Merge branch 'priscila/chore/add-hit-tracker-columns-to-grouptombstone' into priscila/feat/add-logic-to-update-hit-counter-columns-in-grouptomstone

Author: priscilawebdev

devservices/config.yml

@@ -13,6 +13,13 @@ x-sentry-service-config:
         branch: master
         repo_link: https://github.com/getsentry/snuba.git
         mode: containerized
+    snuba-profiling:
+      description: Service that provides fast aggregation and query capabilities on top of Clickhouse that includes profiling consumers
+      remote:
+        repo_name: snuba
+        branch: master
+        repo_link: https://github.com/getsentry/snuba.git
+        mode: containerized-profiles
     relay:
       description: Service event forwarding and ingestion service
       remote:
@@ -131,7 +138,33 @@ x-sentry-service-config:
     rabbitmq: [postgres, snuba, rabbitmq, spotlight]
     symbolicator: [postgres, snuba, symbolicator, spotlight]
     memcached: [postgres, snuba, memcached, spotlight]
-    profiling: [postgres, snuba, vroom, spotlight]
+    crons:
+      [
+        postgres,
+        snuba,
+        relay,
+        spotlight,
+        ingest-monitors,
+        monitors-clock-tick,
+        monitors-clock-tasks,
+        monitors-incident-occurrences,
+        worker,
+      ]
+    profiling:
+      [
+        postgres,
+        snuba-profiling,
+        relay,
+        vroom,
+        spotlight,
+        ingest-events,
+        ingest-transactions,
+        ingest-profiles,
+        ingest-occurrences,
+        worker,
+        post-process-forwarder-errors,
+        post-process-forwarder-transactions,
+      ]
     ingest:
       [
         snuba,

eslint.config.mjs

@@ -862,6 +862,7 @@ export default typescript.config([
     name: 'files/sentry-stories',
     files: ['**/*.stories.tsx'],
     rules: {
+      'import/no-webpack-loader-syntax': 'off', // type loader requires webpack syntax
       'no-loss-of-precision': 'off', // Sometimes we have wild numbers hard-coded in stories
     },
   },
@@ -952,6 +953,10 @@ export default typescript.config([
     ...mdx.flat,
     name: 'files/mdx',
     files: ['**/*.mdx'],
+    rules: {
+      ...mdx.flat.rules,
+      'import/no-webpack-loader-syntax': 'off', // type loader requires webpack syntax
+    },
   },
   {
     name: 'plugin/boundaries',

fixtures/events/performance_problems/sql-injection/sql-injection-not-in-where-event.json

@@ -0,0 +1,158 @@
+{
+  "event_id": "5d6401994d7949d2ac3474f472564370",
+  "platform": "node",
+  "message": "",
+  "datetime": "2025-05-12T22:42:38.642986+00:00",
+  "breakdowns": {
+    "span_ops": {
+      "ops.db": {
+        "value": 65.715075,
+        "unit": "millisecond"
+      },
+      "total.time": {
+        "value": 67.105293,
+        "unit": "millisecond"
+      }
+    }
+  },
+  "request": {
+    "url": "http://localhost:3001/vulnerable-login",
+    "method": "GET",
+    "query_string": [["type", "account"]]
+  },
+  "spans": [
+    {
+      "timestamp": 1747089758.567536,
+      "start_timestamp": 1747089758.567,
+      "exclusive_time": 0.536203,
+      "op": "middleware.express",
+      "span_id": "4a06692f4abc8dbe",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "corsMiddleware",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "corsMiddleware",
+        "express.type": "middleware",
+        "sentry.op": "middleware.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "category": "middleware",
+        "op": "middleware.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "e6088cf8b370ed60"
+    },
+    {
+      "timestamp": 1747089758.568761,
+      "start_timestamp": 1747089758.568,
+      "exclusive_time": 0.761032,
+      "op": "middleware.express",
+      "span_id": "92553d2584d250b8",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "jsonParser",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "jsonParser",
+        "express.type": "middleware",
+        "sentry.op": "middleware.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "category": "middleware",
+        "op": "middleware.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "c81e963dad9ebc6c"
+    },
+    {
+      "timestamp": 1747089758.569093,
+      "start_timestamp": 1747089758.569,
+      "exclusive_time": 0.092983,
+      "op": "request_handler.express",
+      "span_id": "435146ab0909419d",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "/vulnerable-login",
+      "origin": "auto.http.otel.express",
+      "data": {
+        "express.name": "/vulnerable-login",
+        "express.type": "request_handler",
+        "http.route": "/vulnerable-login",
+        "sentry.op": "request_handler.express",
+        "sentry.origin": "auto.http.otel.express"
+      },
+      "sentry_tags": {
+        "user": "ip:::1",
+        "user.ip": "::1",
+        "environment": "production",
+        "transaction": "GET /vulnerable-login",
+        "transaction.method": "GET",
+        "transaction.op": "http.server",
+        "browser.name": "Chrome",
+        "sdk.name": "sentry.javascript.node",
+        "sdk.version": "9.17.0",
+        "platform": "node",
+        "os.name": "macOS",
+        "op": "request_handler.express",
+        "status": "ok",
+        "trace.status": "ok"
+      },
+      "hash": "872b0c84a6f1c590"
+    },
+    {
+      "timestamp": 1747089758.637715,
+      "start_timestamp": 1747089758.572,
+      "exclusive_time": 65.715075,
+      "op": "db",
+      "span_id": "4703181ac343f71a",
+      "parent_span_id": "91fa92ff0205967d",
+      "trace_id": "375a86eca09a4a4e91903838dd771f50",
+      "status": "ok",
+      "description": "SELECT \"company_account\".\"account\", \"company_account\".\"id\", \"company_account\".\"type\" FROM \"company_account\" WHERE \"company_account\".\"owner\" = ? ORDER BY \"company_account\".\"account\"",
+      "origin": "auto.db.otel.mysql2",
+      "data": {
+        "db.system": "mysql",
+        "db.connection_string": "jdbc:mysql://localhost:3306/injection_test",
+        "db.name": "injection_test",
+        "db.statement": "SELECT \"company_account\".\"account\", \"company_account\".\"id\", \"company_account\".\"type\" FROM \"company_account\" WHERE \"company_account\".\"owner\" = ? ORDER BY \"company_account\".\"account\"",
+        "db.user": "root",
+        "net.peer.name": "localhost",
+        "net.peer.port": 3306,
+        "otel.kind": "CLIENT",
+        "sentry.op": "db",
+        "sentry.origin": "auto.db.otel.mysql2"
+      },
+      "hash": "45330ba0cafa5997"
+    }
+  ]
+}

