fix(core): Wrap decodeURI in node stack trace parser to handle malformed URIs

[Lms24]

This PR wraps decodeURI in node-stack-trace.ts with a try/catch so that malformed URIs (e.g. filenames containing % sequences that are not valid percent-encoding) no longer throw a URIError and crash the SDK. The raw filename is returned as a fallback. In addition, we only call getModule if we successfully decode the filename, since in getModule implementations, we also again attempt to decode filenames.

Since we don't have a concrete filename in #19391 which we can reproduce this, this is rather a "best effort" fix. But I think it's worth having this either way.

Closes #19391

[andreiborza]

LGTM

[github-actions]

Codecov Results 📊

✅ 1698 passed | Total: 1698 | Pass Rate: 100% | Execution Time: 1m 7s

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 7307 uncovered lines.

Files with missing lines (208)

File	Patch %	Lines
worker.js	0.00%	⚠️ 924 Missing
utils.ts	19.42%	⚠️ 415 Missing
instrumentation.tsx	58.47%	⚠️ 380 Missing and 4 partials
browserMetrics.ts	39.75%	⚠️ 294 Missing and 1 partials
ScreenshotEditor.tsx	0.00%	⚠️ 261 Missing
httpclient.ts	2.37%	⚠️ 247 Missing
UIProfiler.ts	8.71%	⚠️ 241 Missing
Form.tsx	0.00%	⚠️ 196 Missing
request.ts	32.65%	⚠️ 165 Missing
breadcrumbs.ts	36.33%	⚠️ 163 Missing
dom.ts	8.21%	⚠️ 123 Missing
replay.ts	84.96%	⚠️ 108 Missing and 1 partials
integration.ts	7.89%	⚠️ 105 Missing
globalhandlers.ts	29.37%	⚠️ 101 Missing
xhr.ts	7.48%	⚠️ 99 Missing
tanstackrouter.ts	0.00%	⚠️ 94 Missing
tanstackrouter.ts	0.00%	⚠️ 94 Missing
tanstackrouter.ts	3.13%	⚠️ 93 Missing
browserTracingIntegration.ts	78.42%	⚠️ 90 Missing and 2 partials
integration.ts	63.49%	⚠️ 92 Missing
integration.tsx	0.00%	⚠️ 90 Missing
inp.ts	48.70%	⚠️ 79 Missing and 5 partials
instrument.ts	46.10%	⚠️ 83 Missing
startProfileForSpan.ts	5.81%	⚠️ 81 Missing
pinia.ts	11.11%	⚠️ 80 Missing
index.ts	48.85%	⚠️ 67 Missing and 13 partials
graphqlClient.ts	49.32%	⚠️ 74 Missing
createPerformanceEntries.ts	57.74%	⚠️ 71 Missing
browserapierrors.ts	64.43%	⚠️ 69 Missing
index.ts	48.85%	⚠️ 67 Missing
shim-preact-export.js	0.00%	⚠️ 63 Missing
lcp.ts	9.68%	⚠️ 56 Missing
Dialog.tsx	0.00%	⚠️ 52 Missing
spotlight.ts	12.07%	⚠️ 51 Missing
eventbuilder.ts	81.03%	⚠️ 48 Missing and 2 partials
webWorker.ts	64.71%	⚠️ 48 Missing and 2 partials
InteractionManager.ts	15.52%	⚠️ 49 Missing
useTakeScreenshot.tsx	0.00%	⚠️ 48 Missing
registry.ts	18.18%	⚠️ 45 Missing and 2 partials
handleClick.ts	80.27%	⚠️ 44 Missing and 1 partials
registry.ts	18.18%	⚠️ 45 Missing
getNativeImplementation.ts	0.00%	⚠️ 44 Missing
utils.ts	66.93%	⚠️ 42 Missing
getLCP.ts	23.64%	⚠️ 42 Missing
SuccessIcon.ts	0.00%	⚠️ 41 Missing
handleMessage.ts	0.00%	⚠️ 40 Missing
getVisibilityWatcher.ts	17.39%	⚠️ 38 Missing
integration.ts	0.00%	⚠️ 35 Missing
contextlines.ts	35.29%	⚠️ 33 Missing
integration.ts	86.69%	⚠️ 33 Missing
getINP.ts	31.91%	⚠️ 32 Missing
Toolbar.tsx	0.00%	⚠️ 32 Missing
handleDom.ts	62.35%	⚠️ 32 Missing
