feat(scopes): add new scopes#2113
Conversation
Litarnus
force-pushed
the
new-scopes-light
branch
from
8c35756 to
e607cfd
Compare
Litarnus
force-pushed
the
new-scopes-light
branch
from
e607cfd to
15faea1
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 15faea1. Configure here.
| $mergedScope->user = (clone $globalScope->user)->merge($isolationScope->user); | ||
| } elseif ($globalScope->user !== null) { | ||
| $mergedScope->user = clone $globalScope->user; | ||
| } |
There was a problem hiding this comment.
Global user revives cleared isolation
Medium Severity
When the isolation scope has no user (including after removeUser()), mergeScopes still copies the global scope user onto the merged scope. Applying that scope can attach global user data to events that the isolation scope intentionally left anonymous.
Reviewed by Cursor Bugbot for commit 15faea1. Configure here.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| */ | ||
| public static function mergeScopes(self $globalScope, self $isolationScope): self | ||
| { | ||
| $mergedScope = clone $isolationScope; |
There was a problem hiding this comment.
Bug: The mergeScopes function performs a shallow clone of the scope, causing the span object to be shared between the original and merged scopes, which can lead to side effects.
Severity: LOW
Suggested Fix
Update the Scope::__clone() method to perform a deep clone of the $span property. This will ensure that merged scopes have their own independent span instance, preventing unintended side effects if the span is mutated after the merge operation. Additionally, add a test case to verify the behavior when the isolation scope has a span.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: src/State/Scope.php#L124
Potential issue: The `mergeScopes()` function creates a new scope by cloning an existing
`isolationScope`. However, the `Scope::__clone()` method performs a shallow copy and
does not clone the `span` object. As a result, the new `mergedScope` and the original
`isolationScope` share the same `span` instance. If the span is mutated in one scope,
the change will unexpectedly affect the other. While the current `applyToEvent()` usage
is read-only, any future code that mutates the span after merging could lead to
incorrect trace data. This potential issue is not covered by tests, as the relevant test
case only handles scenarios where the isolation scope has no span.
Did we get this right? 👍 / 👎 to inform future reviews.
Litarnus
force-pushed
the
new-scopes-light
branch
2 times, most recently
from
9477d70 to
1ca81df
Compare
Litarnus
force-pushed
the
new-scopes-light
branch
from
1ca81df to
8b55d7a
Compare
1 participant
No description provided.