Skip to content

fix(remix): Use domains to prevent scope bleed #5570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Aug 16, 2022

Conversation

AbhiPrasad
Copy link
Member

https://nodejs.org/api/domain.html

Create a domain and manually push and pop the domain stack to isolate requests. This helps prevent scope bleed issues between transactions.

Create a domain and manually push and pop the domain stack to isolate
requests. This helps prevent scope bleed issues between transactions.
@@ -131,4 +131,22 @@ describe('Remix API Loaders', () => {
},
});
});

it('makes sure scope does not bleed between requests', async () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did this test previously fail? IOW, would it actually detect scope bleed if we were to accidentally re-introduce it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test did previously fail - but now it seems to be sometimes passing 🤔, worried it's a flaky test then. @lobsterkatie any ideas for a good test against scope bleed?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm... I would assume we basically have to force them to be simultaneous, right? This test would pass regardless, as long as there were only one request/transaction at at time, so maybe the flakiness is coming from the requests just getting through so quickly that they end up being sequential. Could you introduce a variable delay into each request, and set them off at a set interval, to guarantee they'd all be in flight at the same time? I'm picturing something like (assuming 5 requests):

Request 1: Starts at timestamp 0, waits 5 seconds to set its tag, waits another second, finishes
Request 2: Starts at timestamp 1 second, waits 4 seconds to set its tag, waits another second, finishes
...
Request 5: Starts at timestamp 4 seconds, waits 1 second to set its tag, waits another second, finishes

That way, you know that 5 seconds in, all five requests should be trying to set their tags more or less at the same moment, and should also all be finishing at more or less the same time (meaning they'd all be trying to grab scope data to attach to the event roughly simultaneously).

(You might also consider introducing a tiny bit of randomness (wait anywhere between 0.99 and 1.01 seconds to start each request, and the do it again for finishing, for example), just so that the order in which requests set and get their tags is mixed up.)

If everything still comes through cleanly, then I think we'd've proved the point, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, and we've tested on express as well. Thanks Katie, used a simple version of your logic here.

I tried the randomness, but it wasn't working that well, so elected to do this.

Base automatically changed from abhi-remix-route-name to master August 12, 2022 12:43
@github-actions
Copy link
Contributor

github-actions bot commented Aug 12, 2022

size-limit report 📦

Path Size
@sentry/browser - ES5 CDN Bundle (gzipped + minified) 19.4 KB (-0.02% 🔽)
@sentry/browser - ES5 CDN Bundle (minified) 60.06 KB (0%)
@sentry/browser - ES6 CDN Bundle (gzipped + minified) 17.97 KB (-0.01% 🔽)
@sentry/browser - ES6 CDN Bundle (minified) 52.92 KB (0%)
@sentry/browser - Webpack (gzipped + minified) 19.77 KB (0%)
@sentry/browser - Webpack (minified) 64.3 KB (0%)
@sentry/react - Webpack (gzipped + minified) 19.79 KB (0%)
@sentry/nextjs Client - Webpack (gzipped + minified) 44.7 KB (-0.02% 🔽)
@sentry/browser + @sentry/tracing - ES5 CDN Bundle (gzipped + minified) 25.9 KB (-0.03% 🔽)
@sentry/browser + @sentry/tracing - ES6 CDN Bundle (gzipped + minified) 24.27 KB (-0.05% 🔽)

Copy link
Member

@lobsterkatie lobsterkatie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of curiosity: What does the $ in the test filename do?

@AbhiPrasad
Copy link
Member Author

What does the $ in the test filename do?

It's for paramaterized routes: https://remix.run/docs/en/v1/guides/data-loading#route-params

If you're always adding the same number it's not random, is it?

Yes 100% - in retrospect shoulda moved the PR to draft. Was just testing out if different scenarios flake. Will introduce a random element in a bit.

@AbhiPrasad AbhiPrasad marked this pull request as draft August 16, 2022 13:51
@AbhiPrasad AbhiPrasad self-assigned this Aug 16, 2022
@AbhiPrasad AbhiPrasad force-pushed the abhi-remix-scope-bleed branch from 7664ee9 to 34f9c6d Compare August 16, 2022 14:27
@AbhiPrasad
Copy link
Member Author

Ok - this PR kinda ballooned in scope. @lobsterkatie @onurtemizkan mind taking another quick high level review? Once that's done, I'm going to clean up the commits by opening up a new PR and outlining my rationale a little more.

I ended up grabbing some nextjs utils, I'll abstract and move those into utils after I get this done.

@onurtemizkan
Copy link
Collaborator

Looks good to me 👍

@AbhiPrasad AbhiPrasad marked this pull request as ready for review August 16, 2022 17:16
@AbhiPrasad
Copy link
Member Author

Ok - I'm gonna go ahead and merge this since it unblocks users (and the 7.11.0 release), but I'll need to come back and clean it up, which I'll do in a follow up PR.

@AbhiPrasad AbhiPrasad enabled auto-merge (squash) August 16, 2022 17:52
@AbhiPrasad AbhiPrasad merged commit bdd7fde into master Aug 16, 2022
@AbhiPrasad AbhiPrasad deleted the abhi-remix-scope-bleed branch August 16, 2022 18:04
@lobsterkatie
Copy link
Member

Are we not worried that in its final version the remix tests are failing?

@AbhiPrasad
Copy link
Member Author

@lobsterkatie yeah bad merge - fixed this in #5590!

timfish pushed a commit to timfish/sentry-javascript that referenced this pull request Aug 22, 2022
getsentry#5570 merged, but the tests were being very flaky. I took another look and figured out that we only needed to wrap our instrumentation with a domain once. Wrapping twice (for both express and built-in) was causing problems. In addition, I moved the wrapping down to the request handling phase, which makes the behaviour more correct.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants