search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
38.92k stars 4.17k forks source link

scripts located at /<uuid>/<filename>.js are browser extensions and should be ignored #4958

Closed fletom closed 7 years ago

fletom commented 7 years ago

been seeing these a lot on the hosted Sentry using raven.js

Google Chrome extension script filenames seem to look like /<uuid>/<filename>.js and should definitely be ignored

examples:

SyntaxError: JSON syntax error
  at KasperskyLab</parser.ThrowError(/9359CB8B-581F-DF42-8DC9-620E40F040AA/main.js:58:19)
  at KasperskyLab</parser.Parse(/9359CB8B-581F-DF42-8DC9-620E40F040AA/main.js:171:17)
  at KasperskyLab</exports.parse(/9359CB8B-581F-DF42-8DC9-620E40F040AA/main.js:176:16)
  at OnFrameContextMenu(/9359CB8B-581F-DF42-8DC9-620E40F040AA/main.js:3570:14)
  at ns.AddEventListener/<(/9359CB8B-581F-DF42-8DC9-620E40F040AA/main.js:198:50)
  at func(raven.js:372:23)
SyntaxError: JSON syntax error
  at Object.parser.ThrowError(/3E5AF5D6-44AB-5649-91FA-0838895D7431/main.js:58:19)
  at Object.parser.Parse(/3E5AF5D6-44AB-5649-91FA-0838895D7431/main.js:171:22)
  at Object.exports.parse [as JSONParse](/3E5AF5D6-44AB-5649-91FA-0838895D7431/main.js:176:23)
  at OnFrameContextMenu(/3E5AF5D6-44AB-5649-91FA-0838895D7431/main.js:2970:17)
  at ? (/3E5AF5D6-44AB-5649-91FA-0838895D7431/main.js:198:50)
  at apply(raven.js:372:28)
SyntaxError: JSON syntax error
  at Object.ThrowError(/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js:58:19)
  at Object.Parse(/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js:171:22)
  at Object.exports.parse [as JSONParse](/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js:176:23)
  at OnFrameContextMenu(/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js:2970:17)
  at ? (/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js:198:50)
  at apply(raven.js:372:28)
lorcanthrope commented 7 years ago

Those URLs are actually originating from https://gc.kis.v2.scr.kaspersky-labs.com/10126454-72C6-6D46-ABAE-9B3D1FAAA072/main.js, you're just seeing a truncated version of the URL in Sentry

fletom commented 7 years ago

@lorcanthrope I see. But still, that script was injected into the page, not loaded naturally. So shouldn't it still be filtered?

francisdb commented 7 years ago

We are also seeing a lot of these and sentry seems to be unable to group them

ipstas commented 7 years ago

Please, can we filter it out somehow. I don't care about Kaspersky inability to code properly

dcramer commented 7 years ago

You can always configure the SDK to filter them out using shouldSendCallback. It's possible we'll add this to built-ins, but thats considered to be a convenience feature more than anything else.

fletom commented 7 years ago

I strongly feel that ignoring or putting off this issue is the wrong move. It's not a nice-to-have enhancement, it's a major UX problem that makes Sentry events seem like significantly less signal and more noise.

dcramer commented 7 years ago

@fletom you can literally configure this yourself in the SDK. The "filters" bit is the server taking the hit on processing and is a convenience and nothing more. It lets us bundle the logic on the server, and in real-time turn it on and off. I don't disagree that building a filter for this would be good, but it is absolutely nice-to-have.

dcramer commented 7 years ago

Can someone link to an example event, or give the actual raw stacktrace? We need to see the filenames/domains.

Aside, if you're using domain whitelist, I think it should also be taking care of this, and you should ALWAYS be using the domain whitelist.

dcramer commented 7 years ago

Actually, this is already handled by our available filters. Until someone can prove otherwise, I'm closing this:

https://github.com/getsentry/sentry/blob/master/src/sentry/filters/browser_extensions.py#L65

francisdb commented 7 years ago

We get many of these daily for different browsers.

Chrome/win

SyntaxError: JSON syntax error
  at Object.ThrowError(/7E4DEF7A-EECD-184A-9900-C1E19F9CC670/main.js:58:19)
  at Object.Parse(/7E4DEF7A-EECD-184A-9900-C1E19F9CC670/main.js:171:22)
  at Object.exports.parse [as JSONParse](/7E4DEF7A-EECD-184A-9900-C1E19F9CC670/main.js:176:23)
  at OnFrameContextMenu(/7E4DEF7A-EECD-184A-9900-C1E19F9CC670/main.js:2970:17)
  at ? (/7E4DEF7A-EECD-184A-9900-C1E19F9CC670/main.js:198:50)
  at apply(raven.js:386:28)

Firefox/win

SyntaxError: JSON syntax error
  at ThrowError(/BC992BB3-D9AD-CA49-9A2D-8AF3E7F4803E/main.js:58:19)
  at Parse(/BC992BB3-D9AD-CA49-9A2D-8AF3E7F4803E/main.js:171:17)
  at KasperskyLab</exports.parse(/BC992BB3-D9AD-CA49-9A2D-8AF3E7F4803E/main.js:176:16)
  at OnFrameContextMenu(/BC992BB3-D9AD-CA49-9A2D-8AF3E7F4803E/main.js:3514:14)
  at ns.AddEventListener/<(/BC992BB3-D9AD-CA49-9A2D-8AF3E7F4803E/main.js:198:50)
  at func(raven.js:386:23)

IE 11/win

SyntaxError: JSON syntax error
  at parser.ThrowError(/B11E94A6-97B2-164C-88EF-EE0347143369/main.js:58:13)
  at parser.Parse(/B11E94A6-97B2-164C-88EF-EE0347143369/main.js:171:17)
  at exports.parse(/B11E94A6-97B2-164C-88EF-EE0347143369/main.js:176:9)
  at OnFrameContextMenu(/B11E94A6-97B2-164C-88EF-EE0347143369/main.js:2970:3)
  at Anonymous function(/B11E94A6-97B2-164C-88EF-EE0347143369/main.js:198:50)
  at d(raven.js:386:16)

this is a related thread on the Kaspersky forums (Russian) https://forum.kaspersky.com/index.php?/topic/365848-kis-%D0%B8-google-spreadsheets/

and a sentry parsing error for each of these

image

francisdb commented 7 years ago

The main issue for us is that sentry does not merge these events so we can not just ignore them

dcramer commented 7 years ago

I think you are still all missing that Sentry already lets you filter these out:

https://docs.sentry.io/learn/quotas/#inbound-data-filters

francisdb commented 7 years ago

Hmm, browser extension filters are not enabled by default, let's see if this helps

image

AndrewKvalheim commented 7 years ago

I think I'm seeing a variant of this that's not caught by the inbound filter:

vcarel commented 6 years ago

I agree with @AndrewKvalheim, the browser extensions filter does not seem to catch those errors. We got 5.2k of those in only 2 weeks (mostly Edge users BTW)

/97C63D17-6EF0-F24D-B552-BD878F22F6B0/main.js in parser.Parse at line 171:17
/97C63D17-6EF0-F24D-B552-BD878F22F6B0/main.js in exports.parse at line 176:9
/97C63D17-6EF0-F24D-B552-BD878F22F6B0/main.js in OnFrameContextMenu at line 3570:3
/97C63D17-6EF0-F24D-B552-BD878F22F6B0/main.js in Anonymous function at line 198:50

@dcramer I don't see how to configure the inbound filter, unless filtering all "JSON syntax" errors. Which I don't want to do because this could hide errors from our side as well. Can you help?