Skip to content

Commit

Permalink
Update dependencies with vulnerabilities (#549)
Browse files Browse the repository at this point in the history
- update OpenTelemetry
- update MassTransit
- remove Bugsnag.AspNet.Core, implement natively
- fixes #544
  • Loading branch information
ddaspit authored Dec 3, 2024
1 parent 3bbda03 commit 69fa745
Show file tree
Hide file tree
Showing 14 changed files with 179 additions and 16 deletions.
1 change: 0 additions & 1 deletion src/Echo/src/EchoTranslationEngine/Usings.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
global using System.Threading.Channels;
global using Bugsnag.AspNet.Core;
global using EchoTranslationEngine;
global using Google.Protobuf.WellKnownTypes;
global using Grpc.Core;
Expand Down
1 change: 0 additions & 1 deletion src/Machine/src/Serval.Machine.EngineServer/Program.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
using Bugsnag.AspNet.Core;
using Hangfire;
using OpenTelemetry.Trace;

Expand Down
1 change: 0 additions & 1 deletion src/Machine/src/Serval.Machine.JobServer/Program.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
using Bugsnag.AspNet.Core;
using OpenTelemetry.Trace;

var builder = WebApplication.CreateBuilder(args);
Expand Down
1 change: 1 addition & 0 deletions src/Machine/src/Serval.Machine.Shared/Utils/AsyncTimer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ private void StopTimer()

protected override async ValueTask DisposeAsyncCore()
{
await base.DisposeAsyncCore();
await StopAsync();
_timer.Dispose();
}
Expand Down
12 changes: 6 additions & 6 deletions src/Serval/src/Serval.ApiServer/Serval.ApiServer.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>

<PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.8.0" />
<PackageReference Include="OpenTelemetry.Exporter.Prometheus.AspNetCore" Version="1.8.0-rc.1" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.8.0" />
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.8.1" />
<PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.8.0-beta.1" />
<PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.8.1" />
<PackageReference Include="OpenTelemetry.Exporter.Console" Version="1.10.0" />
<PackageReference Include="OpenTelemetry.Exporter.Prometheus.AspNetCore" Version="1.10.0-beta.1" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="1.10.0" />
<PackageReference Include="OpenTelemetry.Instrumentation.AspNetCore" Version="1.9.0" />
<PackageReference Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="1.9.0-beta.1" />
<PackageReference Include="OpenTelemetry.Instrumentation.Http" Version="1.10.0" />
</ItemGroup>

<ItemGroup>
Expand Down
1 change: 0 additions & 1 deletion src/Serval/src/Serval.ApiServer/Usings.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
global using System.Security.Claims;
global using System.Text.Json.Serialization;
global using Asp.Versioning;
global using Bugsnag.AspNet.Core;
global using Hangfire;
global using Hangfire.Mongo;
global using Hangfire.Mongo.Migration.Strategies;
Expand Down
2 changes: 1 addition & 1 deletion src/Serval/src/Serval.DataFiles/Serval.DataFiles.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<ItemGroup>
<PackageReference Include="Asp.Versioning.Abstractions" Version="6.2.1" />
<PackageReference Include="Cronos" Version="0.7.1" />
<PackageReference Include="MassTransit" Version="8.0.14" />
<PackageReference Include="MassTransit" Version="8.3.2" />
<PackageReference Include="NSwag.Annotations" Version="14.1.0" />
</ItemGroup>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
<PackageReference Include="Asp.Versioning.Abstractions" Version="6.2.1" />
<PackageReference Include="CaseExtensions" Version="1.1.0" />
<PackageReference Include="Grpc.AspNetCore" Version="2.65.0" />
<PackageReference Include="MassTransit" Version="8.0.14" />
<PackageReference Include="MassTransit" Version="8.3.2" />
<PackageReference Include="NSwag.Annotations" Version="14.1.0" />
</ItemGroup>

Expand Down
2 changes: 1 addition & 1 deletion src/Serval/src/Serval.Webhooks/Serval.Webhooks.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<ItemGroup>
<PackageReference Include="Asp.Versioning.Abstractions" Version="6.2.1" />
<PackageReference Include="Hangfire.Core" Version="1.8.14" />
<PackageReference Include="MassTransit" Version="8.0.14" />
<PackageReference Include="MassTransit" Version="8.3.2" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,25 @@ public static IServiceCollection AddParallelCorpusPreprocessor(this IServiceColl
services.AddSingleton<ICorpusService, CorpusService>();
return services;
}

/// <summary>
/// Add Bugsnag to your application. Configures the required bugsnag
/// services and attaches the Bugsnag middleware to catch unhandled
/// exceptions.
/// </summary>
/// <param name="services"></param>
/// <returns></returns>
public static IServiceCollection AddBugsnag(this IServiceCollection services)
{
services.TryAddSingleton<IHttpContextAccessor, HttpContextAccessor>();

return services
.AddSingleton<IStartupFilter, BugsnagStartupFilter>()
.AddScoped<Bugsnag.IClient, Bugsnag.Client>(context =>
{
var configuration = context.GetService<IOptions<Bugsnag.Configuration>>();
var client = new Bugsnag.Client(configuration!.Value);
return client;
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,13 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="Bugsnag.AspNet.Core" Version="3.1.0" />
<PackageReference Include="Bugsnag" Version="3.1.0" />
<PackageReference Include="Grpc.Core.Api" Version="2.65.0" />
<PackageReference Include="Hangfire.Core" Version="1.8.14" />
<PackageReference Include="Microsoft.Extensions.DiagnosticAdapter" Version="3.1.32" />
<PackageReference Include="SIL.WritingSystems" Version="14.1.1" />
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
<PackageReference Include="SIL.Scripture" Version="12.0.1"/>
<PackageReference Include="SIL.Scripture" Version="12.0.1" />
<PackageReference Include="SIL.Machine" Version="3.5.2" Condition="!Exists('..\..\..\..\..\machine\src\SIL.Machine\SIL.Machine.csproj')" />
</ItemGroup>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
namespace SIL.ServiceToolkit.Services;

