fix(pii): Removes legacy special behaviour from safe fields parsing

CHANGELOG.md

@@ -19,6 +19,7 @@
 **Bug Fixes**:
 
 - Disable scrubbing for the User-Agent header. ([#2641](https://github.com/getsentry/relay/pull/2641))
+- Fixes certain safe fields disabling data scrubbing for all string fields. ([#2701](https://github.com/getsentry/relay/pull/2701))
 
 **Internal**:
 

relay-pii/src/convert.rs

@@ -143,7 +143,7 @@ pub fn to_pii_config(
             continue;
         }
 
-        let spec = match field.parse() {
+        let spec = match SelectorSpec::parse_non_legacy(field) {
             Ok(spec) => spec,
             Err(_) => {
                 // Ideally safe fields should be caught by sentry-side validation,
@@ -1559,4 +1559,64 @@ THd+9FBxiHLGXNKhG/FRSyREXEt+NyYIf/0cyByc9tNksat794ddUqnLOg0vwSkv
         }
         "###);
     }
+
+    #[test]
+    fn test_safe_field_legacy_disables_all_string_parsing() {
+        let mut data = Event::from_value(
+            serde_json::json!({
+                "request": {
+                    "data": {
+                        "email": "foo@bar.de",
+                        "password": "kkee",
+                        "recaptcha": null,
+                    }
+                },
+            })
+            .into(),
+        );
+
+        let pii_config = to_pii_config(&DataScrubbingConfig {
+            // this triggered legacy behaviour and disabled scrubbing for all fields
+            exclude_fields: vec!["email".to_owned()],
+            scrub_data: true,
+            scrub_ip_addresses: true,
+            sensitive_fields: vec!["email".to_owned(), "password".to_owned()],
+            scrub_defaults: true,
+            ..Default::default()
+        })
+        .unwrap();
+
+        let mut pii_processor = PiiProcessor::new(pii_config.compiled());
+        process_value(&mut data, &mut pii_processor, ProcessingState::root()).unwrap();
+        assert_annotated_snapshot!(data, @r###"
+        {
+          "request": {
+            "data": {
+              "email": "foo@bar.de",
+              "password": "[Filtered]",
+              "recaptcha": null
+            }
+          },
+          "_meta": {
+            "request": {
+              "data": {
+                "password": {
+                  "": {
+                    "rem": [
+                      [
+                        "@password:filter",
+                        "s",
+                        0,
+                        10
+                      ]
+                    ],
+                    "len": 4
+                  }
+                }
+              }
+            }
+          }
+        }
+        "###);
+    }
 }

relay-pii/src/selector.rs

@@ -165,6 +165,19 @@ pub enum SelectorSpec {
 }
 
 impl SelectorSpec {
+    /// Parses a selector from a string without legacy special handling.
+    pub fn parse_non_legacy(s: &str) -> Result<SelectorSpec, InvalidSelectorError> {
+        handle_selector(
+            SelectorParser::parse(Rule::RootSelector, s)
+                .map_err(|e| InvalidSelectorError::ParseError(Box::new(e)))?
+                .next()
+                .unwrap()
+                .into_inner()
+                .next()
+                .unwrap(),
+        )
+    }
+
     /// Checks if a path matches given selector.
     ///
     /// This walks both the selector and the path starting at the end and towards the root
@@ -315,15 +328,7 @@ impl FromStr for SelectorSpec {
             _ => {}
         }
 
-        handle_selector(
-            SelectorParser::parse(Rule::RootSelector, s)
-                .map_err(|e| InvalidSelectorError::ParseError(Box::new(e)))?
-                .next()
-                .unwrap()
-                .into_inner()
-                .next()
-                .unwrap(),
-        )
+        Self::parse_non_legacy(s)
     }
 }