Skip to content

chore(data-forwarding): Limit access with feature flag #102873

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 6, 2025
Merged

chore(data-forwarding): Limit access with feature flag #102873

merged 3 commits into from
Nov 6, 2025
+165 −3

Conversation

@leeandher
Copy link
Member

@leeandher leeandher commented Nov 6, 2025
edited
Loading

Adds a feature flag to limit the access to the new endpoints.

Also checking the existing flag for access to the create/update endpoints, but not for get/delete (so that users who downgrade can delete their configs if they wish)

@leeandher leeandher requested review from a team as code owners November 6, 2025 16:18
@leeandher leeandher requested a review from liuirene256 November 6, 2025 16:18
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Nov 6, 2025
cursor[bot]
cursor bot reviewed Nov 6, 2025
View reviewed changes
Copy link
Contributor

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Feature flag check before database query to prevent disclosure

Feature flag check happens after database query in convert_args(). The convert_args() method fetches the DataForwarder object from the database before the feature flag is checked in the put() and delete() methods. This allows users without the feature flag to probe whether specific data forwarder IDs exist in an organization by observing different HTTP status codes (404 for non-existent vs 403 for feature disabled). The feature flag check should be moved to convert_args() before the database query to prevent this information disclosure.

src/sentry/integrations/api/endpoints/data_forwarding_details.py#L67-L85

sentry/src/sentry/integrations/api/endpoints/data_forwarding_details.py

Lines 67 to 85 in f2eb8ca

"PUT": ApiPublishStatus.EXPERIMENTAL,
"DELETE": ApiPublishStatus.EXPERIMENTAL,
}
permission_classes = (OrganizationDataForwardingDetailsPermission,)
def convert_args(
self,
request: Request,
organization_id_or_slug: int | str,
data_forwarder_id: int,
*args,
**kwargs,
):
args, kwargs = super().convert_args(request, organization_id_or_slug, *args, **kwargs)
try:
data_forwarder = DataForwarder.objects.get(
id=data_forwarder_id,
organization=kwargs["organization"],

Fix in Cursor Fix in Web

@leeandher
Copy link
Member Author

leeandher commented Nov 6, 2025

Bug: Feature flag check before database query to prevent disclosure

Feature flag check happens after database query in convert_args(). The convert_args() method fetches the DataForwarder object from the database before the feature flag is checked in the put() and delete() methods. This allows users without the feature flag to probe whether specific data forwarder IDs exist in an organization by observing different HTTP status codes (404 for non-existent vs 403 for feature disabled). The feature flag check should be moved to convert_args() before the database query to prevent this information disclosure.

src/sentry/integrations/api/endpoints/data_forwarding_details.py#L67-L85

Fix in Cursor Fix in Web

clever, thanks cursor

@leeandher leeandher merged commit f4c6956 into master Nov 6, 2025
66 checks passed
@leeandher leeandher deleted the leander/data-forwarding-flag branch November 6, 2025 17:43
Ahmed-Labs pushed a commit that referenced this pull request Nov 6, 2025
@leeandher @Ahmed-Labs
chore(data-forwarding): Limit access with feature flag (#102873)
da3205c 
Adds a feature flag to limit the access to the new endpoints.

Also checking the existing flag for access to the create/update
endpoints, but not for get/delete (so that users who downgrade can
delete their configs if they wish)
Jesse-Box pushed a commit that referenced this pull request Nov 12, 2025
@leeandher @Jesse-Box
chore(data-forwarding): Limit access with feature flag (#102873)
fca1614 
Adds a feature flag to limit the access to the new endpoints.

Also checking the existing flag for access to the create/update
endpoints, but not for get/delete (so that users who downgrade can
delete their configs if they wish)
andrewshie-sentry pushed a commit that referenced this pull request Nov 13, 2025
@leeandher @andrewshie-sentry
chore(data-forwarding): Limit access with feature flag (#102873)
c660433 
Adds a feature flag to limit the access to the new endpoints.

Also checking the existing flag for access to the create/update
endpoints, but not for get/delete (so that users who downgrade can
delete their configs if they wish)
@github-actions github-actions bot locked and limited conversation to collaborators Nov 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@liuirene256 liuirene256 liuirene256 approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@leeandher @liuirene256