/// <summary>
/// The Bugsnag AspNetCore middleware.
///
/// See https://github.com/bugsnag/bugsnag-dotnet for original source.
/// </summary>
public class BugsnagMiddleware(RequestDelegate requestDelegate)
{
public const string HttpContextItemsKey = "Bugsnag.Client";

private readonly RequestDelegate _next = requestDelegate;

public async Task Invoke(HttpContext context, Bugsnag.IClient client)
{
if (client.Configuration.AutoCaptureSessions)
client.SessionTracking.CreateSession();

// capture the request information now as the http context
// may be changed by other error handlers after an exception
// has occurred
Bugsnag.Payload.Request bugsnagRequestInformation = ToRequest(context);

client.BeforeNotify(report =>
{
report.Event.Request = bugsnagRequestInformation;
});

context.Items[HttpContextItemsKey] = client;

if (client.Configuration.AutoNotify)
{
try
{
await _next(context);
}
catch (Exception exception)
{
client.Notify(exception, Bugsnag.Payload.HandledState.ForUnhandledException());
throw;
}
}
else
{
await _next(context);
}
}

private static Bugsnag.Payload.Request ToRequest(HttpContext httpContext)
{
IPAddress? ip = httpContext.Connection.RemoteIpAddress ?? httpContext.Connection.LocalIpAddress;

return new Bugsnag.Payload.Request
{
ClientIp = ip?.ToString(),
Headers = httpContext.Request.Headers.ToDictionary(x => x.Key, x => string.Join(",", x.Value!)),
HttpMethod = httpContext.Request.Method,
Url = httpContext.Request.GetDisplayUrl(),
Referer = httpContext.Request.Headers[HeaderNames.Referer],
};
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
namespace SIL.ServiceToolkit.Services;

/// <summary>
/// A startup filter to ensure that the Bugsnag middleware is
/// executed at the start of the middleware stack.
///
/// See https://github.com/bugsnag/bugsnag-dotnet for original source.
/// </summary>
public class BugsnagStartupFilter : IStartupFilter
{
static BugsnagStartupFilter()
{
// populate the env variable that the client expects with the netcore
// provided value unless it has already been specified
if (Environment.GetEnvironmentVariable("BUGSNAG_RELEASE_STAGE") == null)
{
Environment.SetEnvironmentVariable(
"BUGSNAG_RELEASE_STAGE",
Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT")
);
}
}

public Action<IApplicationBuilder> Configure(Action<IApplicationBuilder> next)
{
return builder =>
{
builder
.ApplicationServices.GetService<DiagnosticListener>()
?.SubscribeWithAdapter(new DiagnosticSubscriber());
builder.UseMiddleware<BugsnagMiddleware>();
next(builder);
};
}

private class DiagnosticSubscriber
{
/// <summary>
/// Handles exceptions that the Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware
/// swallows.
/// </summary>
/// <param name="exception"></param>
/// <param name="httpContext"></param>
[DiagnosticName("Microsoft.AspNetCore.Diagnostics.HandledException")]
public virtual void OnHandledException(Exception exception, HttpContext httpContext)
{
LogException(exception, httpContext);
}

/// <summary>
/// Handles exceptions that the Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware
/// swallows.
/// </summary>
/// <param name="exception"></param>
/// <param name="httpContext"></param>
[DiagnosticName("Microsoft.AspNetCore.Diagnostics.UnhandledException")]
public virtual void OnUnhandledException(Exception exception, HttpContext httpContext)
{
LogException(exception, httpContext);
}

private static void LogException(Exception exception, HttpContext httpContext)
{
httpContext.Items.TryGetValue(BugsnagMiddleware.HttpContextItemsKey, out object? clientObject);

if (clientObject is Bugsnag.IClient client)
{
if (client.Configuration.AutoNotify)
client.Notify(exception, Bugsnag.Payload.HandledState.ForUnhandledException());
}
}
}
}
11 changes: 10 additions & 1 deletion src/ServiceToolkit/src/SIL.ServiceToolkit/Usings.cs
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
global using System.Diagnostics.CodeAnalysis;
global using System.Diagnostics;
global using System.Diagnostics.CodeAnalysis;
global using System.Net;
global using System.Text;
global using System.Text.Json.Nodes;
global using System.Text.RegularExpressions;
global using Grpc.Core;
global using Grpc.Core.Interceptors;
global using Hangfire;
global using Microsoft.AspNetCore.Builder;
global using Microsoft.AspNetCore.Hosting;
global using Microsoft.AspNetCore.Http;
global using Microsoft.AspNetCore.Http.Extensions;
global using Microsoft.Extensions.DependencyInjection;
global using Microsoft.Extensions.DependencyInjection.Extensions;
global using Microsoft.Extensions.DiagnosticAdapter;
global using Microsoft.Extensions.Diagnostics.HealthChecks;
global using Microsoft.Extensions.Hosting;
global using Microsoft.Extensions.Logging;
global using Microsoft.Extensions.Options;
global using Microsoft.Net.Http.Headers;
global using SIL.Machine.Corpora;
global using SIL.ServiceToolkit.Models;
global using SIL.ServiceToolkit.Services;
Expand Down

0 comments on commit 69fa745

Please sign in to comment.