-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "token" variables to Sentry's EventScrubber denylist #523
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found 📢 Thoughts on this report? Let us know! |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found Additional details and impacted files@@ Coverage Diff @@
## main #523 +/- ##
==========================================
- Coverage 91.45% 91.45% -0.01%
==========================================
Files 599 599
Lines 16212 16211 -1
==========================================
- Hits 14826 14825 -1
Misses 1386 1386
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found @@ Coverage Diff @@
## main #523 +/- ##
==========================================
- Coverage 91.45% 91.45% -0.01%
==========================================
Files 599 599
Lines 16212 16211 -1
==========================================
- Hits 14826 14825 -1
Misses 1386 1386
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
✅ All tests successful. No failed tests found Additional details and impacted files@@ Coverage Diff @@
## main #523 +/- ##
=====================================
Coverage 95.76 95.76
=====================================
Files 774 774
Lines 17068 17067 -1
=====================================
- Hits 16345 16344 -1
Misses 723 723
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
codecov/settings_base.py
Outdated
@@ -533,10 +531,13 @@ | |||
|
|||
SENTRY_ENV = os.environ.get("CODECOV_ENV", False) | |||
SENTRY_DSN = os.environ.get("SERVICES__SENTRY__SERVER_DSN", None) | |||
sentry_deny_list = DEFAULT_DENYLIST + ["_headers", "token_to_use"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[very nit] SENTRY_DENY_LIST for consistency
170aac8
to
2da0162
Compare
This change will filter out the `_header` and `token_to_use` variables in a stacktrace frame so that the event doesn't push PII to Sentry.
2da0162
to
e57388b
Compare
Purpose/Motivation
We want to ensure that
token
s don't get sent to Sentry when errors occur.Links to relevant tickets
https://github.com/codecov/internal-issues/issues/419
What does this PR do?
This change will filter out the
_header
andtoken_to_use
variables in a stacktrace frame so that the event doesn't push PII to Sentry. I'm currently filtering the whole_header
, rather than just theauthorization
inside the_header
. To enable that, I would need to enablerecursive
in theEventScrubber
, which might have potential performance implications.Notes to Reviewer
We might want to actually store the
denylist
in theshared
repo (so that we can reuse this same list inworker
).Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.