search

getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
38.5k stars 4.11k forks source link

Need FIPS 140-3 support #66195

Open ns-mjagtap opened 6 months ago

ns-mjagtap commented 6 months ago

Problem Statement

getsentry/sentry v23.12.1

Feature Request: Need FIPS 140-3 support. CC: @chadwhitacre

Rationale: In FedRAMP env, apps must run in FIPS ON mode. getsentry/sentry:23.12.1 uses MD5 algo in ways which are not allowed in FIP ON mode. Therefore, container crashes right at startup.

Logs: Crash logs of getsentry/sentry:23.12.1 container image in FIPS ON mode.

Traceback (most recent call last):
  File "/usr/local/bin/sentry", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/__init__.py", line 195, in main
    func(**kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1157, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1078, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1688, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 1434, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/decorators.py", line 69, in inner
    return ctx.invoke(f, *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/core.py", line 783, in invoke
    return __callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/click/decorators.py", line 33, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/decorators.py", line 28, in inner
    configure()
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/__init__.py", line 131, in configure
    _configure(ctx, py, yaml, skip_service_validation)
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/settings.py", line 148, in configure
    initialize_app(
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/initializer.py", line 326, in initialize_app
    bootstrap_options(settings, config["options"])
  File "/usr/local/lib/python3.10/dist-packages/sentry/runner/initializer.py", line 168, in bootstrap_options
    load_defaults()
  File "/usr/local/lib/python3.10/dist-packages/sentry/options/__init__.py", line 78, in load_defaults
    from sentry.hybridcloud import options  # NOQA
  File "/usr/local/lib/python3.10/dist-packages/sentry/hybridcloud/options.py", line 4, in <module>
    register(
  File "/usr/local/lib/python3.10/dist-packages/sentry/options/manager.py", line 410, in register
    self.registry[key] = self.make_key(key, default, type, flags, ttl, grace, grouping_info)
  File "/usr/local/lib/python3.10/dist-packages/sentry/options/manager.py", line 248, in make_key
    _make_cache_key(name),
  File "/usr/local/lib/python3.10/dist-packages/sentry/options/manager.py", line 152, in _make_cache_key
    return "o:%s" % md5_text(key).hexdigest()
  File "/usr/local/lib/python3.10/dist-packages/sentry/utils/hashlib.py", line 14, in md5_text
    m = _md5()
ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

Solution Brainstorm

No response

Product Area

Other

getsantry[bot] commented 6 months ago

Assigning to @getsentry/support for routing ⏲️

chadwhitacre commented 6 months ago

Cross-linking https://github.com/getsentry/relay/issues/3197 for Relay.

getsantry[bot] commented 6 months ago

Routing to @getsentry/product-owners-settings-relay for triage ⏲️

olksdr commented 6 months ago

@ReneGreen27 this seems like related to backend. What the correct product area would it be ?

ns-mjagtap commented 5 months ago

Any updates?

CC: @chadwhitacre

hubertdeng123 commented 5 months ago

Looks like there is follow up in https://github.com/getsentry/relay/issues/3197, so please use that ticket for now for updates here @ns-mjagtap