Conversation
sl0thentr0py
force-pushed
the
repro/sentry-ruby-2842
branch
from
f24b250 to
7d3a816
Compare
sl0thentr0py
force-pushed
the
repro/sentry-ruby-2842
branch
from
7d3a816 to
2cfe13e
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| config.load_defaults 8.0 | ||
| config.eager_load = false | ||
| config.secret_key_base = "test_secret_key_base_for_reproduction" | ||
| end |
There was a problem hiding this comment.
Hardcoded Rails secret key base
Medium Severity
config.secret_key_base is hardcoded in config/application.rb, which risks leaking a valid secret into version control. If this app is ever run beyond a purely local repro (or copied as a template), sessions/cookies and other signed data can become forgeable.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
Demonstrates that Sentry.metrics.count does not emit user attributes (user.id, user.email) even when Sentry.set_user has been called and the user information is present in the scope. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
sl0thentr0py
force-pushed
the
repro/sentry-ruby-2842
branch
from
2cfe13e to
05ce3e0
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| config.before_send_metric = lambda do |event| | ||
| puts "[Sentry] Sending event: #{event.to_h}" | ||
| event | ||
| end |
There was a problem hiding this comment.
Callback may crash and silently drop metrics
Medium Severity
The before_send_metric callback calls event.to_h on the metric object, but the MetricEvent type received by this callback is not a documented subclass of Sentry::Event (which defines to_h). Its documented interface only exposes name, attributes, span_id, trace_id, and timestamp. If to_h is not defined on this object, the callback raises NoMethodError, which sentry-ruby catches internally and silently drops the metric — making the reproduction appear as if no metric was sent at all, rather than demonstrating the actual user-attributes-missing issue.
2 participants
Summary
Sentry.metrics.countdoesn't emit user attributes (user.id,user.email) even whenSentry.set_userhas been calledApplicationControllerand emits a metric inTestControllerIssue: getsentry/sentry-ruby#2842
Test plan
bundle installinsentry-ruby/2842/SENTRY_DSNenvironment variablebundle exec rails server🤖 Generated with Claude Code