feat(replay): Adding OkHttp Request/Response bodies

[43jay]

📜 Description

Initalise DefaultReplayBreadcrumbConverter as the SDK-wide BeforeBreadcrumbCallback. It is responsible for delegating to a user-provided BeforeBreadcrumb.

Introduce new utility/data classes (io.sentry.util.network pkg), following format in the javascript SDK.

In BeforeBreadcrumb, NetworkDetailCaptureUtils extracts 'Network Details' data objects (NetworkRequestData, ReplayNetworkRequestOrResponse) and inserts back into the breadcrumb Hint (only sentry-okhttp for now).

When converting Breadcrumb to RRWebSpanEvent, extract NetworkRequestData data from Hint (name="replay:networkDetails") and insert into the replay performanceSpan when creating the replay segment.

TODOs

Feedback:

• Are we handling 'enough' body types? Given there are so many diff types of request bodies ->
  Current impl handles JSON, UrlFormEncoded, skips these binary content types, and falls back to raw String as possible

• Decide on keeping changes to sentry-samples-android

• Will this work when the gradle plugin is used to add the SentryOkHttpInterceptor? This code implies we only send the breadcrumb w/ network details when that path isn't active.

Implementation:

• Restrict size of breadcrumbsMap entries after data has been added to replay
• Respect networkDetail* SDK Options flags
  • Will handle in a Future PR
• handle case where SentryOkHttpEventListener handles http request instrumentation
  • Will handle in a Future PR
• More unit tests after addressing the PR feedback, e.g.:
  • SentryOkHttpInterceptor
  • AndroidOptionsInitializer
  • NetworkBodyParser (at least the json part)

Pre-Land:

• Go through commits and remove any testing-oriented ones
  • Remove FAKE_OPTIONS in SentryOkHttpInterceptor before landing // there for testing
• Remove remaining unnecessary debug log statements

💡 Motivation and Context

Part of [Mobile Replay] Capture Network request/response bodies

Initially, we were trying to keep SDK changes simple and re-use the existing OKHTTP_REQUEST|RESPONSE hint data.
However, the :sentry-android-replay gradle module doesn't compile against any of the http libs (makes sense).

Because these okhttp3.Request, etc types don't exist in :sentry-android-replay, replay accesses the NetworkDetails data via Hint data ("replay:networkDetails") on the Breadcrumb, when the SDKOptions constraints have been met.

💚 How did you test it?

1. DefaultReplayBreadcrumbConverterTest unit tests:

./gradlew clean :sentry-android-replay:testDebugUnitTest --no-build-cache --rerun-tasks --tests="DefaultReplayBreadcrumbConverterTest"

2. Manually creating replay sessions:

this replay session is an example recording with no networkDetail* SDK options enabled
(replay sessions below were captured without commit 4bc5b7714).

recording segment data shows sample replay payload .

replay session respects networkDetail[Request|Response]Headers

https://sentry-sdks.sentry.io/explore/replays/f89535ea0e79499ca8d75e34e6270925

replay session captures GET request bodies as null

replay session

replay session captures JSON bodies

1. Request body formatted as JSON key/values
ref

2. Response body formatted as JSON key/values
ref

replay session captures plaintext bodies

replay session

replay session captures form bodies (formurlencoded)

replay session

replay session captures binary bodies

1. binary body under size limit (valid response size; summarized body content

https://sentry-sdks.sentry.io/explore/replays/baf899dd12c14718bc5d8b877a9fff3d

2. binary body over size limit (invalid response size, summarized body content
(https://sentry-sdks.sentry.io/explore/replays/94dc96ae2b8c4f4d8c23e2e0c69e5d1d)

replay session truncates plaintext bodies over 150KB (`MAX_NETWORK_BODY_SIZE`)

https://sentry-sdks.sentry.io/explore/replays/e11711a70c164a8fa1a2ed39e8632a05

replay sessions properly capture one-shot okhttp request bodies

One-shot HTTP Request Body request

Test: read(..) okhttp3.Request.body in an OkHttpInterceptor after cloning body into new request causes the request to succeed ✅ (current impl)

replay session

Valid response body logged to sentry:

Sanity Test: read(..) okhttp3.Request.body in an OkHttpInterceptor without cloning body into a new request causes the request to fail ✅

replay session

Invalid response body logged to sentry:

[linear]

MOBILE-935 [Mobile Replay] Capture Network request/response bodies

[seer-by-sentry]

Bug: Breadcrumb.equals() omits data map, causing HashMap key collisions for concurrent requests, leading to incorrect network data attribution.
_{Severity: CRITICAL | Confidence: 1.00}

🔍 Detailed Analysis

The Breadcrumb.equals() method omits the data map from its comparison. This allows distinct Breadcrumb objects, particularly those generated by HTTP requests occurring within the same millisecond but having different URLs or other data map contents, to be considered equal. When these Breadcrumb objects are used as keys in the httpNetworkDetails LinkedHashMap, one entry can unintentionally overwrite another, causing network details from one request to be incorrectly associated with a different request during session replay processing.