components.ts	49.21%	⚠️ 32 Missing
patchWebAssembly.ts	5.88%	⚠️ 32 Missing
patchWebAssembly.ts	5.88%	⚠️ 32 Missing
linkedTraces.ts	77.42%	⚠️ 28 Missing and 1 partials
bindReporter.ts	6.45%	⚠️ 29 Missing
integration.ts	15.15%	⚠️ 28 Missing
getCLS.ts	28.21%	⚠️ 28 Missing
handleHistory.ts	12.90%	⚠️ 27 Missing
index.ts	18.75%	⚠️ 26 Missing
networkUtils.ts	61.67%	⚠️ 23 Missing
addFeedbackBreadcrumb.ts	8.00%	⚠️ 23 Missing
onFCP.ts	26.67%	⚠️ 22 Missing
initMetric.ts	18.52%	⚠️ 22 Missing
IconClose.tsx	0.00%	⚠️ 22 Missing
xhrUtils.ts	85.29%	⚠️ 20 Missing and 2 partials
mute.js	79.10%	⚠️ 14 Missing and 7 partials
utils.ts	19.23%	⚠️ 21 Missing
preprocessors.ts	100.00%	⚠️ 21 partials
LayoutShiftManager.ts	13.04%	⚠️ 20 Missing
solidrouter.ts	96.10%	⚠️ 3 Missing and 17 partials
onTTFB.ts	32.14%	⚠️ 19 Missing
Dialog.css.ts	0.00%	⚠️ 19 Missing
DialogHeader.tsx	0.00%	⚠️ 19 Missing
SentryLogo.ts	0.00%	⚠️ 19 Missing
utils.ts	92.27%	⚠️ 15 Missing and 4 partials
fetchUtils.ts	90.78%	⚠️ 19 Missing
browserTracingIntegration.ts	13.64%	⚠️ 19 Missing
cls.ts	69.49%	⚠️ 18 Missing
canvas.ts	90.36%	⚠️ 8 Missing and 10 partials
performance.ts	87.50%	⚠️ 7 Missing and 11 partials
integration.ts	15.00%	⚠️ 17 Missing
backgroundtab.ts	39.29%	⚠️ 17 Missing
interactionCountPolyfill.ts	32.00%	⚠️ 17 Missing
ScreenshotInput.css.ts	0.00%	⚠️ 16 Missing
mergeOptions.ts	63.41%	⚠️ 15 Missing
reactrouter.tsx	90.96%	⚠️ 15 Missing
networkUtils.ts	91.89%	⚠️ 15 Missing
whenIdleOrHidden.ts	22.22%	⚠️ 14 Missing
reactrouterv7.tsx	30.00%	⚠️ 14 Missing
EventBufferProxy.ts	81.33%	⚠️ 14 Missing
helpers.ts	86.73%	⚠️ 13 Missing
integration.ts	31.58%	⚠️ 13 Missing
integration.ts	23.53%	⚠️ 13 Missing
offline.ts	87.62%	⚠️ 13 Missing
TestClient.ts	60.61%	⚠️ 13 Missing
validate.ts	0.00%	⚠️ 13 Missing
WorkerHandler.ts	81.43%	⚠️ 13 Missing
history.ts	75.51%	⚠️ 12 Missing
browsersession.ts	69.44%	⚠️ 11 Missing
types.ts	0.00%	⚠️ 11 Missing
isScreenshotSupported.ts	15.38%	⚠️ 11 Missing
config.ts	100.00%	⚠️ 11 partials
index.ts	0.00%	⚠️ 10 Missing
handleKeyboardEvent.ts	76.74%	⚠️ 10 Missing
addGlobalListeners.ts	79.59%	⚠️ 10 Missing
rrweb.ts	9.09%	⚠️ 10 Missing
sdk.ts	84.21%	⚠️ 9 Missing
initUnique.ts	18.18%	⚠️ 9 Missing
observe.ts	52.63%	⚠️ 9 Missing
canvas.ts	90.36%	⚠️ 8 Missing and 1 partials
vitest.config.ts	0.00%	⚠️ 9 Missing
report-dialog.ts	82.98%	⚠️ 8 Missing
lazyLoadIntegration.ts	89.19%	⚠️ 8 Missing
globalListeners.ts	27.27%	⚠️ 8 Missing
onHidden.ts	27.27%	⚠️ 8 Missing
runOnce.ts	11.11%	⚠️ 8 Missing
sendFeedback.ts	82.61%	⚠️ 8 Missing
onWindowOpen.ts	72.41%	⚠️ 8 Missing
_worker.ts	0.00%	⚠️ 8 Missing
EventBufferCompressionWorker.ts	88.71%	⚠️ 7 Missing
performance.ts	87.50%	⚠️ 7 Missing
types.ts	0.00%	⚠️ 6 Missing
whenActivated.ts	25.00%	⚠️ 6 Missing
reactrouterv3.ts	93.94%	⚠️ 6 Missing
addNetworkBreadcrumb.ts	70.00%	⚠️ 6 Missing
index.ts	85.00%	⚠️ 6 Missing
prepareRecordingData.ts	66.67%	⚠️ 6 Missing
stack-parsers.ts	95.54%	⚠️ 5 Missing
index.ts	0.00%	⚠️ 5 Missing
