ref(replays): Remove unused data export notifications endpoint#116232
Conversation
This endpoint was intended as the HTTP push target for a Google Pub/Sub subscription on Storage Transfer Service job-completion events, so that failed bucket-to-bucket transfers could be retried automatically. In practice it has never received Pub/Sub traffic (90d telemetry shows no spans on the transaction) and the replay export pipeline that would drive it is not wired into the EU export orchestrator in getsentry. The endpoint was gated only by SentryIsAuthenticated, which is the wrong check for a Pub/Sub push (Google does not have a Sentry session) and admits any authenticated Sentry user, who could forge a Pub/Sub-shaped payload and trigger a Storage Transfer job rerun against jobs in the configured GCP project. The handler is generic STS plumbing and is not replay-specific despite its module path; profile exports use the same underlying helpers, which remain in src/sentry/replays/data_export.py and are unaffected by this change. Removing the endpoint eliminates the unauthenticated path entirely. If the retry workflow is needed in the future, a new endpoint should be introduced with proper Google OIDC token verification. Refs REPLAY-920 Refs VULN-1598 Co-Authored-By: Claude <noreply@anthropic.com>
github-actions
Bot
added
the
Scope: Backend
github-actions
Bot
added
the
Scope: Frontend
|
🚨 Warning: This pull request contains Frontend and Backend changes! It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently. Have questions? Please ask in the |
📊 Type Coverage Diff✅ No new type safety issues introduced. Coverage: 93.58% |
|
@cmanallen do mind taking a look at this and double checking it is safe, would that also imply we are safe to remove other references to this endpoint like static/app/data/controlsiloUrlPatterns.ts? |
cmanallen
left a comment
cmanallen
left a comment
There was a problem hiding this comment.
This is safe. You can remove it from the other files you mentioned as well.
DominikB2014
deleted the
dominikbuszowiecki/vuln-1598-security-replays-data_export_notifications-endpoint-lets-any
branch
2 participants
There is a raised security vul with this endpoint, but @cmanallen mentioned the endpoint isn't really used anymore and can be removed https://linear.app/getsentry/issue/REPLAY-920/security-bug-report-replays-data-export-notifications-endpoint-lets