sentry-cli: List of known `sourcemap inject` bugs

  1. We have gotten customer reports of injection problems when a file starts with something like
(this.foo=this.bar||[]).push([[2],[function(e,t,n){"use strict"; […] }

This trips the “use pragma” detection and causes the line to be skipped, which is obviously not intended. Solution: make the regex stricter.

  1. Block comments aren’t handled at all. Thus, if a file started with
/* lol, lmao */
"use strict";

we would erroneously inject at the very top. Solution: handle block comments.

  1. 'use strict'; can be on the same line as the rest of the code, eg 'use strict';(function(){console.log('wat')})(); is a valid code, and we do not handle injecting snippet “in-between” - ref: https://github.com/getsentry/sentry-cli/issues/1646
### Tasks
- [ ] https://github.com/getsentry/sentry-cli/pull/1648
- [x] Handle block comments
- [x] Handle same-line `use strict` usages

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 17 (8 by maintainers)

Most upvoted comments

All of these bugs should be fixed as of sentry-cli 2.20.4. Thank you very much for your forbearance, eveyone 🙇

+2
loewenheim on Aug 3, 2023

I am sorry for the frustration caused by this. We’re currently working on putting injection on a more solid foundation.

+2
loewenheim on Jul 19, 2023

I have something to add to this list. We are using GraphQL and sometimes the injection gets injected into the template string that is defining out GraphQL queries. Here is a couple snippets to show you:

image image Although this MIGHT fall into #1 above.

This is a minified Angular App

+2
yharaskrik on Jul 4, 2023

Yes, sorry. Thanks for catching this. I meant to close linked issue only 😅

+1
kamilogorek on Jul 20, 2023

We just got bit by this badly, simplified reproducer:

Original js file:

(function (global, factory) {
    typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory() :
        typeof define === 'function' && define.amd ? define(factory) :
            (global = global || self, global.myObject = factory());
}(this, (function () { 'use strict';
    var myHTML = "\n";
    return {};
})));

Minified:

(()=>{var i=(n,e)=>()=>(e||n((e={exports:{}}).exports,e),e.exports);var d=i((t,f)=>{(function(n,e){typeof t=="object"&&typeof f<"u"?f.exports=e():typeof define=="function"&&define.amd?define(e):(n=n||self,n.myObject=e())})(t,function(){"use strict";var n=`
`;return{}})});d();})();

Debug ids Injected:

(()=>{var i=(n,e)=>()=>(e||n((e={exports:{}}).exports,e),e.exports);var d=i((t,f)=>{(function(n,e){typeof t=="object"&&typeof f<"u"?f.exports=e():typeof define=="function"&&define.amd?define(e):(n=n||self,n.myObject=e())})(t,function(){"use strict";var n=`
!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},n=(new Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="2c4f8e42-99ad-5954-85ef-815190b8286a")}catch(e){}}();
`;return{}})});d();})();
//# debugId=2c4f8e42-99ad-5954-85ef-815190b8286a

As you can see this is pretty bad, it ends up inserting the sentry debug snippet inside the myHTML variable. Are there any workarounds available ? When can we expect this to be fixed ? We had to disable sourcemap support because of this, making the Sentry issues mostly unreadable.

+1
jbub on Jul 20, 2023
Read more comments on GitHub
← sentry-cli: Failing with 429 errors
sentry-cli: Protect against spawn of CLI for wrong architecture →