errorboundary.tsx	95.73%	⚠️ 5 Missing
handleBreadcrumbs.ts	93.98%	⚠️ 5 Missing
handleGlobalEvent.ts	90.57%	⚠️ 5 Missing
resetReplayIdOnDynamicSamplingContext.ts	58.33%	⚠️ 5 Missing
sendReplayRequest.ts	94.05%	⚠️ 5 Missing
index.ts	0.00%	⚠️ 5 Missing
solidrouter.ts	96.10%	⚠️ 3 Missing and 2 partials
tanstackrouter.ts	96.88%	⚠️ 3 Missing and 2 partials
culturecontext.ts	88.24%	⚠️ 4 Missing
Actor.ts	88.24%	⚠️ 4 Missing
lazy-routes.tsx	96.30%	⚠️ 4 Missing
handleBeforeSendEvent.ts	87.50%	⚠️ 4 Missing
performanceObserver.ts	83.33%	⚠️ 4 Missing
logger.ts	94.03%	⚠️ 4 Missing
Compressor.ts	92.16%	⚠️ 4 Missing
errorboundary.ts	100.00%	⚠️ 4 partials
index.feedback.ts	0.00%	⚠️ 3 Missing
getActivationStart.ts	40.00%	⚠️ 3 Missing
createMainStyles.ts	95.08%	⚠️ 3 Missing
reactrouterv6.tsx	85.00%	⚠️ 3 Missing
handleNetworkBreadcrumbs.ts	95.16%	⚠️ 3 Missing
clearSession.ts	80.00%	⚠️ 3 Missing
saveSession.ts	72.73%	⚠️ 3 Missing
maskAttribute.ts	86.36%	⚠️ 3 Missing
sendReplay.ts	93.88%	⚠️ 3 Missing
tracing.ts	97.03%	⚠️ 3 Missing
client.ts	98.63%	⚠️ 1 Missing and 1 partials
httpcontext.ts	90.91%	⚠️ 2 Missing
resourceTiming.ts	100.00%	⚠️ 2 partials
LCPEntryManager.ts	60.00%	⚠️ 2 Missing
generateUniqueID.ts	33.33%	⚠️ 2 Missing
Actor.css.ts	77.78%	⚠️ 2 Missing
route-manifest.ts	98.17%	⚠️ 2 Missing
index.ts	0.00%	⚠️ 2 Missing
handleAfterSendEvent.ts	95.45%	⚠️ 2 Missing
addBreadcrumbEvent.ts	91.30%	⚠️ 2 Missing
domUtils.ts	90.48%	⚠️ 2 Missing
getAttributesToRecord.ts	93.33%	⚠️ 2 Missing
shouldSampleForBufferEvent.ts	85.71%	⚠️ 2 Missing
fetchSession.ts	90.48%	⚠️ 2 Missing
hasSessionStorage.ts	75.00%	⚠️ 2 Missing
isSampled.ts	66.67%	⚠️ 2 Missing
shouldFilterRequest.ts	75.00%	⚠️ 2 Missing
worker.min.js	0.00%	⚠️ 2 Missing
integration.ts	96.55%	⚠️ 2 Missing
router.ts	97.14%	⚠️ 2 Missing
etoa.js	100.00%	⚠️ 1 partials
browserprofiling.ts	0.00%	⚠️ 1 Missing
index.captureconsole.ts	0.00%	⚠️ 1 Missing
index.createlangchaincallbackhandler.ts	0.00%	⚠️ 1 Missing
index.dedupe.ts	0.00%	⚠️ 1 Missing
index.extraerrordata.ts	0.00%	⚠️ 1 Missing
index.graphqlclient.ts	0.00%	⚠️ 1 Missing
index.instrumentanthropicaiclient.ts	0.00%	⚠️ 1 Missing
index.instrumentgooglegenaiclient.ts	0.00%	⚠️ 1 Missing
index.instrumentlanggraph.ts	0.00%	⚠️ 1 Missing
index.instrumentopenaiclient.ts	0.00%	⚠️ 1 Missing
index.modulemetadata.ts	0.00%	⚠️ 1 Missing
index.rewriteframes.ts	0.00%	⚠️ 1 Missing
index.spotlight.ts	0.00%	⚠️ 1 Missing
integration.ts	66.67%	⚠️ 1 Missing
index.multiplexedtransport.ts	0.00%	⚠️ 1 Missing
elementTiming.ts	98.44%	⚠️ 1 Missing
getNavigationEntry.ts	90.00%	⚠️ 1 Missing
hoist-non-react-statics.ts	98.94%	⚠️ 1 Missing
redux.ts	100.00%	⚠️ 1 partials
index.ts	0.00%	⚠️ 1 Missing
index.ts	0.00%	⚠️ 1 Missing
worker-bundler.ts	0.00%	⚠️ 1 Missing
getRecordingSamplingOptions.ts	100.00%	⚠️ 1 partials
prepareReplayEvent.ts	97.44%	⚠️ 1 Missing
worker.ts	0.00%	⚠️ 1 Missing
debug-build.ts	0.00%	⚠️ 1 Missing
sdk.ts	100.00%	⚠️ 1 partials
debug-build.ts	0.00%	⚠️ 1 Missing
sdk.ts	100.00%	⚠️ 1 partials

