Removing sensitive information from Sentry errors logs - sentry

I'm using Sentry to track all the errors on our production server, and I was wondering if it was possible to remove some sensitive data from the error logs :
For instance, I throw an error if a HTTP call to an API is failing. Sadly, I need to give the API access token as a query parameter of the request, and it is displayed in the error logs, in this format :
http
GET https://api.url?accessToken=abcdefg&otherparam=bar [400]
16:25:11
Can I hide or remove this accessToken ? It does not change between calls, so even setting it as an option somewhere so that it could be hidden from other people checking the Sentry logs would be alright.

Related

Why am I getting a 403 error in a post request in JMeter?

I'm trying to record a script in JMeter for a website. I'm supposed to login, click on submissions, click on one of the submitted documents then logout. I've correlated everything but I'm getting a 403 forbidden error on one of the requests. During the penultimate step of clicking on one of the submitted documents, it sends a post request to the server which looks like this :
Request
I'm getting a 403 error on this request. I've tried correlating every single variable in that request but I still get a 403 error. Any suggestions?
As per HTTP Status 403 description:
The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it.
This status is similar to 401, but in this case, re-authenticating will make no difference. The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource.
So unless there is a bug in the application the status means that the logged in user doesn't have enough permissions to execute the request (submit the documents), try checking the username/password (or whatever is the authentication approach) using Debug Sampler and View Results Tree listener combination and ensure that the user is allowed to perform this action.

Jmeter , I'm facing 403 error when i try to run a login test

enter image description here
I used the Regular Expression Extractor for the tokens, but the 403 forbidden error keeps displaying.-check the screenshoot
Seems some missing configuration issue.
Can you please make sure:
You have HTTP Cookie Manager added to your Test Plan
If your application is protected with external authentication system like Basic HTTP Authentication, NTLM or Kerberos you need to handle it properly using HTTP Authorization Manager
Can you try :
Adding HTTP Header Manager and authorization with Basic encoded
one screenshot of the failed response headers doesn't tell the full story, you need to show us:
Successful request URL, body (if any) and headers (you can get it from browser developer tools)
Failing request from JMeter URL, body (if any) and headers from the View Results Tree listener
As per HTTP Status Code 403 description:
The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it.
This status is similar to 401, but in this case, re-authenticating will make no difference. The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource.
If you can successfully execute the same scenario using browser and cannot using JMeter - most probably it's due to missing or improperly implemented correlation, try recording the same steps one more time and compare generated scripts, all values which are different needs to be properly worked around

Got Frame load interrupted and The url can not be shown with oauth2

I am using Authenticator doing Oauth2 authentication. The return url is something like myapp://landing. I got following errors, The URL can not be shown and Frame load interrupted. It seems I can not suppress this error. I got the correct token from the service. I just want to know if there is a way I can suppress them.

JMeter & Salesforce : Facing an error as 'Error occurred while loading a Visualforce page. Attempt to de-reference a null object'

I am creating script in JMeter for a Salesforce application but I am Facing an error as
Error occurred while loading a Visualforce page. Attempt to de-reference a null object' for one of my POST request.
Response code received is 500 with message 'Server Error'
HTTP Status 500 stands for Internal Server Error, you should look into your server logs in order to get to the bottom of the issue.
If you don't have access to your application logs - you can perform some client-side troubleshooting, the common way is to capture the request which is being sent by JMeter and the real browser using a sniffer tool like Wireshark or Fiddler and compare them. The requests should look exactly the same (apart from dynamic values which need to be correlated)
You should pay attention not only to the request body, but also HTTP Headers (including Cookies) as everything matters.
You might also want to check out JMeter – Logging Into Salesforce for Automated Testing article

How to add the unhandled exceptions accross the applications in response body in WEB API

How to add the unhandled exceptions accross the applications in response body in WEB API. If there is no exceptions a success message needs to be sent to the response body for all the responses....Need help on achieving this.
You need two things. For handling the exceptions, you need to set the IncludeDetailErrorPolicy in the HttpConfiguration object,
You can configure the error policy preferences as part of the configuration object (HttpConfiguration) in the IncludeErrorDetailPolicy property. This is just an enum that instructs Web API about how to deal with exceptions.
The possible values for this enum are,
Default: It’s uses the customErrors configuration settings if you are using ASP.NET as host or LocalOnly for self-host.
LocalOnly: Only includes error details for local requests
Always: Always includes error details
Never: Never includes error details
When an exception happens, Web API will check the value on this setting for including details about the exception in the response message or not. For example, if Always is enabled, Web API will serialize the exception details as part of the message that you get as response.
The success message does not make much sense as you already have the response status code. A status code equals to OK means that everything went ok. If you still want to add an additional message, use a HttpMessageHandler that checks for the response status code. If the status code is OK, add the message. However, the response body has been set already at that point so you will not able to modify it. You might able to add a message as a header.

Resources