fix(starlette): Stop duplicating scope["root_path"] in URLs#6579
3 issues
Medium
No tests covering the new `root_path_in_path` behavior in any of the changed test files
The PR description states tests were added for root_path handling in each ASGI integration, but none of the changed test files (test_asgi.py, test_fastapi.py, test_starlette.py) contain any tests exercising root_path or the EITHER/EXCLUDED enum paths. Have you considered adding at least one test that sets root_path in the ASGI scope and asserts the resulting URL is not duplicated?
New `root_path` deduplication logic in `_get_path()` has no test coverage - `sentry_sdk/integrations/asgi.py:122`
The PR adds a root_path_in_path parameter and a _RootPathInPath.EITHER branch in _get_path() (sentry_sdk/integrations/_asgi_common.py) to avoid duplicating scope["root_path"] in URLs. The branch performs non-trivial prefix detection (path.startswith(root_path + "/")) and the Starlette integration selects between EXCLUDED and EITHER based on the Starlette version (>= (0, 33)). Despite the PR description stating that tests were added to each ASGI integration, no test in the suite exercises this logic: there are zero references to root_path in any test file. The version-sensitive, prefix-detecting behavior is therefore regression-prone, with edge cases (e.g. root_path="/api", path="/api-docs") silently untested.
Also found at:
sentry_sdk/integrations/asgi.py:18sentry_sdk/integrations/starlette.py:457tests/integrations/starlette/test_starlette.py:1507
Low
EITHER mode produces double-slash URL when root_path is "/" - `sentry_sdk/integrations/_asgi_common.py:47-50`
In _get_path, when root_path_in_path is EITHER and scope["root_path"] is "/", the guard not root_path or path == root_path or path.startswith(root_path + "/") fails for normal paths: not "/" is False, "/api/users" == "/" is False, and "/api/users".startswith("//") is False. Execution falls through to return root_path + path, yielding "/" + "/api/users" = "//api/users". This produces a malformed URL/transaction name. The ASGI spec says root_path SHOULD NOT end with "/", so this only affects servers that misconfigure root_path as "/" instead of "".
Also found at:
sentry_sdk/integrations/asgi.py:411
4 skills analyzed
| Skill | Findings | Duration | Cost |
|---|---|---|---|
| security-review | 0 | 6.4s | $0.03 |
| code-review | 2 | 8m 26s | $4.98 |
| find-bugs | 1 | 19m 46s | $4.37 |
| skill-scanner | 0 | 10m 9s | $0.03 |
⏱ 38m 27s · 7.4M in / 272.5k out · $9.41