src/sentry/features/temporary.py

@@ -303,8 +303,6 @@ def register_temporary_features(manager: FeatureManager):
     manager.add("organizations:related-issues", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enable the release details performance section
     manager.add("organizations:release-comparison-performance", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
-    # Enable the new release bubbles UI on charts
-    manager.add("organizations:release-bubbles-ui", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enable replay AI summaries
     manager.add("organizations:replay-ai-summaries", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enable version 2 of reprocessing (completely distinct from v1)

src/sentry/middleware/reporting_endpoint.py

@@ -3,6 +3,8 @@
 from django.http.request import HttpRequest
 from django.http.response import HttpResponseBase
 
+from sentry import options
+
 
 class ReportingEndpointMiddleware:
     """
@@ -14,17 +16,16 @@ def __init__(self, get_response: Callable[[HttpRequest], HttpResponseBase]):
 
     def __call__(self, request: HttpRequest) -> HttpResponseBase:
         response = self.get_response(request)
-        return self.process_response(request, response)
-
-    def process_response(
-        self, request: HttpRequest, response: HttpResponseBase
-    ) -> HttpResponseBase:
-        # Check if the request has staff attribute and if staff is active
-        staff = getattr(request, "staff", None)
-        if staff and staff.is_active:
-            # This will enable crashes, intervention and deprecation warnings
-            # They always report to the default endpoint
-            response["Reporting-Endpoints"] = (
-                "default=https://sentry.my.sentry.io/api/0/reporting-api-experiment/"
-            )
+
+        try:
+            enabled = options.get("issues.browser_reporting.reporting_endpoints_header_enabled")
+            if enabled:
+                # This will enable crashes, intervention and deprecation warnings
+                # They always report to the default endpoint
+                response["Reporting-Endpoints"] = (
+                    "default=https://sentry.my.sentry.io/api/0/reporting-api-experiment/"
+                )
+        except Exception:
+            pass
+
         return response

src/sentry/migrations/0930_add_hit_counter_columns_to_grouptombstone.py

@@ -1,6 +1,6 @@
-# Generated by Django 5.2.1 on 2025-06-17 20:11
+# Generated by Django 5.2.1 on 2025-06-18 04:47
 
