fix(stacktrace): stop leaking internal frame state into event payload (#2962)

sl0thentr0py · claude · web-flow · commit af610cddc33a · 2026-06-01T17:51:31.000+02:00
Interface#to_h serializes every instance variable, so helper ivars stored on StacktraceInterface::Frame leaked into the event payload. The FilenameCache change (#2904) made this worse by serializing "#<Sentry::FilenameCache:0x...>" — a memory address that differs on every run — into every frame. Pass filename_cache/strip_backtrace_load_path through the constructor instead of storing them as ivars, so they never reach to_h. This also drops the pre-existing project_root/strip_backtrace_load_path leaks. All real frame fields are unchanged. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff --git a/sentry-ruby/lib/sentry/interfaces/stacktrace.rb b/sentry-ruby/lib/sentry/interfaces/stacktrace.rb
@@ -28,25 +28,18 @@ class Frame < Interface
                   :lineno, :module, :pre_context, :post_context, :vars
 
       def initialize(project_root, line, strip_backtrace_load_path = true, filename_cache: nil)
-        @strip_backtrace_load_path = strip_backtrace_load_path
-        @filename_cache = filename_cache
-
         @abs_path = line.file
         @function = line.method if line.method
         @lineno = line.number
         @in_app = line.in_app
         @module = line.module_name if line.module_name
-        @filename = compute_filename
+        @filename = filename_cache&.compute_filename(@abs_path, @in_app, strip_backtrace_load_path)
       end
 
       def to_s
         "#{@filename}:#{@lineno}"
       end
 
-      def compute_filename
-        @filename_cache&.compute_filename(abs_path, in_app, @strip_backtrace_load_path)
-      end
-
       def set_context(linecache, context_lines)
         return unless abs_path
 
diff --git a/sentry-ruby/spec/sentry/interfaces/stacktrace_spec.rb b/sentry-ruby/spec/sentry/interfaces/stacktrace_spec.rb
@@ -30,6 +30,13 @@
       expect(second_frame.lineno).to eq(5)
     end
 
+    it "does not leak internal state into the serialized frame payload" do
+      frame = Sentry::StacktraceInterface::Frame.new(configuration.project_root, lines.last, true, filename_cache: filename_cache)
+
+      expect(frame.to_h.keys).to contain_exactly(:abs_path, :function, :lineno, :in_app, :filename)
+      expect(frame.to_h).not_to include(:project_root, :strip_backtrace_load_path, :filename_cache)
+    end
+
     it "does not strip load path when strip_backtrace_load_path is false" do
       first_frame = Sentry::StacktraceInterface::Frame.new(configuration.project_root, lines.first, false, filename_cache: filename_cache)
       expect(first_frame.filename).to eq(first_frame.abs_path)
