relay icon indicating copy to clipboard operation
relay copied to clipboard
verified publisher icon getsentry

PII scrubs sensitive fields from arrays

Open Dav1dde opened this issue 1 year ago • 4 comments

Relay scrubs values in arrays when they match an entry in the sensitive fields list, even on partial matches.

The following test shows the behaviour:

#[test]
fn test_sensitive_field_in_array() {
    let mut data = Event::from_value(
        serde_json::json!({
            "exception": {
                    "values": [
                    {
                        "stacktrace": {
                            "frames": [
                                {
                                    "vars": {
                                    "args": [
                                        "foo",
                                        "b",
                                        "foobar",
                                        [
                                            "a",
                                            "b",
                                            "foobar",
                                        ]
                                    ]
                                    }
                                }
                            ]
                        }
                    }
                    ]
            }
        })
        .into(),
    );

    let pii_config = to_pii_config(&DataScrubbingConfig {
        sensitive_fields: vec!["b".to_owned()],
        ..simple_enabled_config()
    })
    .unwrap();

    let mut pii_processor = PiiProcessor::new(pii_config.compiled());
    process_value(&mut data, &mut pii_processor, ProcessingState::root()).unwrap();
    assert_annotated_snapshot!(data, @r###"
    {
      "exception": {
        "values": [
          {
            "stacktrace": {
              "frames": [
                {
                  "vars": {
                    "args": [
                      "foo",
                      "[Filtered]",
                      "[Filtered]",
                      [
                        "a",
                        "[Filtered]",
                        "[Filtered]"
                      ]
                    ]
                  }
                }
              ]
            }
          }
        ]
      },
      "_meta": {
        "exception": {
          "values": {
            "0": {
              "stacktrace": {
                "frames": {
                  "0": {
                    "vars": {
                      "args": {
                        "1": {
                          "": {
                            "rem": [
                              [
                                "strip-fields",
                                "s",
                                0,
                                10
                              ]
                            ],
                            "len": 1
                          }
                        },
                        "2": {
                          "": {
                            "rem": [
                              [
                                "strip-fields",
                                "s",
                                0,
                                10
                              ]
                            ],
                            "len": 6
                          }
                        },
                        "3": {
                          "1": {
                            "": {
                              "rem": [
                                [
                                  "strip-fields",
                                  "s",
                                  0,
                                  10
                                ]
                              ],
                              "len": 1
                            }
                          },
                          "2": {
                            "": {
                              "rem": [
                                [
                                  "strip-fields",
                                  "s",
                                  0,
                                  10
                                ]
                              ],
                              "len": 6
                            }
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
    "###);
}

Dav1dde avatar Mar 07 '24 10:03 Dav1dde

From docs:

An entry in "Additional Sensitive Fields" such as mysekret, for example, will cause the removal of any field named mysekret, but also removes any field value that contains mysekret. Sentry does this to protect against sensitive data leaking as part of structured data that has been sent as a single string to Sentry (such as a JSON object that is stringified and embedded as JSON string in another JSON structure). As an extreme example where this behavior can become surprising, the string "Unexpected error" will be removed from events if the entry exp is in "Additional Sensitive Fields".

jjbayer avatar Mar 11 '24 09:03 jjbayer

Let's document this behaviour with more details and underscore the pitfalls. And also document the workaround.

olksdr avatar Mar 11 '24 09:03 olksdr

Hi all, by the way the value filtering behaviour we are experiencing is not limited to only values in arrays, but also standalone values

Finndersen avatar Mar 11 '24 22:03 Finndersen

That's expected behavior -- Relay also considers values of fields outside of arrays as values. We'll improve the documentation to provide more clarity.

iker-barriocanal avatar Mar 12 '24 09:03 iker-barriocanal