---

Generated by Codecov Action

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	25.61 kB	-	-
@sentry/browser - with treeshaking flags	24.12 kB	-	-
@sentry/browser (incl. Tracing)	42.42 kB	-	-
@sentry/browser (incl. Tracing, Profiling)	47.08 kB	-	-
@sentry/browser (incl. Tracing, Replay)	81.24 kB	-	-
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	70.86 kB	-	-
@sentry/browser (incl. Tracing, Replay with Canvas)	85.93 kB	-	-
@sentry/browser (incl. Tracing, Replay, Feedback)	98.09 kB	-	-
@sentry/browser (incl. Feedback)	42.33 kB	-	-
@sentry/browser (incl. sendFeedback)	30.28 kB	-	-
@sentry/browser (incl. FeedbackAsync)	35.28 kB	-	-
@sentry/browser (incl. Metrics)	26.78 kB	-	-
@sentry/browser (incl. Logs)	26.92 kB	-	-
@sentry/browser (incl. Metrics & Logs)	27.6 kB	-	-
@sentry/react	27.37 kB	-	-
@sentry/react (incl. Tracing)	44.76 kB	-	-
@sentry/vue	30.06 kB	-	-
@sentry/vue (incl. Tracing)	44.26 kB	-	-
@sentry/svelte	25.64 kB	-	-
CDN Bundle	28.16 kB	-	-
CDN Bundle (incl. Tracing)	43.25 kB	-	-
CDN Bundle (incl. Logs, Metrics)	29 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics)	44.09 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics)	68.08 kB	-	-
CDN Bundle (incl. Tracing, Replay)	80.12 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	80.99 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback)	85.56 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	86.46 kB	-	-
CDN Bundle - uncompressed	82.33 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	128.05 kB	-	-
CDN Bundle (incl. Logs, Metrics) - uncompressed	85.17 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	130.88 kB	-	-
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	208.83 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	244.93 kB	-	-
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	247.75 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	257.73 kB	-	-
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	260.54 kB	-	-
@sentry/nextjs (client)	47.17 kB	-	-
@sentry/sveltekit (client)	42.88 kB	-	-
@sentry/node-core	52.18 kB	+0.05%	+23 B 🔺
@sentry/node	166.54 kB	+0.02%	+19 B 🔺
@sentry/node - without tracing	93.97 kB	+0.04%	+30 B 🔺
@sentry/aws-serverless	109.47 kB	+0.03%	+25 B 🔺

View base workflow run

[github-actions]

node-overhead report 🧳

Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.

Scenario	Requests/s	% of Baseline	Prev. Requests/s	Change %
GET Baseline	9,217	-	9,139	+1%
GET With Sentry	1,715	19%	1,669	+3%
GET With Sentry (error only)	6,227	68%	6,053	+3%
POST Baseline	1,209	-	1,186	+2%
POST With Sentry	601	50%	574	+5%
POST With Sentry (error only)	1,056	87%	1,031	+2%
MYSQL Baseline	3,213	-	3,196	+1%
MYSQL With Sentry	443	14%	468	-5%
MYSQL With Sentry (error only)	2,599	81%	2,596	+0%

View base workflow run

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}

[cursor]

Module not computed when URI decoding fails

Medium Severity

When _safeDecodeURI returns undefined for a malformed URI, maybeDecodedFilename && getModule?.(...) short-circuits to undefined, so the module field is always lost. The raw filename is available and could still be passed to getModule to compute a meaningful module value. The fallback for filename correctly uses ?? filename, but module doesn't apply the same fallback strategy.

 

[Lms24]

This is intentional. getModule implementors also need to call decodeURI, so they'll end up with the same error being thrown in this code path. I think it's reasonable here to just not include the module, given that we can't make a file lookup anyway if we're dealing with a malformed filename (for reasons unknown)