Implement EventScrubber by sl0thentr0py · Pull Request #1943 · getsentry/sentry-python

sl0thentr0py · 2023-03-06T16:03:37Z

Add a new EventScrubber class that scrubs certain potentially sensitive interfaces with a DEFAULT_DENYLIST. The default scrubber is automatically run if send_default_pii = False.

Usage

from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST

# custom denylist
denylist = DEFAULT_DENYLIST + ["my_sensitive_var"]

sentry_sdk.init(
    # ...
    send_default_pii=False,
    event_scrubber=EventScrubber(denylist=denylist),
)

As outlined in https://github.com/getsentry/rfcs/blob/main/text/0062-controlling-pii-and-credentials-in-sd-ks.md
closes #1897
docs: getsentry/sentry-docs#6489

As outlined in https://github.com/getsentry/rfcs/blob/main/text/0062-controlling-pii-and-credentials-in-sd-ks.md

antonpirker

Why not just walk the whole event structure recursively and apply scrub_dict()?

As the implementation is now, when we (or somenone else) adds a top level key "super_secret_stuff" it will not be touched.

sentry_sdk/serializer.py

antonpirker · 2023-03-17T07:33:03Z

I get that having those seperate scrubbing functions makes it convenient for a user to derive a custom scrubber that works like the original one, but does not scrub for example the breadcrumbs.

antonpirker · 2023-03-17T07:35:03Z

But maybe add a scrub_others or scrub_rest

That does something like:

for key in event.keys():
    if key not in ["request", "extra", "user", ...]:
        self.scrub_dict(event[key])

(or something like scrub_dict that walks the dict recursively and not only looks at the top level keys)

sl0thentr0py · 2023-03-17T12:37:21Z

Why not just walk the whole event structure recursively and apply scrub_dict()?

Only python has the Event as an opaque dict/object without interfaces, no other SDK does this, so I just went with a structure that would work for all SDKs. The recursive walking can only work in python sadly.

I think this is fine for a first version and we can see how and if users use this at all and wait for feedback.
I just wanted to have something like this as a first-class abstraction and this is a good first step.

antonpirker · 2023-03-17T13:06:23Z

Ok.
How can we ensure, that if we add some top level key to the event in the future, that we do not forget to update the default EventScrubber? Because we (or whoever is than working on this) will forget about this.

sl0thentr0py · 2023-03-17T13:07:32Z

we can't ensure and that's fine

sentry_sdk/client.py

sl0thentr0py force-pushed the neel/scrubber branch 9 times, most recently from 074b739 to 85d7458 Compare March 7, 2023 16:26

sl0thentr0py force-pushed the neel/scrubber branch 4 times, most recently from 8293c19 to 2cba3d9 Compare March 16, 2023 17:25

sl0thentr0py marked this pull request as ready for review March 16, 2023 17:25

sl0thentr0py requested a review from antonpirker March 16, 2023 17:25

sl0thentr0py force-pushed the neel/scrubber branch 2 times, most recently from 37128b8 to 7bbc515 Compare March 16, 2023 17:28

Implement EventScrubber

8b19bf9

As outlined in https://github.com/getsentry/rfcs/blob/main/text/0062-controlling-pii-and-credentials-in-sd-ks.md

sl0thentr0py force-pushed the neel/scrubber branch from 7bbc515 to 8b19bf9 Compare March 16, 2023 17:33

sl0thentr0py requested a review from cleptric March 16, 2023 17:44

antonpirker reviewed Mar 17, 2023

View reviewed changes

sentry_sdk/serializer.py Show resolved Hide resolved

sl0thentr0py mentioned this pull request Mar 17, 2023

feat(python): Add event_scrubber docs getsentry/sentry-docs#6489

Merged

cleptric reviewed Mar 20, 2023

View reviewed changes

sentry_sdk/client.py Show resolved Hide resolved

antonpirker approved these changes Mar 21, 2023

View reviewed changes

Merge branch 'master' into neel/scrubber

0db4dbe

antonpirker enabled auto-merge (squash) March 21, 2023 10:04

antonpirker merged commit b339d83 into master Mar 21, 2023

antonpirker deleted the neel/scrubber branch March 21, 2023 10:07

DanielNoord mentioned this pull request Apr 3, 2023

Make EventScrubber also scrub exception entries #1986

Closed

coderabbitai bot mentioned this pull request Apr 1, 2026

Replace raven with sentry-sdk gmr/rejected#55

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement EventScrubber#1943

Implement EventScrubber#1943
antonpirker merged 2 commits intomasterfrom
neel/scrubber

sl0thentr0py commented Mar 6, 2023 •

edited

Loading

Uh oh!

antonpirker left a comment

Uh oh!

Uh oh!

antonpirker commented Mar 17, 2023 •

edited

Loading

Uh oh!

antonpirker commented Mar 17, 2023 •

edited

Loading

Uh oh!

sl0thentr0py commented Mar 17, 2023

Uh oh!

antonpirker commented Mar 17, 2023

Uh oh!

sl0thentr0py commented Mar 17, 2023 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

sl0thentr0py commented Mar 6, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Usage

Uh oh!

antonpirker left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

antonpirker commented Mar 17, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

antonpirker commented Mar 17, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

sl0thentr0py commented Mar 17, 2023

Uh oh!

antonpirker commented Mar 17, 2023

Uh oh!

sl0thentr0py commented Mar 17, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

sl0thentr0py commented Mar 6, 2023 •

edited

Loading

antonpirker commented Mar 17, 2023 •

edited

Loading

antonpirker commented Mar 17, 2023 •

edited

Loading

sl0thentr0py commented Mar 17, 2023 •

edited

Loading