feat(pii-scrubbing): PII scrub span.data by default #1953
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit b710ffd.
jjbayer
approved these changes
Mar 21, 2023
There was a problem hiding this comment.
LGTM, @iker-barriocanal could you post in the client infra channel when this goes live? Just so everybody's aware that they will have to start explicitly typing fields in span.data in Relay if the new behavior breaks something for them.
jan-auer
added a commit
that referenced
this pull request
Mar 24, 2023
* master: feat(normalization): Mark scrubbed transactions as sanitized (#1960) fix(pii): Scrub sensitive cookies (#1951) release: 23.3.1 feat(pii-scrubbing): PII scrub span.data by default (#1953) test(scrubbing): Add tests for PII scrubbing in breadcrumb.data (#1955) build(deps): bump sentry-sdk from 1.11.0 to 1.14.0 (#1959) ref(envelope_manager): Remove from_registry calls from the service (#1956) cd: add placeholder deployment pipeline (#1954) Assert array fields are capped to 100 items (#1910) fix(pii): Early return if no text left (#1957)
3 tasks
jjbayer
added a commit
that referenced
this pull request
Oct 4, 2023
Up until now, we've materialized span tags into `span.data`. This creates several problems: * Potential clashes between keys set by the user and keys set by sentry. * Pollution of the UI because `span.data` entries show up in the event details view. * Most importantly: `span.data` is [subject to PII scrubbing](#1953), so tags computed by Relay are sometimes overwritten by PII scrubbing in the next Relay instance. Instead of writing into `span.data`, create a new top-level object in the span called `sentry_tags`. The same naming has been used [here](https://github.com/getsentry/sentry-kafka-schemas/blob/79fb0900e3a9a4da6f0db15eab1b5d27f42ffeb7/schemas/snuba-spans.v1.schema.json#L81-L83). For now, double-write span tags into both `span.data` and `span.sentry_tags` until all users of these tags have switched to `sentry_tags`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR reverts #1889 and enables PII data scrubbing of
span.databy default. For the context of the reason for the revert, see #1915 (comment).Related to: #1955.
Ref: #1855, #1915.