Gracefully handle "sentry-trace" headers that don't match the regexp

[lfittl]

Fixes the handling of invalid "sentry-trace" header values, such as "null", that otherwise lead to an application crash.

Example error backtrace:

Rack app error handling request { POST /action }
#<NoMethodError: undefined method `[]' for nil:NilClass>
.../sentry-ruby-core-4.1.6/lib/sentry/transaction.rb:32:in `from_sentry_trace'
.../sentry-ruby-core-4.1.6/lib/sentry/rack/capture_exceptions.rb:21:in `block in call'
.../sentry-ruby-core-4.1.6/lib/sentry/hub.rb:52:in `with_scope'
.../sentry-ruby-core-4.1.6/lib/sentry-ruby.rb:149:in `with_scope'
.../sentry-ruby-core-4.1.6/lib/sentry/rack/capture_exceptions.rb:14:in `call'

[codecov-io]

Codecov Report

Merging #1265 (23cb83e) into master (db7be87) will increase coverage by 0.60%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #1265      +/-   ##
==========================================
+ Coverage   97.98%   98.59%   +0.60%     
==========================================
  Files         200      105      -95     
  Lines        8655     4825    -3830     
==========================================
- Hits         8481     4757    -3724     
+ Misses        174       68     -106     

Impacted Files	Coverage Δ
sentry-ruby/lib/sentry/transaction.rb	100.00% <100.00%> (ø)
sentry-raven/spec/raven/transports/stdout_spec.rb
sentry-raven/lib/raven/transports/dummy.rb
...try-raven/lib/raven/utils/exception_cause_chain.rb
sentry-raven/lib/raven/cli.rb
...-raven/spec/raven/integrations/delayed_job_spec.rb
sentry-raven/lib/raven/core_ext/object/deep_dup.rb
...s/rails/overrides/debug_exceptions_catcher_spec.rb
...entry-raven/lib/raven/integrations/rack-timeout.rb
sentry-raven/spec/raven/breadcrumbs_spec.rb
... and 86 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db7be87...23cb83e. Read the comment docs.

[st0012]

thanks for the fix! can you add a new changelog entry for this as well? thx

[st0012]

actually, can you add a test case to capture_exceptions_spec.rb?

[lfittl]

@st0012 Done - I've also found an adjacent bug, added in a follow-up commit in this PR, since its in the same code area (happy to move to a separate PR if you prefer).

[st0012]

@lfittl thanks for the update 👍 some thoughts:

1. I still want to see a test in spec/sentry/rack/capture_exceptions_spec.rb for the invalid sentry case. I suspect that this change breaks the middleware because it assumes span won't be nil in any case.
2. the issue you mentioned is indeed a problem, but I'm not sure if adding the sampling decision is the right answer. I think the correct solution is to change sentry-rails's condition on instrumentation. I'll open a PR for that.

[lfittl]

1. I still want to see a test in spec/sentry/rack/capture_exceptions_spec.rb for the invalid sentry case. I suspect that this change breaks the middleware because it assumes span won't be nil in any case.

Good catch - fixed now. I assume we'd want to run through the regular logic in this case (i.e. if its an invalid value, act as if the header wasn't set)

2. the issue you mentioned is indeed a problem, but I'm not sure if adding the sampling decision is the right answer. I think the correct solution is to change sentry-rails's condition on instrumentation. I'll open a PR for that.

Ack, removed again from this PR. Thanks!

[st0012]

thanks for catching the issue and proposed the great fix 😄

because I just released 4.2.0 earlier today, can you rebase the branch and update the changelog again?

# Changelog

## Unreleased <- Add this

< and put the entry here >

## 4.2.0
.....

[lfittl]

@st0012 Done - rebased & updated change log entry.

[st0012]

@lfittl I've talked to other maintainers about the other issue you spotted in this PR. and the answer is that the child transactions initialized from .from_sentry_trace should just inherit the parent's sampling decision. I've added #1269 to update this.