💡 Suggested Fix

Modify Breadcrumb.equals() to include the data map in its comparison, or use a different key for httpNetworkDetails that uniquely identifies each network request, such as a UUID or a composite key including relevant data fields.

🤖 Prompt for AI Agent

Fix this bug. In
sentry-android-replay/src/main/java/io/sentry/android/replay/DefaultReplayBreadcrumbConverter.kt
at lines 33-42: The `Breadcrumb.equals()` method omits the `data` map from its
comparison. This allows distinct `Breadcrumb` objects, particularly those generated by
HTTP requests occurring within the same millisecond but having different URLs or other
`data` map contents, to be considered equal. When these `Breadcrumb` objects are used as
keys in the `httpNetworkDetails` `LinkedHashMap`, one entry can unintentionally
overwrite another, causing network details from one request to be incorrectly associated
with a different request during session replay processing.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[43jay]

@romtsn is there any issue with updating Breadcrumb#equals and Breadcrumb#hashmap to include data in the comparison?

I left it out in my commit cuz assumed we want Breadcrumbs to be equal if they have different data (e.g. it's the same breadcrumb if some more data gets added by a different caller at some point later)

[romtsn]

hmm, that's a tricky one. The problem with data is that people tend to put there any kind of stuff and it can be a deeply-nested data structure which will result in a super expensive equals/hashCode call, so I think doing this generally for all breadcrumbs is gonna backfire.

I guess I see 3 options to address this:

• Override contains/equals for the LinkedHashMap.Entry (if possible), and define our equals logic there specifically for http breadcrumbs
• Introduce a transient id to the Breadcrumb object and use it for comparison (or use it as a key in the httpNetworkDetails dictionary)
• Switch the entire approach to always rely on BeforeBreadcrumbCallback, i.e. we wouldn't grab the breadcrumbs from the Scope here, but instead store them from within our ReplayBeforeBreadcrumbCallback directly and use it later for creating a segment/sending to Sentry. That way we wouldn't need to associate crumbs <-> hints, as we would have them in one place. But that's certainly a bigger lift

Maybe there's some other option I didn't think of - let me know!

[43jay]

Okay, yeah - i see there will be an issue if multiple HTTP requests go out in the same millisecond, we will only record one of them.

Given it's an impl detail of Breadcrumb, which already has helpers to create http breadcrumbs - wyt about adding custom equals/hashcode logic for http breadcrumb i.e. something like

@Override
  public boolean equals(Object o) {
    if (this == o) return true;
    if (o == null || getClass() != o.getClass()) return false;
    Breadcrumb that = (Breadcrumb) o;
     
    switch (type) {
      case  'http':
        return httpBreadcrumbEquals(this, that);
      default:
         return breadcrumbEquals(this, that);
    }
  }

private static boolean breadcrumbEquals(Breadcrumb a, Breadcrumb b) {
return a.getTimestamp().getTime() == that.getTimestamp().getTime()
        && Objects.equals(message, that.message)
        && Objects.equals(type, that.type)
        && Objects.equals(category, that.category)
        && Objects.equals(origin, that.origin)
        && level == that.level;
}

private static boolean httpBreadcrumbEquals(Breadcrumb a, Breadcrumb b) {
    return breadcrumbEquals(a, b) 
        && a.getData("status_code") == b.getData("status_code")
        && a.getData("url") == b.getData("url")
        && a.getData("method") == b.getData("method")
        && a.getData("http.fragment") == b.getData("http.fragment")
        && a.getData("http.query") == b.getData("http.query")
}

[romtsn]

so I brainstormed this a bit, and thinking if it'd make more sense to use composition here -- currently this is a breaking binary change for our hybrid SDKs (RN and Flutter that inherit from DefaultReplayBreadcrumbConverter). I was thinking of ways to avoid the breaking change and came up with the following:

public open class DefaultReplayBreadcrumbConverter() : ReplayBreadcrumbConverter {

  private var options: SentryOptions? = null

  public constructor(options: SentryOptions) : this() {
    this.options = options
    this.options?.beforeBreadcrumb = ReplayBeforeBreadcrumbCallback(options.beforeBreadcrumb)
  }

  private class ReplayBeforeBreadcrumbCallback(
    val delegate: BeforeBreadcrumbCallback?
  ) : BeforeBreadcrumbCallback {
    override fun execute(breadcrumb: Breadcrumb, hint: Hint): Breadcrumb? {
      TODO()
    }
  }

this way the hybrid SDKs wouldn't be broken once we ship this and they'd be just missing on the native req/resp bodies because they are not using the new ctor with options. Once they use the new ctor they automatically would get req/resp bodies for okhttp-originated requests. Wdyt?

[43jay]

done

[romtsn]

I think this currently has a bug if someone excludes the -replay module from the build, then this would return a NoOpReplayBreadcrumbConverter implementation which does not currently delegate to the user-defined beforeBreadcrumb callback. So we'd be effectively swallowing the breadcrumb in here.

