Merge pull request #274 from AikidoSec/patch-sentry

Ignore error handlers and add end2end test for Sentry
AikidoSec · Jul 10, 2024 · f71f368 · f71f368
2 parents 4a5dc09 + dddb148
commit f71f368
Show file tree

Hide file tree

Showing 6 changed files with 133 additions and 8 deletions.
diff --git a/library/sources/Express.test.ts b/library/sources/Express.test.ts
@@ -214,6 +214,10 @@ function getApp(userMiddleware = true) {
     res.send({ hello: "world" });
   });
 
+  app.use((error, req, res, next) => {
+    res.status(500).send({ error: error.message });
+  });
+
   return app;
 }
 
@@ -310,7 +314,9 @@ t.test("it counts attacks detected", async (t) => {
 
 t.test("it counts request with error", async (t) => {
   agent.getInspectionStatistics().reset();
-  await request(getApp()).get("/throws");
+  const response = await request(getApp()).get("/throws");
+  t.same(response.statusCode, 500);
+  t.same(response.body, { error: "test" });
   t.match(agent.getInspectionStatistics().getStats(), {
     requests: {
       total: 1,

diff --git a/library/sources/Express.ts b/library/sources/Express.ts
@@ -24,6 +24,11 @@ export class Express implements Wrapper {
         return arg;
       }
 
+      // Ignore error handlers
+      if (arg.length > 3) {
+        return arg;
+      }
+
       return wrapRequestHandler(arg as RequestHandler, agent);
     });
   }

diff --git a/package-lock.json b/package-lock.json
diff --git a/sample-apps/express-mysql/.env-example b/sample-apps/express-mysql/.env-example
@@ -1 +1,2 @@
-AIKIDO_TOKEN="token"
+AIKIDO_TOKEN="token"
+SENTRY_DSN="dsn"
diff --git a/sample-apps/express-mysql/app.js b/sample-apps/express-mysql/app.js
@@ -1,5 +1,12 @@
 require("dotenv").config();
 require("@aikidosec/firewall");
+const Sentry = require("@sentry/node");
+
+Sentry.init({
+  dsn: process.env.SENTRY_DSN,
+  debug: true,
+  tracesSampleRate: 1.0,
+});
 
 const Cats = require("./Cats");
 const express = require("express");
@@ -52,6 +59,7 @@ async function main(port) {
 
   const app = express();
 
+  app.use(Sentry.Handlers.requestHandler());
   app.use(morgan("tiny"));
 
   app.get(
@@ -69,9 +77,7 @@ async function main(port) {
     "/cats",
     express.text({ type: "application/xml" }),
     asyncHandler(async (req, res) => {
-      console.log(req.body);
       const input = xml2js(req.body, { compact: true });
-      console.log(input);
 
       if (!input || !input.cat || !input.cat.name || !input.cat.name._text) {
         return res
@@ -87,6 +93,8 @@ async function main(port) {
     })
   );
 
+  app.use(Sentry.Handlers.errorHandler());
+
   return new Promise((resolve, reject) => {
     try {
       app.listen(port, () => {

diff --git a/sample-apps/express-mysql/package.json b/sample-apps/express-mysql/package.json
@@ -11,6 +11,7 @@
     "express-async-handler": "^1.2.0",
     "morgan": "^1.10.0",
     "mysql": "^2.18.1",
-    "xml-js": "^1.6.11"
+    "xml-js": "^1.6.11",
+    "@sentry/node": "^7"
   }
 }