Skip to content

fix: gracefully handle missing regions endpoint on self-hosted Sentry #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 9, 2025
Merged

fix: gracefully handle missing regions endpoint on self-hosted Sentry #367

merged 1 commit into from
Jul 9, 2025

Conversation

dcramer
Copy link
Member

@dcramer dcramer commented Jul 9, 2025

Fixes MCP-SERVER-E9M by implementing graceful fallback when the /users/me/regions/ endpoint returns 404 on self-hosted Sentry instances.

Changes:

  • Add isSaas() method to check if host is sentry.io
  • Update listOrganizations() to skip regions endpoint for self-hosted
  • Add fallback to direct organizations endpoint when regions fails
  • Update getIssueUrl() and getTraceUrl() to use isSaas()

This ensures compatibility with older self-hosted Sentry versions that don't have the regions endpoint while maintaining full multi-region support for Sentry SaaS users.

🤖 Generated with Claude Code

@dcramer @claude
fix: gracefully handle missing regions endpoint on self-hosted Sentry
64b172d 
Fixes MCP-SERVER-E9M by implementing graceful fallback when the /users/me/regions/
endpoint returns 404 on self-hosted Sentry instances.

Changes:
- Add isSaas() method to check if host is sentry.io
- Update listOrganizations() to skip regions endpoint for self-hosted
- Add fallback to direct organizations endpoint when regions fails
- Update getIssueUrl() and getTraceUrl() to use isSaas()

This ensures compatibility with older self-hosted Sentry versions that don't
have the regions endpoint while maintaining full multi-region support for
Sentry SaaS users.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 9, 2025
View reviewed changes
packages/mcp-server/src/api-client/client.test.ts
json: () => Promise.resolve(mockRegionsResponse),
});
}
if (url.includes("us.sentry.io")) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
us.sentry.io
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 days ago

To fix the issue, the code should parse the URL and validate its host explicitly instead of using a substring check. This ensures that the host is exactly what is expected and not part of a larger, malicious URL. The URL class in JavaScript can be used to parse the URL and extract its host for comparison.

The changes will involve replacing the url.includes("us.sentry.io") and similar checks with a comparison of the parsed host against the expected value ("us.sentry.io" or "eu.sentry.io"). This ensures that only URLs with the exact host are accepted.

Suggested changeset 1
packages/mcp-server/src/api-client/client.test.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/mcp-server/src/api-client/client.test.ts b/packages/mcp-server/src/api-client/client.test.ts
--- a/packages/mcp-server/src/api-client/client.test.ts
+++ b/packages/mcp-server/src/api-client/client.test.ts
@@ -232,3 +232,4 @@
       }
-      if (url.includes("us.sentry.io")) {
+      const parsedUrl = new URL(url);
+      if (parsedUrl.host === "us.sentry.io") {
         return Promise.resolve({
@@ -238,3 +239,3 @@
       }
-      if (url.includes("eu.sentry.io")) {
+      if (parsedUrl.host === "eu.sentry.io") {
         return Promise.resolve({
EOF
@@ -232,3 +232,4 @@
}
if (url.includes("us.sentry.io")) {
const parsedUrl = new URL(url);
if (parsedUrl.host === "us.sentry.io") {
return Promise.resolve({
@@ -238,3 +239,3 @@
}
if (url.includes("eu.sentry.io")) {
if (parsedUrl.host === "eu.sentry.io") {
return Promise.resolve({
Copilot is powered by AI and may make mistakes. Always verify output.
packages/mcp-server/src/api-client/client.test.ts
json: () => Promise.resolve(mockOrgsUs),
});
}
if (url.includes("eu.sentry.io")) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
eu.sentry.io
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Copilot Autofix

AI 5 days ago

To fix the issue, replace the substring check (url.includes) with a more robust method that parses the URL and explicitly checks the host. This ensures that only URLs with the exact expected host are matched. The URL constructor in JavaScript can be used to parse the URL and extract its host property for comparison.

The changes will be made in the mocked fetch implementation, specifically in the conditions that check for us.sentry.io and eu.sentry.io.

Suggested changeset 1
packages/mcp-server/src/api-client/client.test.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/mcp-server/src/api-client/client.test.ts b/packages/mcp-server/src/api-client/client.test.ts
--- a/packages/mcp-server/src/api-client/client.test.ts
+++ b/packages/mcp-server/src/api-client/client.test.ts
@@ -232,3 +232,4 @@
       }
-      if (url.includes("us.sentry.io")) {
+      const parsedUrl = new URL(url);
+      if (parsedUrl.host === "us.sentry.io") {
         return Promise.resolve({
@@ -238,3 +239,3 @@
       }
-      if (url.includes("eu.sentry.io")) {
+      if (parsedUrl.host === "eu.sentry.io") {
         return Promise.resolve({
EOF
@@ -232,3 +232,4 @@
}
if (url.includes("us.sentry.io")) {
const parsedUrl = new URL(url);
if (parsedUrl.host === "us.sentry.io") {
return Promise.resolve({
@@ -238,3 +239,3 @@
}
if (url.includes("eu.sentry.io")) {
if (parsedUrl.host === "eu.sentry.io") {
return Promise.resolve({
Copilot is powered by AI and may make mistakes. Always verify output.
@codecov Codecov
Copy link

codecov bot commented Jul 9, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 94.44444% with 2 lines in your changes missing coverage. Please review.

Project coverage is 60.19%. Comparing base (205ccd5) to head (64b172d).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
packages/mcp-server/src/api-client/client.ts 94.44% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #367      +/-   ##
==========================================
+ Coverage   60.10%   60.19%   +0.08%     
==========================================
  Files          77       77              
  Lines        6715     6730      +15     
  Branches      532      539       +7     
==========================================
+ Hits         4036     4051      +15     
  Misses       2679     2679
Flag Coverage Δ
unittests 60.19% <94.44%> (+0.08%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dcramer dcramer merged commit 5cf76f4 into main Jul 9, 2025
12 of 13 checks passed
@dcramer dcramer deleted the handle-no-regions branch July 9, 2025 18:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dcramer