Fix Sentry tracking of SQL queries
What does this MR do?
This is a follow-up to !45975 (merged) so that we could also track SQL queries when the exception happens in controllers / views.
The previous solution only worked if we explicitly called Gitlab::ErrorTracking#process_exception
. This works in the API / Grape because we do this in https://gitlab.com/gitlab-org/gitlab/blob/cfaea0341c60a8b18016629bf15e8e4d0948a777/lib/api/helpers.rb#L469.
But for Rails controllers / views, these are already caught automatically by sentry-raven
and do not go through the Gitlab::ErrorTracking
methods.
So this MR moves the SQL injection logic to the before_send
hook.
This also checks exception.cause
for cases where the exception is wrapped by another one. This happens when the exception is triggered in views.
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team