traceo-sdk-browser. Bug in BrowserClient.handleOnUnhandledRejectionEvent

[AlexeyBarsuk]

The handleOnUnhandledRejectionEvent of BrowserClient contains the code below

const reason = data.event.reason;
....
let stack = "";
if ("stack" in reason) {
  stack = reason.stack;
} else {
  stack = reason.toString();
}

It is said in documentation that PromiseRejectionEvent property "reason" can be either Object or some other value. In case "reason" is not Object, the error is ocured.

In order to quick fix this issue there is a way to change the condition

if ("stack" in reason)

to

if (typeof reason == "object" && "stack" in reason)

Sorry, have no ability to make PR :(

[AlexeyBarsuk]

This leads to empty stack is sent to Traceo server. After that the incidents page stops working correct (some errors happens in frontend, and nothing is shown on page). This can be worked around by adding dummy Trace object. I will not post the code here, because all this is ugly.

Moreover if not to fix this bug BrowserIncidentType.name with single quote is sent to Traceo server. And it also leads to problems with traceo server, because this single quote is used in SQL query in getIncedent method, and becomes the part this query for Traceo 1.2.5 release

This problem is fixed in this issue in developer branch, however the latest release 1.2.5 has this bug. I think in some cases this bug can be used for sql injection to server.

So, developers, please fix these things. Sorry for this, a little bit of emotions drives me.