Skip to content
This repository was archived by the owner on Aug 14, 2024. It is now read-only.

Explain how to sanitize url parameters #760

Closed
wants to merge 7 commits into from
Closed

Explain how to sanitize url parameters #760

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
097002b
Add explanation on how to parameterize the url data.
antonpirker Nov 15, 2022
7646205
Made it work for breadcrumbs and span descriptions.
antonpirker Nov 15, 2022
661db9c
Fixed typos
antonpirker Nov 15, 2022
190c1d8
Wording.
antonpirker Nov 15, 2022
ab0df14
Wording
antonpirker Nov 15, 2022
1d7a8fe
Added config option. (very raw)
antonpirker Nov 16, 2022
b01a2df
Update src/docs/sdk/features.mdx
antonpirker Nov 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions src/docs/sdk/features.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -268,6 +268,36 @@ If Performance Monitoring is both supported by the SDK and enabled in the client
- span status must match HTTP response status code ([see Span status to HTTP status code mapping](/sdk/event-payloads/span/))
- when network error occurs, span status must be set to `internal_error`


### Scrubbing Sensitive Data

HTTP Client Integrations record the URLs of HTTP requests. URLs can contain two categories of sensitive information:
* Privacy related data like passwords, private keys, etc.
* Personally identifiable information (PII) like email addresses, addresses, names, social security numbers, etc.

#### Privacy Related Data

The SDKs must scrub privacy-related data from the `url` in breadcumbs and `$url` in span descriptions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥇 for specifying the subject and using the active voice.


The username and passwords that can be included in an URL (like `https://username:password123@example.com`) must always be scrubbed.

Query params that contain sensitive information must also be redacted.

The SDK should maintain a list of query params that can include sensitive data. The default of the list should be the same list that relay uses to scrub sensitive data: https://github.com/getsentry/relay/blob/master/relay-general/src/pii/regexes.rs#L272

The values of all query parameters whose name is in the list of params with sensitive data must be scrubbed.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once we have the list of params, we should add them here.


This example URL `https://username:password@example.com/bla/blub?token=abc&sessionid=123&save=true&secret=geheim123#fragment` has to be modified to look like this `https://%s:%s@example.com/bla/blub?token=%s&sessionid=123&save=true&secret=%s#fragment`.

#### Personally Identifiable Information (PII)

SDKs should also give the user the possibility to define a custom list of query param names that should be scrubbed. Given the user full control over what data gets sent do Sentry.

There should be a config option to the SDKs `init()` call that can set a list of query params that should be scrubbed. By setting this config option the default list of query params with sensitive data is overridden.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We still need to specify the name of the option, once we decided on one.


This way it is possible to set additional query params to be scrubbed, but also make it possible for the user to not scrubbing any query params. (Which is not recommended)


### HTTP Client Errors

The SDK automatically captures HTTP Client errors and sends them to [sentry.io](https://sentry.io).
Expand Down