feat(chalice): Add span streaming support to Chalice integration#6503
2 issues
find-bugs: Found 2 issues (1 medium, 1 low)
Medium
Streaming attribute-setting code in Chalice view wrapper not guarded by capture_internal_exceptions() - `sentry_sdk/integrations/chalice.py:83-109`
In _get_view_function_response's wrapped_view_function, the span-streaming setup block (the if has_span_streaming_enabled(...) branch, lines 81–110) runs outside capture_internal_exceptions(), which only wraps the configured_time and scope.add_event_processor calls (lines 71–78). Any SDK-internal exception raised while building header attributes (_filter_headers), accessing current_span._segment, or calling segment.set_attributes(attributes) will propagate out of the wrapped view function and crash the user's Chalice request. The else branch's scope.set_transaction_name(...) (line 130) is likewise unprotected; in the pre-change code the transaction-name setup was inside capture_internal_exceptions(). For example, if request_dict.get('headers', {}) returns None (key present with a None value), _filter_headers(headers, ...).items() raises AttributeError with no SDK guard to suppress it.
Low
ChaliceViewError raised in streaming path leaves segment status as 'ok' - `tests/integrations/chalice/test_chalice.py:231-261`
In the span-streaming branch of _get_view_function_response, the exception handler re-raises any ChaliceViewError before setting segment.status = SpanStatus.ERROR.value. ChaliceViewError is the base class for all explicit Chalice HTTP error responses, including 5xx variants like InternalServerError. When such an error is raised and an active segment exists (owned by the AWS Lambda integration), the segment is reported with status='ok' even though the request resulted in a server error. The accompanying test (test_span_streaming_existing_span_error) only exercises a plain Exception, which does take the status-setting path, so this branch is untested.
⏱ 11m 10s · 948.2k in / 74.6k out · $2.03
Annotations
Check warning on line 109 in sentry_sdk/integrations/chalice.py
sentry-warden / warden: find-bugs
Streaming attribute-setting code in Chalice view wrapper not guarded by capture_internal_exceptions()
In `_get_view_function_response`'s `wrapped_view_function`, the span-streaming setup block (the `if has_span_streaming_enabled(...)` branch, lines 81–110) runs outside `capture_internal_exceptions()`, which only wraps the `configured_time` and `scope.add_event_processor` calls (lines 71–78). Any SDK-internal exception raised while building header attributes (`_filter_headers`), accessing `current_span._segment`, or calling `segment.set_attributes(attributes)` will propagate out of the wrapped view function and crash the user's Chalice request. The `else` branch's `scope.set_transaction_name(...)` (line 130) is likewise unprotected; in the pre-change code the transaction-name setup was inside `capture_internal_exceptions()`. For example, if `request_dict.get('headers', {})` returns `None` (key present with a `None` value), `_filter_headers(headers, ...).items()` raises `AttributeError` with no SDK guard to suppress it.