Skip to content

Commit

Permalink
feat: When ClientOptions.SendDefaultPii is false, send http headers w…
Browse files Browse the repository at this point in the history
…ithout sensitive headers (getsentry#523)
  • Loading branch information
ikorihn committed Jan 12, 2023
1 parent 84f883b commit 85ab572
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 27 deletions.
1 change: 0 additions & 1 deletion fasthttp/sentryfasthttp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -142,7 +142,6 @@ func TestIntegration(t *testing.T) {

eventsCh := make(chan *sentry.Event, len(tests))
err := sentry.Init(sentry.ClientOptions{
SendDefaultPII: true,
BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
eventsCh <- event
return event
Expand Down
1 change: 0 additions & 1 deletion http/sentryhttp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,6 @@ func TestIntegration(t *testing.T) {

eventsCh := make(chan *sentry.Event, len(tests))
err := sentry.Init(sentry.ClientOptions{
SendDefaultPII: true,
BeforeSend: func(event *sentry.Event, hint *sentry.EventHint) *sentry.Event {
eventsCh <- event
return event
Expand Down
50 changes: 26 additions & 24 deletions interfaces.go
Original file line number Diff line number Diff line change
Expand Up @@ -165,35 +165,23 @@ func NewRequest(r *http.Request) *Request {
}
url := fmt.Sprintf("%s://%s%s", protocol, r.Host, r.URL.Path)

sendDefaultPii := CurrentHub().Client() != nil && CurrentHub().Client().Options().SendDefaultPII

var cookies string
var env map[string]string
headers := map[string]string{}

if client := CurrentHub().Client(); client != nil {
if client.Options().SendDefaultPII {
// We read only the first Cookie header because of the specification:
// https://tools.ietf.org/html/rfc6265#section-5.4
// When the user agent generates an HTTP request, the user agent MUST NOT
// attach more than one Cookie header field.
cookies = r.Header.Get("Cookie")

for k, v := range r.Header {
headers[k] = strings.Join(v, ",")
}

if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
}
}
} else {
sensitiveHeaders := getSensitiveHeaders()
for k, v := range r.Header {
if _, ok := sensitiveHeaders[k]; !ok {
headers[k] = strings.Join(v, ",")
}
if sendDefaultPii {
// We read only the first Cookie header because of the specification:
// https://tools.ietf.org/html/rfc6265#section-5.4
// When the user agent generates an HTTP request, the user agent MUST NOT
// attach more than one Cookie header field.
cookies = r.Header.Get("Cookie")

if addr, port, err := net.SplitHostPort(r.RemoteAddr); err == nil {
env = map[string]string{"REMOTE_ADDR": addr, "REMOTE_PORT": port}
}
}

headers := filterHeaders(r.Header, sendDefaultPii)
headers["Host"] = r.Host

return &Request{
Expand All @@ -206,6 +194,20 @@ func NewRequest(r *http.Request) *Request {
}
}

func filterHeaders(header http.Header, sendDefaultPii bool) map[string]string {
headers := map[string]string{}

sensitiveHeaders := getSensitiveHeaders()
for k, v := range header {
_, sensitive := sensitiveHeaders[k]
if sendDefaultPii || !sensitive {
headers[k] = strings.Join(v, ",")
}
}

return headers
}

// Exception specifies an error that occurred.
type Exception struct {
Type string `json:"type,omitempty"` // used as the main issue title
Expand Down
6 changes: 5 additions & 1 deletion interfaces_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ func TestNewRequest(t *testing.T) {
r.Header.Add("Cookie", "foo=bar")
r.Header.Add("X-Forwarded-For", "127.0.0.1")
r.Header.Add("X-Real-Ip", "127.0.0.1")
r.Header.Add("Some-Header", "some-header value")

got := NewRequest(r)
want := &Request{
Expand All @@ -94,6 +95,7 @@ func TestNewRequest(t *testing.T) {
"Host": "example.com",
"X-Forwarded-For": "127.0.0.1",
"X-Real-Ip": "127.0.0.1",
"Some-Header": "some-header value",
},
Env: map[string]string{
"REMOTE_ADDR": "192.0.2.1",
Expand All @@ -112,6 +114,7 @@ func TestNewRequestWithNoPII(t *testing.T) {
r.Header.Add("Cookie", "foo=bar")
r.Header.Add("X-Forwarded-For", "127.0.0.1")
r.Header.Add("X-Real-Ip", "127.0.0.1")
r.Header.Add("Some-Header", "some-header value")

got := NewRequest(r)
want := &Request{
Expand All @@ -121,7 +124,8 @@ func TestNewRequestWithNoPII(t *testing.T) {
QueryString: "q=sentry",
Cookies: "",
Headers: map[string]string{
"Host": "example.com",
"Host": "example.com",
"Some-Header": "some-header value",
},
Env: nil,
}
Expand Down

0 comments on commit 85ab572

Please sign in to comment.