Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(scrubbing): Scrub span.data.http.query with default scrubbers #1889

Merged
merged 7 commits into from
Mar 1, 2023
Merged

feat(scrubbing): Scrub span.data.http.query with default scrubbers #1889

merged 7 commits into from
Mar 1, 2023

Conversation

iker-barriocanal
Copy link
Contributor

Ref: #1855

span.data.http.query may contain sensitive data, which is currently not scrubbed. This PR makes relay to scrub that field with default data scrubbers.

@iker-barriocanal iker-barriocanal requested a review from a team February 28, 2023 09:59
@iker-barriocanal iker-barriocanal self-assigned this Feb 28, 2023
cleptric
cleptric approved these changes Feb 28, 2023
View reviewed changes
Copy link
Member

@cleptric cleptric left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, we may add an additional test case that checks a more complex query, like api_token=123&process_id=123 -> api_token=[Filtered]&process_id=123

jjbayer
jjbayer requested changes Feb 28, 2023
View reviewed changes
relay-general/src/protocol/types.rs Outdated
#[cfg_attr(feature = "jsonschema", derive(JsonSchema))]
pub struct HttpElement {
#[metastructure(pii = "true")]
pub query: Annotated<String>,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

span.data is documented as free-form, so when a user sends {"http": {"query": {"not": "a string"}}}, we should still accept it.

@iker-barriocanal could you check if the scrubbing still works when you change String to Value here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great catch! This is fixed in 03af9eb, and continues to work as expected.

jjbayer
jjbayer approved these changes Feb 28, 2023
View reviewed changes
relay-general/src/protocol/span.rs Show resolved Hide resolved
@iker-barriocanal iker-barriocanal merged commit b710ffd into master Mar 1, 2023
@iker-barriocanal iker-barriocanal deleted the iker/feat/pii-scrub-span-http-query branch March 1, 2023 08:45
@jjbayer jjbayer mentioned this pull request Mar 1, 2023
Closed
jan-auer added a commit that referenced this pull request Mar 2, 2023
@jan-auer
Merge branch 'master' into feat/crons-mvp
7ad294e 
* master:
  doc(py): Add changelog entries (#1900)
  fix(build): Run check when PR is ready for review (#1899)
  chore(project_local): Allow to follow symlinks for projects configs (#1891)
  ref(project): Skip serializing default fields (#1887)
  chore(build): Run changelog check for draft PRs (#1897)
  chore(sentry): Add environment config option (#1890)
  feat(scrubbing): Scrub `span.data.http.query` with default scrubbers (#1889)
@iker-barriocanal iker-barriocanal mentioned this pull request Mar 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jjbayer jjbayer jjbayer approved these changes

@cleptric cleptric cleptric approved these changes

Assignees

@iker-barriocanal iker-barriocanal

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iker-barriocanal @jjbayer @cleptric