },
+        },
+      })
+      .start(done);
+
+    runner.makeRequest(
+      'post',
+      '/reporting-api',
+      { 'Content-Type': 'application/reports+json' },
+      JSON.stringify([
+        {
+          age: 0,
+          body: {
+            blockedURL: 'https://example.com/script.js',
+            disposition: 'enforce',
+            documentURL: 'https://localhost:9000/',
+            effectiveDirective: 'script-src-elem',
+            originalPolicy: "default-src 'self'; report-to csp-endpoint",
+            referrer: '',
+            sample: '',
+            statusCode: 200,
+          },
+          type: 'csp-violation',
+          url: 'https://localhost:9000/',
+          user_agent:
+            'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36',
+        },
+      ]),
+    );
+  });
+});

dev-packages/node-integration-tests/suites/reporting-api/localhost.pem

@@ -4,6 +4,7 @@ import { join } from 'path';
 import { SDK_VERSION } from '@sentry/node';
 import type {
   ClientReport,
+  DeprecatedCSPReport,
   Envelope,
   EnvelopeItemType,
   Event,
@@ -165,6 +166,9 @@ type Expected =
     }
   | {
       client_report: Partial<ClientReport> | ((event: ClientReport) => void);
+    }
+  | {
+      raw_security: Partial<DeprecatedCSPReport> | ((event: DeprecatedCSPReport) => void);
     };
 
 type ExpectedEnvelopeHeader =
@@ -265,6 +269,7 @@ export function createRunner(...paths: string[]) {
         }
       }
 
+      // eslint-disable-next-line complexity
       function newEnvelope(envelope: Envelope): void {
         for (const item of envelope[1]) {
           const envelopeItemType = item[0].type;
@@ -360,6 +365,17 @@ export function createRunner(...paths: string[]) {
 
               expectCallbackCalled();
             }
+
+            if ('raw_security' in expected) {
+              const rawSecurity = item[1] as DeprecatedCSPReport;
+              if (typeof expected.raw_security === 'function') {
+                expected.raw_security(rawSecurity);
+              } else {
+                expect(rawSecurity).toMatchObject(expected.raw_security);
+              }
+
+              expectCallbackCalled();
+            }
           } catch (e) {
             complete(e as Error);
           }

dev-packages/node-integration-tests/suites/reporting-api/server.mjs

@@ -146,11 +146,10 @@ export function createSpanEnvelope(spans: [SentrySpan, ...SentrySpan[]], client?
 function convertToDeprecatedPayload(report: CSPReportPayload): DeprecatedCSPReport {
   return {
     'csp-report': {
-      'document-uri': report.documentURI,
+      'document-uri': report.documentURI || report.documentURL,
       referrer: report.referrer,
-      'blocked-uri': report.blockedURI,
+      'blocked-uri': report.blockedURI || report.blockedURL,
       'effective-directive': report.effectiveDirective,
-      'violated-directive': report.effectiveDirective,
       'original-policy': report.originalPolicy,
       disposition: report.disposition,
       'status-code': report.statusCode,

dev-packages/node-integration-tests/suites/reporting-api/test.ts

@@ -114,4 +114,4 @@ export { getCurrentHubShim, getCurrentHub } from './getCurrentHubShim';
 
 export { SDK_VERSION } from '@sentry/utils';
 
-export { handleReportingApi, handlerReportingApiRequest } from './reporting';
+export { handleReportingApi } from './reporting';

dev-packages/node-integration-tests/utils/runner.ts

@@ -2,24 +2,6 @@ import type { Event, Report, StackParser } from '@sentry/types';
 import { getClient } from './currentScopes';
 import { createRawSecurityEnvelope } from './envelope';
 
-/** Handles Requests from the Reporting API */
-export async function handlerReportingApiRequest(
-  request: Request,
-  browserStackParser?: StackParser,
-  client = getClient(),
-): Promise<Response> {
-  if (request.method !== 'POST') {
-    return new Response('Expected POST', { status: 405 });
-  }
-
-  if (request.headers.get('Content-Type') !== 'application/reports+json') {
-    return new Response('Expected "application/reports+json" Content-Type', { status: 415 });
-  }
-  const reports = await request.json();
-  await handleReportingApi(reports, browserStackParser, client);
-  return new Response(undefined, { status: 200 });
-}
-
 /** Handles Reports from the Reporting API */
 export async function handleReportingApi(
   reports: Report[],
@@ -56,18 +38,17 @@ export async function handleReportingApi(
         event.message = 'Crashed: Unresponsive';
       }
 
-      if (report.body.stack) {
+      if (report.body.stack && browserStackParser) {
         event.exception = {
           values: [
             {
               type: 'Crashed',
               value: event.message,
-              stacktrace: {
-                ...(browserStackParser && report.body.stack && { frames: browserStackParser(report.body.stack) }),
-              },
+              stacktrace: { frames: browserStackParser(report.body.stack) },
             },
           ],
         };
+
         delete event.message;
       }