-import django.db.models.functions.datetime
+import django.utils.timezone
 from django.db import migrations, models
 
 import sentry.db.models.fields.bounded
@@ -30,15 +30,11 @@ class Migration(CheckedMigration):
         migrations.AddField(
             model_name="grouptombstone",
             name="last_seen",
-            field=models.DateTimeField(
-                db_default=django.db.models.functions.datetime.Now(), null=True
-            ),
+            field=models.DateTimeField(default=django.utils.timezone.now, null=True),
         ),
         migrations.AddField(
             model_name="grouptombstone",
             name="times_seen",
-            field=sentry.db.models.fields.bounded.BoundedPositiveIntegerField(
-                db_default=0, null=True
-            ),
+            field=sentry.db.models.fields.bounded.BoundedPositiveIntegerField(db_default=0),
         ),
     ]

src/sentry/models/grouptombstone.py

@@ -4,7 +4,6 @@
 from typing import Any
 
 from django.db import models
-from django.db.models.functions import Now
 from django.utils import timezone
 
 from sentry.backup.scopes import RelocationScope
@@ -40,8 +39,8 @@ class GroupTombstone(Model):
         blank=True, null=True
     )
     actor_id = BoundedPositiveIntegerField(null=True)
-    times_seen = BoundedPositiveIntegerField(db_default=0, null=True)
-    last_seen = models.DateTimeField(db_default=Now(), null=True)
+    times_seen = BoundedPositiveIntegerField(db_default=0)
+    last_seen = models.DateTimeField(default=timezone.now, null=True)
 
     class Meta:
         app_label = "sentry"

src/sentry/options/defaults.py

@@ -3467,6 +3467,15 @@
     flags=FLAG_ALLOW_EMPTY | FLAG_AUTOMATOR_MODIFIABLE,
 )
 
+# Enable adding the `Reporting-Endpoints` header, which will in turn enable the sending of Reporting
+# API reports from the browser (as long as it's Chrome).
+register(
+    "issues.browser_reporting.reporting_endpoints_header_enabled",
+    type=Bool,
+    default=False,
+    flags=FLAG_AUTOMATOR_MODIFIABLE,
+)
+
 # Enable the collection of Reporting API reports via the `/api/0/reporting-api-experiment/`
 # endpoint. When this is false, the endpoint will just 404.
 register(

src/sentry/performance_issues/detectors/sql_injection_detector.py

@@ -119,13 +119,21 @@ def visit_span(self, span: Span) -> None:
         spans_involved = [span["span_id"]]
         vulnerable_parameters = []
 
+        if "WHERE" not in description.upper():
+            return
+
         for parameter in self.request_parameters:
             value = parameter[1]
             key = parameter[0]
-            if re.search(rf'(?<![\w.])"?{re.escape(key)}"?(?![\w."])', description) and re.search(
-                rf'(?<![\w.])"?{re.escape(value)}"?(?![\w."])', description
+            regex_key = rf'(?<![\w.$])"?{re.escape(key)}"?(?![\w.$"])'
+            regex_value = rf'(?<![\w.$])"?{re.escape(value)}"?(?![\w.$"])'
+            where_index = description.upper().find("WHERE")
+            if re.search(regex_key, description[where_index:]) and re.search(
+                regex_value, description[where_index:]
             ):
-                description = description.replace(value, "?")
+                description = description[:where_index] + re.sub(
+                    regex_value, "?", description[where_index:]
+                )
                 vulnerable_parameters.append(key)
 
         if len(vulnerable_parameters) == 0:

src/sentry/uptime/detectors/result_handler.py

@@ -91,6 +91,7 @@ def handle_onboarding_result(
                 project_subscription,
                 interval_seconds=int(AUTO_DETECTED_ACTIVE_SUBSCRIPTION_INTERVAL.total_seconds()),
                 mode=ProjectUptimeSubscriptionMode.AUTO_DETECTED_ACTIVE,
+                ensure_assignment=True,
             )
             create_system_audit_entry(
                 organization=detector.project.organization,

src/sentry/uptime/subscriptions/subscriptions.py

@@ -282,6 +282,7 @@ def update_project_uptime_subscription(
     trace_sampling: bool | NotSet = NOT_SET,
     status: int = ObjectStatus.ACTIVE,
     mode: ProjectUptimeSubscriptionMode = ProjectUptimeSubscriptionMode.MANUAL,
+    ensure_assignment: bool = False,
 ):
     """
     Links a project to an uptime subscription so that it can process results.
@@ -344,7 +345,7 @@ def update_project_uptime_subscription(
                 case ObjectStatus.DISABLED:
                     disable_uptime_detector(detector)
                 case ObjectStatus.ACTIVE:
-                    enable_uptime_detector(detector)
+                    enable_uptime_detector(detector, ensure_assignment=ensure_assignment)
 
     # ProjectUptimeSubscription may have been updated as part of
     # {enable,disable}_uptime_detector

src/sentry/workflow_engine/endpoints/validators/base/detector.py

@@ -104,6 +104,7 @@ def create(self, validated_data):
                 workflow_condition_group=condition_group,
                 type=validated_data["type"].slug,
                 config=validated_data.get("config", {}),
+                created_by_id=self.context["request"].user.id,
             )
             DataSourceDetector.objects.create(data_source=detector_data_source, detector=detector)