Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project: Filter emails in URLs correctly #39

Open
3 of 4 tasks
kahest opened this issue Nov 9, 2023 · 2 comments
Open
3 of 4 tasks

Project: Filter emails in URLs correctly #39

kahest opened this issue Nov 9, 2023 · 2 comments
Labels
Team: Mobile Platform
Milestone
Protocol

Comments

@kahest
Copy link
Member

kahest commented Nov 9, 2023
edited by krystofwoldrich
Loading

Description

URLs sent to Sentry should have authority filtered correctly. While this is implemented already, filtering of emails from other parts of the URL is not desired. This has come up in the following issues:
getsentry/sentry-java#2690
getsentry/sentry-dart#1418

The goal of this issue is to ensure that all our SDKs

  1. filter authority correctly
  2. don't filter email from other parts of the URL

Examples: (for more see e.g. https://github.com/getsentry/sentry-dart/blob/8a10ab719072f65d029985c211471d779ab2a3cb/dart/test/utils/http_sanitizer_test.dart#L9)

Input Expected
https://dev.sentry.io/api/v4/reset/email@example.com https://dev.sentry.io/api/v4/reset/email@example.com
https://user:password@sentry.io?q=1&s=2&token=secret https://[Filtered]:[Filtered]@sentry.io

Tasks
Beta Give feedback
  1. Filter emails in URLs correctly sentry-cocoa#3417
    Platform: Cocoa
  2. Correctly filter URL with an email address in it sentry-java#2690
    Platform: Android Platform: Java Type: Bug
  4. Correctly filter URL with an email address in it sentry-dart#1418
    Effort: Small Impact: Large Platform: Dart bug
    denrase
@kahest kahest changed the title Filter URL authority correctly Filter emails in URLs correctly Nov 9, 2023
@philipphofmann philipphofmann mentioned this issue Nov 15, 2023
Closed
@krystofwoldrich
Copy link
Member

React Native uses sanitization logic from JS which passes the test correctly https://github.com/getsentry/sentry-javascript/blob/08308664394fb9eabda9f334f4cf97048fa0a4d9/packages/utils/test/url.test.ts#L72

https://github.com/getsentry/sentry-javascript/blob/08308664394fb9eabda9f334f4cf97048fa0a4d9/packages/node/test/integrations/http.test.ts#L321

@kahest
Copy link
Member Author

kahest commented Dec 1, 2023

React Native uses sanitization logic from JS which passes the test correctly getsentry/sentry-javascript@0830866/packages/utils/test/url.test.ts#L72

getsentry/sentry-javascript@0830866/packages/node/test/integrations/http.test.ts#L321

Thanks for checking! I don't see a test for the first case though - with email outside of the authority part, e.g. https://dev.sentry.io/api/v4/reset/email@example.com -> https://dev.sentry.io/api/v4/reset/email@example.com

@stephanie-anderson stephanie-anderson added this to the [1] Discovery milestone Jul 4, 2024
@stephanie-anderson stephanie-anderson changed the title Filter emails in URLs correctly Project: Filter emails in URLs correctly Jul 4, 2024
@stephanie-anderson stephanie-anderson modified the milestones: [1] Discovery, [5] On Hold, Protocol Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Team: Mobile Platform
Projects
Mobile & Cross Platform SDK
Status: Needs Discussion
Milestone
Protocol
Development

No branches or pull requests
4 participants
@kahest @philipphofmann @stephanie-anderson @krystofwoldrich