Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement EventScrubber #1943

Merged
merged 2 commits into from
Mar 21, 2023
Merged

Implement EventScrubber #1943

merged 2 commits into from
Mar 21, 2023

Conversation

sl0thentr0py
Copy link
Member

@sl0thentr0py sl0thentr0py commented Mar 6, 2023
edited
Loading

Add a new EventScrubber class that scrubs certain potentially sensitive interfaces with a DEFAULT_DENYLIST. The default scrubber is automatically run if send_default_pii = False.

Usage

from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST

# custom denylist
denylist = DEFAULT_DENYLIST + ["my_sensitive_var"]

sentry_sdk.init(
    # ...
    send_default_pii=False,
    event_scrubber=EventScrubber(denylist=denylist),
)

As outlined in https://github.com/getsentry/rfcs/blob/main/text/0062-controlling-pii-and-credentials-in-sd-ks.md
closes #1897
docs: getsentry/sentry-docs#6489

@sl0thentr0py sl0thentr0py force-pushed the neel/scrubber branch 9 times, most recently from 074b739 to 85d7458 Compare March 7, 2023 16:26
@sl0thentr0py sl0thentr0py force-pushed the neel/scrubber branch 4 times, most recently from 8293c19 to 2cba3d9 Compare March 16, 2023 17:25
@sl0thentr0py sl0thentr0py marked this pull request as ready for review March 16, 2023 17:25
@sl0thentr0py sl0thentr0py force-pushed the neel/scrubber branch 2 times, most recently from 37128b8 to 7bbc515 Compare March 16, 2023 17:28
@sl0thentr0py sl0thentr0py requested a review from cleptric March 16, 2023 17:44
antonpirker
antonpirker reviewed Mar 17, 2023
View reviewed changes
Copy link
Member

@antonpirker antonpirker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just walk the whole event structure recursively and apply scrub_dict()?

As the implementation is now, when we (or somenone else) adds a top level key "super_secret_stuff" it will not be touched.

sentry_sdk/serializer.py Show resolved Hide resolved
@antonpirker
Copy link
Member

antonpirker commented Mar 17, 2023
edited
Loading

I get that having those seperate scrubbing functions makes it convenient for a user to derive a custom scrubber that works like the original one, but does not scrub for example the breadcrumbs.

@antonpirker
Copy link
Member

antonpirker commented Mar 17, 2023
edited
Loading

But maybe add a scrub_others or scrub_rest

That does something like:

for key in event.keys():
    if key not in ["request", "extra", "user", ...]:
        self.scrub_dict(event[key])

(or something like scrub_dict that walks the dict recursively and not only looks at the top level keys)

@sl0thentr0py
Copy link
Member Author

Why not just walk the whole event structure recursively and apply scrub_dict()?

Only python has the Event as an opaque dict/object without interfaces, no other SDK does this, so I just went with a structure that would work for all SDKs. The recursive walking can only work in python sadly.

I think this is fine for a first version and we can see how and if users use this at all and wait for feedback.
I just wanted to have something like this as a first-class abstraction and this is a good first step.

@sl0thentr0py sl0thentr0py mentioned this pull request Mar 17, 2023
Merged
@antonpirker
Copy link
Member

Ok.
How can we ensure, that if we add some top level key to the event in the future, that we do not forget to update the default EventScrubber? Because we (or whoever is than working on this) will forget about this.

@sl0thentr0py
Copy link
Member Author

sl0thentr0py commented Mar 17, 2023
edited
Loading

we can't ensure and that's fine

@antonpirker antonpirker enabled auto-merge (squash) March 21, 2023 10:04
@antonpirker antonpirker merged commit b339d83 into master Mar 21, 2023
@antonpirker antonpirker deleted the neel/scrubber branch March 21, 2023 10:07
@DanielNoord DanielNoord mentioned this pull request Apr 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cleptric cleptric cleptric left review comments

@antonpirker antonpirker antonpirker approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement config.event_scrubber
3 participants
@sl0thentr0py @antonpirker @cleptric