diff --git a/CHANGELOG.md b/CHANGELOG.md index b7fcc11911..4408f6f4a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ **Bug Fixes**: - Disable scrubbing for the User-Agent header. ([#2641](https://github.com/getsentry/relay/pull/2641)) +- Fixes certain safe fields disabling data scrubbing for all string fields. ([#2701](https://github.com/getsentry/relay/pull/2701)) **Internal**: diff --git a/relay-pii/src/convert.rs b/relay-pii/src/convert.rs index cc2b1bfaf4..f6b3d26b19 100644 --- a/relay-pii/src/convert.rs +++ b/relay-pii/src/convert.rs @@ -143,7 +143,7 @@ pub fn to_pii_config( continue; } - let spec = match field.parse() { + let spec = match SelectorSpec::parse_non_legacy(field) { Ok(spec) => spec, Err(_) => { // Ideally safe fields should be caught by sentry-side validation, @@ -1559,4 +1559,64 @@ THd+9FBxiHLGXNKhG/FRSyREXEt+NyYIf/0cyByc9tNksat794ddUqnLOg0vwSkv } "###); } + + #[test] + fn test_safe_field_legacy_disables_all_string_parsing() { + let mut data = Event::from_value( + serde_json::json!({ + "request": { + "data": { + "email": "foo@bar.de", + "password": "kkee", + "recaptcha": null, + } + }, + }) + .into(), + ); + + let pii_config = to_pii_config(&DataScrubbingConfig { + // this triggered legacy behaviour and disabled scrubbing for all fields + exclude_fields: vec!["email".to_owned()], + scrub_data: true, + scrub_ip_addresses: true, + sensitive_fields: vec!["email".to_owned(), "password".to_owned()], + scrub_defaults: true, + ..Default::default() + }) + .unwrap(); + + let mut pii_processor = PiiProcessor::new(pii_config.compiled()); + process_value(&mut data, &mut pii_processor, ProcessingState::root()).unwrap(); + assert_annotated_snapshot!(data, @r###" + { + "request": { + "data": { + "email": "foo@bar.de", + "password": "[Filtered]", + "recaptcha": null + } + }, + "_meta": { + "request": { + "data": { + "password": { + "": { + "rem": [ + [ + "@password:filter", + "s", + 0, + 10 + ] + ], + "len": 4 + } + } + } + } + } + } + "###); + } } diff --git a/relay-pii/src/selector.rs b/relay-pii/src/selector.rs index b54c1aa847..cdfc0b9acb 100644 --- a/relay-pii/src/selector.rs +++ b/relay-pii/src/selector.rs @@ -165,6 +165,19 @@ pub enum SelectorSpec { } impl SelectorSpec { + /// Parses a selector from a string without legacy special handling. + pub fn parse_non_legacy(s: &str) -> Result { + handle_selector( + SelectorParser::parse(Rule::RootSelector, s) + .map_err(|e| InvalidSelectorError::ParseError(Box::new(e)))? + .next() + .unwrap() + .into_inner() + .next() + .unwrap(), + ) + } + /// Checks if a path matches given selector. /// /// This walks both the selector and the path starting at the end and towards the root @@ -315,15 +328,7 @@ impl FromStr for SelectorSpec { _ => {} } - handle_selector( - SelectorParser::parse(Rule::RootSelector, s) - .map_err(|e| InvalidSelectorError::ParseError(Box::new(e)))? - .next() - .unwrap() - .into_inner() - .next() - .unwrap(), - ) + Self::parse_non_legacy(s) } }