Given my comment here, if we go for that impl, we could change to instantiating and setting DefaultReplayBreadcrumbConverter here:

final @NotNull  converter = options.getReplayController().getBreadcrumbConverter();
if (converter instanceof NoOpReplayBreadcrumbConverter) {
  options.getReplayController().setBreadcrumbConverter(new DefaultReplayBreadcrumbConverter(options));
}

I guess we still have to check for no-op here, because RN and Flutter define their own converters, e.g. see this, so we shouldn't be overwriting whatever they have set.

[43jay]

makes a lot of sense!

It looks tho like the sdk always overrides the NoopBreadcrumbConverter =>
instanceof NoOpReplayBreadcrumbConverter here will always returns false.
(^? this is what i was uncertain of... but reading the code and adding a log line here confirms at least for my test app)

One option: unwind that behaviour by moving the DefaultReplayBreadcrumbConverter initialization out of installDefaultIntegrations so that the instanceof NoOpReplayBreadcrumbConverter can evaluate to true here + DefaultReplayBreadcrumbConverter can be initialized here.

Alternatively, leave that code alone (which effectively means the NoOpReplayBreadcrumbConverter is dead code? unless there are tests, or other configurations that don't come through installDefaultIntegrations🤔): instead refactor the DefaultReplayBreadcrumbConverter to have post-initialization logic something like

final @NotNull  beforeBreadcrumb = options.getReplayController().getBreadcrumbConverter().getBeforeBreadcrumb();
if (beforeBreadcrumb == null) {
  options.getReplayController().getBreadcrumbConverter()
    .setBeforeBreadcrumb(new ReplayBeforeBreadcrumbCallback(options));
}

[43jay]

Moving the initialization of DefaultReplayBreadcrumbConverter out of installDefaultIntegrations entirely and depending on instanceof NoOpReplayBreadcrumbConverter seems cleaner (first option).

Assuming the initialization was put there b/c previously DefaultReplayBreadcrumbConverter was independent of SDKOptions... but "now it is" => move the entire thing out, instead of try to keep some initialization in installDefaultIntegrations and then do some more initialization later (here in initializeIntegrationsAndProcessors).

I've started working on this (and the refactor to use composition to not change the ReplayBreadcrumbConverter API as well)... any idea if there were other motivations for putting DefaultReplayBreadcrumbConverter initialization inside installDefaultIntegrations, that moving it down to initializeIntegrationsAndProcessors could break?

[43jay]

done!

[romtsn]

Suggested change

	* (153600 bytes).
	* (153600 bytes).
	* Aligned with JS: https://github.com/getsentry/sentry-javascript/blob/98de756506705b60d1ca86cbbcfad3fd76062f8f/packages/replay-internal/src/constants.ts#L33

maybe worth linking the JS part here?

[43jay]

done

[romtsn]

so we have a tendency to mark all parameters (and members) as final everywhere - would you mind following that pattern? We probably should've adopted checkstyle's FinalParam check a long time ago 😅

[43jay]

done

[romtsn]

I guess this will go away in a future PR, right?

[43jay]

yes my plan was to remove it in the next PR when I would introduce the actual SentryOptions API.

I can take it out and in-line emptyArray, etc everywhere if you think that's cleaner though?

[romtsn]

can we import this? Also, probably worth to change the level to WARNING or ERROR

[43jay]

done

[romtsn]

maybe worth to add this to TypeCheckHint as a const? I'd also change it to sentry:replayNetworkDetails to align with other hint keys

[43jay]

done

[romtsn]

wondering if we can make this potentially faster with less allocations, e.g.:

private fun okhttp3.Headers.toMap(): Map<String, String> {
  val headers = LinkedHashMap<String, String>(size)
  for (i in 0 until size) {
    headers[name(i)] = value(i)
  }
  return headers
}

[43jay]

still pending

[romtsn]

probably also could be a warning or error

[43jay]

done

[romtsn]

i guess some of these keys can override what you set above right? (e.g. responseBodySize). But I guess it should be the same value, so doesn't matter much probably

[43jay]

that was my take as well - and left it in so that the old impl would 'win' in case there is some issue in the new one

[romtsn]

Looking great overall, hats off for all that different body types parsing logic! I left one overall design question and a few of nits.

Also, would be great to cover some of this with more tests after addressing the PR feedback, e.g.:

• SentryOkHttpInterceptor
• AndroidOptionsInitializer
• NetworkBodyParser (at least the json part)

[cursor]

Bug: API contract clash in NetworkBodyParser fromBytes

The NetworkBodyParser.fromBytes method's implementation takes an ILogger parameter, which conflicts with the public API contract expecting SentryOptions. This also creates an inconsistency where the @NotNull annotated logger parameter is unnecessarily null-checked within the method.

 

[cursor]

Bug: Null-Driven URL Capture Mismatch in Javadoc

The shouldCaptureUrl method's Javadoc for networkDetailAllowUrls indicates null means "allow all", but the code treats null as "allow none". This prevents URL capture when networkDetailAllowUrls is not explicitly set.

Additional Locations (1)

• sentry/src/main/java/io/sentry/util/network/NetworkDetailCaptureUtils.java#L83-L84