Rate limiting / suppressing duplicate exceptions

1

Right now I just 1800 identical exceptions from one user on one webpage. The offending script is perhaps some browser malware/plugin or something on Windows: https://pstatic.eshopcomp.com/nwp/v0_0_1116/release/Shared/App/SharedApp.js?t=0

The raw exception looks like:

TypeError: Unable to get property '1' of undefined or null reference
at r.getMainDomain(/nwp/v0_0_1116/release/Shared/App/SharedApp.js:5:28813)
at Anonymous function(/nwp/v0_0_1116/release/Shared/App/SharedApp.js:5:28544)
at o(~/raven-js/src/raven.js?ae06*:286:0)

Question 1: Without knowing the exact errors in advance, is there any way to always rate limit this type of thing? Nobody needs 1800 identical exceptions from the same page.

Question 2: Now that I know it, what is the correct way to uniquely identify this error for ignoring in future? The message “Unable to get property ‘1’ of undefined or null reference” could possibly come from a legitimate source too. And v0_0_1116 seems release-specific, so might change regularly.

2

Agreed on #1: we want to ensure you can get identical exceptions from different perspectives (e.g. other users), but one session spamming isn’t useful.

Today we dont provide a good solution to that beyond some simplistic automatic stuff in the SDK. There is the possibility to control it yourself with the shouldSendCallback, but that may or may not help you.

Regarding the grouping mechanism, we have some detection for this, but it’s going to be tricky. The issue is people all version things differently, and our checks are restricted to things that look like git shas or timestamps. You could augment it on the client side, by either providing signatures (via dataCallback) or by normalizing the filenames (using the same method). This is something that we’d like to provide a better UX around, but it’s a bit complex in how we’d actually solve the problem.

3

I just noticed this issue on GitHub: https://github.com/getsentry/raven-js/issues/435

(by the way, I assume you prefer these types of discussion/how-to issues being raised on the forum?)

The example there is this:

var RavenLimiter = {};

Raven.config('#####', {
    shouldSendCallback: function(data) {

        if ( data.message in RavenLimiter ) {
            return false;
        }

        RavenLimiter[data.message] = true;

        setTimeout(function() {
            delete RavenLimiter[data.message];
        }, 5000);

        return true;

    }
}).install();

My understanding of that is that it will prevent the same err.message being thrown more than once every 5 seconds. Is this still recommended as the best way to achieve this?

When I look at the raw JSON for one event from this case, I see: "message":"TypeError Unable to get property '1' of undefined or null reference" so this seems like it would have achieved the goal of greatly reducing the duplicate errors from this particular user. The chance of false positives for other users would seem to be low.

4

It’s possible to filter and ignore this particular exception. I received thousands of events of the same malware script.