Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle incorrectly UTF-8 encoded query and cookie url #3392

Merged
merged 1 commit into from
Oct 31, 2024
Merged

Handle incorrectly UTF-8 encoded query and cookie url #3392

merged 1 commit into from
Oct 31, 2024

Conversation

unoduetre
Copy link
Contributor

@unoduetre unoduetre commented Oct 28, 2024
edited
Loading

⚠️ This repo is Continuously Deployed: make sure you follow the guidance ⚠️

Follow these steps if you are doing a Rails upgrade.

What

Stop sentry alerting on the “invalid byte sequence in UTF-8 errors”.

As discussed with @hannako, we will use a a solution based on an external gem called rack-utf8_sanitizer instead of developing our own gem. This solution will then be used in all our apps by copy-pasting the configuration of this gem.

Why

When security scanning of our site takes place we are inundated with these errors in our slack channel. These errors are not serving any purpose since there is no issue to be solved. Therefore we should remove them to keep all our alerts actionable.

We often get exceptions in Sentry coming from a security checking bot that attempts some attacks by using strings with special characters. All of those "attacks" fail, but they produce exceptions which we would like to ignore, so they do not clutter Sentry. On the other hand we don’t want to ignore exceptions of the same class coming from other sources.

Trello card

@govuk-ci govuk-ci temporarily deployed to government-frontend-pr-3392 October 28, 2024 13:49 Inactive
@unoduetre unoduetre force-pushed the 2938-silently-handle-invalid-byte-sequence-in-utf-8-errors-l-2 branch from 7b9aeed to 310b173 Compare October 28, 2024 14:08
@govuk-ci govuk-ci temporarily deployed to government-frontend-pr-3392 October 28, 2024 14:08 Inactive
@govuk-ci govuk-ci temporarily deployed to government-frontend-pr-3392 October 28, 2024 14:23 Inactive
@unoduetre unoduetre force-pushed the 2938-silently-handle-invalid-byte-sequence-in-utf-8-errors-l-2 branch from d1a9af0 to 05a6fc7 Compare October 28, 2024 14:38
@govuk-ci govuk-ci temporarily deployed to government-frontend-pr-3392 October 28, 2024 14:38 Inactive
@unoduetre unoduetre marked this pull request as ready for review October 28, 2024 14:46
@unoduetre
Handle incorrectly UTF-8 encoded query and cookie url
99f3f8e 
Use a different exception when this situation is detected:
* Sanitiser::Strategy::SanitisingError
This error is not sent to Sentry.
See: alphagov/govuk_app_config#402
@unoduetre unoduetre force-pushed the 2938-silently-handle-invalid-byte-sequence-in-utf-8-errors-l-2 branch from 05a6fc7 to 99f3f8e Compare October 31, 2024 10:46
@govuk-ci govuk-ci temporarily deployed to government-frontend-pr-3392 October 31, 2024 10:46 Inactive
@unoduetre unoduetre merged commit 61dcb7a into main Oct 31, 2024
11 checks passed
@unoduetre unoduetre deleted the 2938-silently-handle-invalid-byte-sequence-in-utf-8-errors-l-2 branch October 31, 2024 10:52
@unoduetre unoduetre mentioned this pull request Oct 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catalinailie catalinailie catalinailie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@unoduetre @catalinailie @govuk-ci