Read the request body before sending the response to the user instead of just as the request is getting started

Author: ericapisani

sentry_sdk/integrations/flask.py

@@ -42,6 +42,7 @@
     from flask.signals import (
         before_render_template,
         got_request_exception,
+        request_finished,
         request_started,
     )
     from markupsafe import Markup
@@ -94,6 +95,7 @@ def setup_once() -> None:
 
         before_render_template.connect(_add_sentry_trace)
         request_started.connect(_request_started)
+        request_finished.connect(_request_finished)
         got_request_exception.connect(_capture_exception)
 
         old_app = Flask.__call__
@@ -164,8 +166,15 @@ def _request_started(app: "Flask", **kwargs: "Any") -> None:
     evt_processor = _make_request_event_processor(app, request, integration)
     scope.add_event_processor(evt_processor)
 
+
+def _request_finished(sender: "Flask", response: "Any", **kwargs: "Any") -> None:
+    integration = sentry_sdk.get_client().get_integration(FlaskIntegration)
+    if integration is None:
+        return
+
     client = sentry_sdk.get_client()
     if has_span_streaming_enabled(client.options):
+        request = flask_request._get_current_object()
         _set_request_body_data_on_streaming_segment(request, client)
 
 
@@ -178,18 +187,26 @@ def _set_request_body_data_on_streaming_segment(
 
     with capture_internal_exceptions():
         content_length = int(request.content_length or 0)
-        extractor = FlaskRequestExtractor(request)
 
         if not request_body_within_bounds(client, content_length):
             data = AnnotatedValue.substituted_because_over_size_limit()
         else:
-            raw_data = None
-            try:
-                raw_data = extractor.raw_data()
-            except _RAW_DATA_EXCEPTIONS:
-                pass
+            # Only use data that Werkzeug has already cached — never consume
+            # wsgi.input ourselves, as that would break user code that reads
+            # the stream directly.
+            # You can find where this gets set here:
+            # https://github.com/pallets/werkzeug/blob/1b00618e787f40dfb21eba29caf8f8be7c8e1d93/src/werkzeug/wrappers/request.py#L444
+            raw_data = getattr(request, "_cached_data", None)
+
+            parsed_body = None
+            if "form" in request.__dict__:
+                extractor = FlaskRequestExtractor(request)
+                parsed_body = extractor.parsed_body()
+            elif raw_data is not None:
+                extractor = FlaskRequestExtractor(request)
+                if extractor.is_json():
+                    parsed_body = extractor.json()
 
-            parsed_body = extractor.parsed_body()
             if parsed_body is not None:
                 data = parsed_body
             elif raw_data:

tests/integrations/flask/test_flask.py

@@ -1355,3 +1355,43 @@ def test_sensitive_header_scrubbing_span_streaming(sentry_init, capture_items, a
         == SENSITIVE_DATA_SUBSTITUTE
     )
     assert span["attributes"]["http.request.header.x-custom-header"] == "passthrough"
+
+
+def test_wsgi_input_direct_read_does_not_hang_span_streaming(
+    sentry_init, capture_items, app
+):
+    """
+    Regression test: reading wsgi.input directly must not hang when span streaming is enabled.
+    The SDK must not consume wsgi.input before user code runs.
+    """
+    sentry_init(
+        integrations=[flask_sentry.FlaskIntegration()],
+        traces_sample_rate=1.0,
+        _experiments={"trace_lifecycle": "stream"},
+        max_request_body_size="always",
+    )
+
+    @app.route("/raw-wsgi", methods=["POST"])
+    def raw_wsgi_endpoint():
+        content_length = int(request.environ.get("CONTENT_LENGTH", 0))
+        body = request.environ["wsgi.input"].read(content_length)
+        return {"size": len(body), "body": body.decode("utf-8", errors="replace")}
+
+    items = capture_items("span")
+
+    client = app.test_client()
+    response = client.post(
+        "/raw-wsgi", data=b"hello from test", content_type="text/plain"
+    )
+    assert response.status_code == 200
+    assert response.get_json()["body"] == "hello from test"
+
+    sentry_sdk.flush()
+
+    assert len(items) == 1
+    span = items[0].payload
+
+    # The SDK should not have captured the body since the user read wsgi.input
+    # directly (bypassing Werkzeug's cache). This is an acceptable trade-off
+    # vs. consuming the stream and causing user applications to hang.
+    assert "http.request.body.data" not in span.get("attributes", {})