detect dangerous/invalid chars in profiling directory name

lbloder · lbloder · commit 91e244d62d6c · 2025-09-30T15:18:56.000+02:00
diff --git a/sentry-async-profiler/src/main/java/io/sentry/asyncprofiler/profiling/JavaContinuousProfiler.java b/sentry-async-profiler/src/main/java/io/sentry/asyncprofiler/profiling/JavaContinuousProfiler.java
@@ -122,7 +122,7 @@ private boolean isInvalidDirectory() {
         logger.log(
             SentryLevel.WARNING,
             "Disabling profiling because traces directory path contains invalid character: %s",
-            filename);
+            invalidChar);
         return true;
       }
     }
diff --git a/sentry-async-profiler/src/test/java/io/sentry/asyncprofiler/profiling/JavaContinuousProfilerTest.kt b/sentry-async-profiler/src/test/java/io/sentry/asyncprofiler/profiling/JavaContinuousProfilerTest.kt
@@ -81,7 +81,7 @@ class JavaContinuousProfilerTest {
     // Profiler doesn't start if the folder doesn't exists.
     // Usually it's generated when calling Sentry.init, but for tests we can create it manually.
 
-    fixture.options.cacheDirPath = "."
+    fixture.options.cacheDirPath = "tmp"
     File(fixture.options.profilingTracesDirPath!!).mkdirs()
 
     Sentry.setCurrentScopes(fixture.scopes)
@@ -406,6 +406,21 @@ class JavaContinuousProfilerTest {
       .log(eq(SentryLevel.WARNING), eq("SDK is rate limited. Stopping profiler."))
   }
 
+  @Test
+  fun `profiler does not start when filename contains invalid characters`() {
+    val profiler = fixture.getSut { it.profilingTracesDirPath = "," }
+
+    profiler.startProfiler(ProfileLifecycle.MANUAL, fixture.mockTracesSampler)
+    assertFalse(profiler.isRunning)
+    assertEquals(SentryId.EMPTY_ID, profiler.profilerId)
+    verify(fixture.mockLogger)
+      .log(
+        eq(SentryLevel.WARNING),
+        eq("Disabling profiling because traces directory path contains invalid character: %s"),
+        eq(","),
+      )
+  }
+
   fun withMockScopes(closure: () -> Unit) =
     Mockito.mockStatic(Sentry::class.java).use {
       it.`when`<Any> { Sentry.getCurrentScopes() }.thenReturn(fixture.scopes)
diff --git a/sentry/src/test/java/io/sentry/profiling/ProfilingServiceLoaderTest.kt b/sentry/src/test/java/io/sentry/profiling/ProfilingServiceLoaderTest.kt
@@ -74,4 +74,8 @@ class ContinuousProfilerStub() : IContinuousProfiler {
   override fun getProfilerId(): SentryId {
     TODO("Not yet implemented")
   }
+
+  override fun getChunkId(): SentryId {
+    TODO("Not yet implemented")
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -122,7 +122,7 @@ private boolean isInvalidDirectory() {`
`122`	`122`	`logger.log(`
`123`	`123`	`SentryLevel.WARNING,`
`124`	`124`	`"Disabling profiling because traces directory path contains invalid character: %s",`
`125`		`- filename);`
	`125`	`+ invalidChar);`
`126`	`126`	`return true;`
`127`	`127`	`}`
`128`	`128`	`}`
Original file line number	Diff line number	Diff line change
`@@ -74,4 +74,8 @@ class ContinuousProfilerStub() : IContinuousProfiler {`
`74`	`74`	`override fun getProfilerId(): SentryId {`
`75`	`75`	`TODO("Not yet implemented")`
`76`	`76`	`}`
	`77`	`+`
	`78`	`+ override fun getChunkId(): SentryId {`
	`79`	`+ TODO("Not yet implemented")`
	`80`	`+ }`
`77`	`81`	`}`