fix(pii): scrub PII in span description [INGEST-1709]

[olksdr]

Filter description if it contains PII

[marandaneto]

data field is also maybe and some SDKs also set the URL in there.
See this https://github.com/getsentry/sentry/blob/fef9c695a1a7d3384fb3ce7ec6c264632e77061d/static/app/components/events/interfaces/spans/spanTreeModel.spec.tsx#L47
and https://github.com/getsentry/sentry/blob/fef9c695a1a7d3384fb3ce7ec6c264632e77061d/src/sentry/interfaces/spans.py#L33-L38

[olksdr]

yep I will add this

[jjbayer]

LGTM. I would add a bit more explanation to the PR description (that this change was motivated by an incident, etc.).

[jjbayer]

Suggested change

	- Scrub PII in the span description. ([#1590](https://github.com/getsentry/relay/pull/1590))
	- Always scrub PII in the span description. So far, the user had to configure this by hand. ([#1590](https://github.com/getsentry/relay/pull/1590))

[jjbayer]

I'm not very consistent with this myself, but let's also add this to py/CHANGELOG.md. See https://github.com/getsentry/relay#instructions-for-changelogs.

[olksdr]

Will do

[marandaneto]

Can we add a test for breadcrumbs as well?

relay/relay-general/src/protocol/breadcrumb.rs

Line 104 in 87181c0

/// Arbitrary data associated with this breadcrumb.

SDKs sets the data.url as well https://develop.sentry.dev/sdk/event-payloads/breadcrumbs/

[marandaneto]

request.url is also maybe

relay/relay-general/src/protocol/request.rs

Line 440 in 87181c0

///The query string can be declared either as part of the `url`, or separately in `query_string`.

Should we change that too? Same for query_string.

[olksdr]

Can we add a test for breadcrumbs as well?

relay/relay-general/src/protocol/breadcrumb.rs

Line 104 in 87181c0

/// Arbitrary data associated with this breadcrumb.

SDKs sets the data.url as well https://develop.sentry.dev/sdk/event-payloads/breadcrumbs/

this already is tested in

relay/relay-general/src/pii/convert.rs

Line 1197 in 87181c0

fn test_breadcrumb_message() {

[olksdr]

request.url is also maybe

relay/relay-general/src/protocol/request.rs

Line 440 in 87181c0

///The query string can be declared either as part of the `url`, or separately in `query_string`.

Should we change that too? Same for query_string.

we can add, but it can be a lot of false positives, if anything is in the URL , domain name which will contain the key words we look for we will strip entire URL. Is that ok?

[iker-barriocanal]

nit: we're only interested in ensuring the description is [Filtered], so it may be easier to read that assertion over a snapshot?

[olksdr]

The test is to ensure that the things are working as expected now, and it will show the problem if we have the regression. But I do not really care who this implemented.

[marandaneto]

request.url is also maybe

relay/relay-general/src/protocol/request.rs

Line 440 in 87181c0

///The query string can be declared either as part of the `url`, or separately in `query_string`.

Should we change that too? Same for query_string.

we can add, but it can be a lot of false positives, if anything is in the URL , domain name which will contain the key words we look for we will strip entire URL. Is that ok?

mm I am unsure, this will definatelly degrade the feature (filtering the whole URL instead of the only key words), Mobile already scrub out the query parameters (by not sending them), if you think this is ok, we are good already.

[olksdr]

mm I am unsure, this will definatelly degrade the feature (filtering the whole URL instead of the only key words), Mobile already scrub out the query parameters (by not sending them), if you think this is ok, we are good already.

@marandaneto , checked this with @jjbayer - we already normalize the URL and push query string from url field to query_string which has pii=true and will be scrubbed