-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is sanitizeKeys supported in the new JavaScript SDK? #1564
Comments
I see this page now... looks like it says to use |
If anybody is looking to do this maybe this will help. I noticed that Sentry breadcrumbs can tend to upload sensitive data from XHR requests and console log messages. This is how I init Sentry... Note: This does not clean up data in setupSentry.js
import redact from 'redact-object';
import { scrubUrlParams, sensitiveKeys } from '../jsHelpers';
//...
function startSentry() {
Sentry.init({
debug: isDev,
dsn: process.env.SENTRY_DSN,
release: `${process.env.SENTRY_PROJECT}-${app.getVersion()}`,
onFatalError: () => {
process.exit(1);
},
beforeBreadcrumb(breadcrumb) {
// Examples:
// category: electron, type: ui
// category: console, type: undefined (remove access_token from data)
// category: xhr, type: http (remove access_token from URL)
// log.debug(`Breadcrumb - ${breadcrumb.category} - ${breadcrumb.type}`);
// console breadcrumbs from redux-logger may contain Redux state and
// therefore access tokens or refresh tokens. Redact tokens from Sentry
// breadcrumbs.
if (breadcrumb.category === 'console') {
breadcrumb.data = redact(breadcrumb.data, sensitiveKeys);
// log.info(`New console breadcrumb data`, breadcrumb.data);
}
// xhr breadcrumbs may contain URLs which may contain access tokens or
// refresh tokens. Redact tokens from URLs.
if (breadcrumb.category === 'xhr') {
breadcrumb.data.url = scrubUrlParams(breadcrumb.data.url);
// log.info(`New url breadcrumb data`, breadcrumb.data);
}
return breadcrumb;
},
});
} jsHelpers.js
/**
* Scrub URL params into x's.
*
* i.e. https://foo.com?password=sekrit -> https://foo.com?password=scrubbed
*
* @params {string} urlString - The URL (including querystring) you'd like
* params scrubbed on.
* @params {string[]} paramsToScrub - An array of string representing the
* querystrings you'd like to scrub from the URL.
* @returns {string} The URL with values for the paramsToScrub converted to
* 'scrubbed'.
*/
export const sensitiveKeys = [
'key',
'token', 'secret',
'accessToken', 'access_token', 'access-token',
'refreshToken', 'refresh_token', 'refresh-token',
'code', 'authorization_code',
'password',
];
export function scrubUrlParams(urlString, paramsToScrub = sensitiveKeys) {
const parts = url.parse(urlString, true);
const params = parts.query;
for (const param of Object.keys(params)) {
if (paramsToScrub.includes(param)) {
params[param] = 'REDACTED';
}
}
parts.query = params;
// Random extra step: https://stackoverflow.com/a/7517673/3516664
delete parts.search;
return url.format(parts);
} |
@aguynamedben Cool example, thank you very much for this. |
Nice! Yeah it makes sense build it in. |
@HazAT any updates/timeline on scrubbing sensitive data natively for Sentry? |
The
sanitizeKeys
option from Raven isn't documented in the new JavaScript SDK docs. Is that feature supported? From searching the code it looks likesanitizeKeys
is only in Raven.Is the recommendation to just use the
beforeSend
hook to do my own sanitation?The text was updated successfully, but these errors were encountered: