sentry-ruby icon indicating copy to clipboard operation
sentry-ruby copied to clipboard

Published 20 hours ago verified publisher icon getsentry

Scrubbing Sensitive Data for Span

Open IlkhamGaysin opened this issue 2 years ago • 7 comments

Hey guys, I've my Ruby on Rails application accepting Data URI scheme in params. Sentry has the limits on payload size described here. Meanwhile sentry does not call before_send hook to filter payload for TransactionEvent. Here is the condition

I've had a problem with sending events to Setry where the sentry server has returned 413 body: {"detail":"failed to read request body","causes":["A payload reached size limit."]}. I've filtered the Data URI string on before_send and before_breadcrumb which reduced payload size a bit but the problem still remains the same the sentry server returns 413 error. I've debuged and found that spans are not filtered and have that Data URI string. My question is why sentry does not allow to filter sensitive data from spans? Would that be reasonable to implemet that?

IlkhamGaysin avatar May 20 '22 07:05 IlkhamGaysin

You can use Event processors for this, like:

# place this in sentry.rb, after the Sentry.init block
Sentry.get_current_scope.add_event_processor do |event, _hint|
  if event.is_a?(Sentry::TransactionEvent)
    event.spans.delete_if do |span_hash|
      # span data in hash form
    end
  end

  event
end

But I think this is less than ideal and we should provide something similar to before_send but just for transactions. @sl0thentr0py

st0012 avatar May 20 '22 08:05 st0012

@st0012 we never solved this properly historically from what I understand and is a bit of a leftover from how the performance API evolved. The current convention across SDKs is to use before_send for errors and event_processor whenever you need to do something with transactions.

sl0thentr0py avatar May 30 '22 13:05 sl0thentr0py

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

github-actions[bot] avatar Jun 21 '22 00:06 github-actions[bot]

Do you guys need help? I can push a PR for this @sl0thentr0py @st0012

IlkhamGaysin avatar Jul 26 '22 15:07 IlkhamGaysin

@IlkhamGaysin for now you'll just have to use the event processor. Adding new APIs needs to go through a consensus process for having a Unified API across most of our SDKs. I personally do want to add something like this but we'll need to wait a bit for feedback from other language folks.

sl0thentr0py avatar Jul 26 '22 16:07 sl0thentr0py

@sl0thentr0py Can I close this as not planned?

st0012 avatar Oct 23 '22 14:10 st0012

@st0012 no, we're actually almost close to making a decision on this now! You can follow the process at https://github.com/getsentry/rfcs/pull/19

(Side note: we're trying to be more public about our decision making process so that's the new Sentry RFC repo where we do all our discussions. Feel free to pitch in!)

sl0thentr0py avatar Oct 24 '22 11:10 sl0thentr0py