fix(node): Handle stack traces with data URI filenames (#17218)

timfish · web-flow · commit 8c1149bb443c · 2025-07-31T06:58:07.000-04:00
- Ref #17216 Because JavaScript can dynamically load code from text like this: ```ts const {dynamicFn} = await import(`data:application/javascript, export function dynamicFn() { throw new Error('Error from data-uri module'); };`); dynamicFn(); ``` You can get slack lines like this: ``` at dynamicFn (data:application/javascript,export function dynamicFn() { throw new Error('Error from data-uri module');};:1:38) ``` These can be huge, often base64 encoded strings. Currently we skip regex parsing on anything over 1k in length but that means we ignore the frame entirely. This PR: - Changes the stack parser so that if the line is over 1k, we still pass the first 1k for parsing - Adds initial check to the Node line parser that special cases truncated lines with data URIs in them
diff --git a/packages/browser/test/tracekit/chromium.test.ts b/packages/browser/test/tracekit/chromium.test.ts
@@ -617,7 +617,7 @@ describe('Tracekit - Chrome Tests', () => {
     });
   });
 
-  it('should drop frames that are over 1kb', () => {
+  it('should truncate frames that are over 1kb', () => {
     const LONG_STR = 'A'.repeat(1040);
 
     const LONG_FRAME = {
@@ -637,6 +637,12 @@ describe('Tracekit - Chrome Tests', () => {
       stacktrace: {
         frames: [
           { filename: 'http://localhost:5000/', function: '?', lineno: 50, colno: 19, in_app: true },
+          {
+            filename:
+              'http://localhost:5000/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
+            function: 'Foo.testMethod',
+            in_app: true,
+          },
           { filename: 'http://localhost:5000/', function: 'aha', lineno: 39, colno: 5, in_app: true },
         ],
       },
diff --git a/packages/core/src/utils/node-stack-trace.ts b/packages/core/src/utils/node-stack-trace.ts
@@ -53,9 +53,18 @@ export function filenameIsInApp(filename: string, isNative: boolean = false): bo
 export function node(getModule?: GetModuleFn): StackLineParserFn {
   const FILENAME_MATCH = /^\s*[-]{4,}$/;
   const FULL_MATCH = /at (?:async )?(?:(.+?)\s+\()?(?:(.+):(\d+):(\d+)?|([^)]+))\)?/;
+  const DATA_URI_MATCH = /at (?:async )?(.+?) \(data:(.*?),/;
 
   // eslint-disable-next-line complexity
   return (line: string) => {
+    const dataUriMatch = line.match(DATA_URI_MATCH);
+    if (dataUriMatch) {
+      return {
+        filename: `<data:${dataUriMatch[2]}>`,
+        function: dataUriMatch[1],
+      };
+    }
+
     const lineMatch = line.match(FULL_MATCH);
 
     if (lineMatch) {
diff --git a/packages/core/src/utils/stacktrace.ts b/packages/core/src/utils/stacktrace.ts
@@ -23,13 +23,13 @@ export function createStackParser(...parsers: StackLineParser[]): StackParser {
     const lines = stack.split('\n');
 
     for (let i = skipFirstLines; i < lines.length; i++) {
-      const line = lines[i] as string;
-      // Ignore lines over 1kb as they are unlikely to be stack frames.
-      // Many of the regular expressions use backtracking which results in run time that increases exponentially with
-      // input size. Huge strings can result in hangs/Denial of Service:
+      let line = lines[i] as string;
+      // Truncate lines over 1kb because many of the regular expressions use
+      // backtracking which results in run time that increases exponentially
+      // with input size. Huge strings can result in hangs/Denial of Service:
       // https://github.com/getsentry/sentry-javascript/issues/2286
       if (line.length > 1024) {
-        continue;
+        line = line.slice(0, 1024);
       }
 
       // https://github.com/getsentry/sentry-javascript/issues/5459
diff --git a/packages/core/test/lib/utils/stacktrace.test.ts b/packages/core/test/lib/utils/stacktrace.test.ts
@@ -380,4 +380,16 @@ describe('node', () => {
 
     expect(node(input)).toEqual(expectedOutput);
   });
+
+  it('parses function name when filename is a data uri ', () => {
+    const input =
+      "at dynamicFn (data:application/javascript,export function dynamicFn() {  throw new Error('Error from data-uri module');};:1:38)";
+
+    const expectedOutput = {
+      function: 'dynamicFn',
+      filename: '<data:application/javascript>',
+    };
+
+    expect(node(input)).toEqual(expectedOutput);
+  });
 });
