-
-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sensitive data not scrubbed out of Phoenix.ActionClauseError
#477
Comments
Routing to @getsentry/owners-ingest for triage. ⏲️ |
I believe this is best filed against the Ruby SDK. Note that "this PII did not get scrubbed" can have many different root causes, and in the previous issue you linked it was not even the same SDK that implemented this functionality. There is server-side settings for scrubbing data, but here you clearly configured it in the SDK. I'm transferring this to sentry-ruby now. |
I just realized this is not Ruby 😅 Transferring to elixir repo. |
Thanks for opening an issue! I will take a look into this |
This is tricky unfortunately. The error message generated by Phoenix includes the sensitive information in an unstructured string by printing the whole conn, which makes it difficult to scrub appropriately. The scrubbing functionality can only operate on params that are already parsed, and that's why the body scrubbing doesn't work as expected. Phoenix logs this as Logs
Ignoring the error is not a satisfying or ideal way to solve this, especially if it's a class of error where you want to be notified. A workaround exists by moving parameter requirements out of the function head into application logic and optionally notifying in there, but that's far more of a hassle. The options available are not attractive, but avoiding capturing these errors seems like the easiest path. |
Phoenix.ActionClauseError
Important Details
How are you running Sentry?
Saas (sentry.io)
Description
Sensitive data is not scrubbed from exception stack traces.
This is related to getsentry/sentry#9309, which didn't get any answers.
Steps to Reproduce
We have a Phoenix application. The endpoint looks something like this:
We found an
Phoenix.ActionClauseError
logged in Sentry, but the parameters were not scrubbed. The log entry looks like this (irrelevant information redacted for this issue with...
; values we expected to be scrubbed are replaced withUNREDACTED
):What you expected to happen
We expected all fields set in
@scrubbed_param_keys
to be scrubbed from logged exceptions. However, they are sent to Sentry in clear text. Did we miss some configuration parameter or is this a bug?The text was updated successfully, but these errors were encountered: