Remove authority from URLs sent to Sentry

CHANGELOG.md

@@ -5,7 +5,7 @@
 ### Features
 
 - Add tag filters to SentryLoggingOptions ([#2360](https://github.com/getsentry/sentry-dotnet/pull/2360))
-- Remove authority from URLs sent to Sentry ([#2366](https://github.com/getsentry/sentry-java/pull/2366))
+- Remove authority from URLs sent to Sentry ([#2365](https://github.com/getsentry/sentry-dotnet/pull/2365))
 
 ## 3.31.0
 

src/Sentry/Breadcrumb.cs

@@ -1,4 +1,5 @@
 using Sentry.Extensibility;
+using Sentry.Internal;
 using Sentry.Internal.Extensions;
 
 namespace Sentry;
@@ -9,6 +10,12 @@ namespace Sentry;
 [DebuggerDisplay("Message: {" + nameof(Message) + "}, Type: {" + nameof(Type) + "}")]
 public sealed class Breadcrumb : IJsonSerializable
 {
+    private readonly IReadOnlyDictionary<string, string>? _data;
+    private readonly string? _message;
+
+    private bool _sendDefaultPii = true;
+    internal void Redact() => _sendDefaultPii = false;
+
     /// <summary>
     /// A timestamp representing when the breadcrumb occurred.
     /// </summary>
@@ -21,7 +28,11 @@ public sealed class Breadcrumb : IJsonSerializable
     /// If a message is provided, it’s rendered as text and the whitespace is preserved.
     /// Very long text might be abbreviated in the UI.
     /// </summary>
-    public string? Message { get; }
+    public string? Message
+    {
+        get => _sendDefaultPii ? _message : _message.RedactUrl();
+        private init => _message = value;
+    }
 
     /// <summary>
     /// The type of breadcrumb.
@@ -39,7 +50,17 @@ public sealed class Breadcrumb : IJsonSerializable
     /// Contains a sub-object whose contents depend on the breadcrumb type.
     /// Additional parameters that are unsupported by the type are rendered as a key/value table.
     /// </remarks>
-    public IReadOnlyDictionary<string, string>? Data { get; }
+    public IReadOnlyDictionary<string, string>? Data
+    {
+        get => _sendDefaultPii
+            ? _data
+            : _data?.ToDictionary(
+                x => x.Key,
+                x => x.Value?.RedactUrl()
+                )!
+            ;
+        private init => _data = value;
+    }
 
     /// <summary>
     /// Dotted strings that indicate what the crumb is or where it comes from.

src/Sentry/Internal/PiiUrlSanitizer.cs → src/Sentry/Internal/PiiExtensions.cs

@@ -1,20 +1,21 @@
 namespace Sentry.Internal;
 
 /// <summary>
-/// Sanitizes data that potentially contains Personally Identifiable Information (PII) before sending it to Sentry.
+/// Extensions to help redact data that might contain Personally Identifiable Information (PII) before sending it to
+/// Sentry.
 /// </summary>
-internal static class PiiUrlSanitizer
+internal static class PiiExtensions
 {
+    internal const string RedactedText = "[Filtered]";
+
     /// <summary>
-    /// Searches for URLs in text data and redacts any PII
-    /// data from these, as required.
+    /// Searches for URLs in text data and redacts any PII data from these, as required.
     /// </summary>
     /// <param name="data">The data to be searched</param>
     /// <returns>
-    /// The data if SendDefaultPii is enabled or if the data does not contain any PII.
-    /// A redacted copy of the data otherwise.
+    /// The data, if no PII data is present or a copy of the data with PII data redacted otherwise
     /// </returns>
-    public static string? Sanitize(this string? data)
+    public static string? RedactUrl(this string? data)
     {
         // If the data is empty then we don't need to sanitize anything
         if (string.IsNullOrWhiteSpace(data))
@@ -29,13 +30,13 @@ internal static class PiiUrlSanitizer
         var result = authRegex.Replace(data, match =>
         {
             var matchedUrl = match.Groups[1].Value;
-            return SanitizeUrl(matchedUrl);
+            return RedactAuth(matchedUrl);
         });
 
         return result;
     }
 
-    private static string SanitizeUrl(string data)
+    private static string RedactAuth(string data)
     {
         // ^ matches the start of the string. (?i)(https?://) gives a case-insensitive matching of the protocol.
         // (.*@) matches the username and password (authentication information). (.*)$ matches the rest of the URL.

src/Sentry/Request.cs

@@ -1,4 +1,5 @@
 using Sentry.Extensibility;
+using Sentry.Internal;
 using Sentry.Internal.Extensions;
 
 namespace Sentry;
@@ -176,4 +177,9 @@ public static Request FromJson(JsonElement json)
             Cookies = cookies
         };
     }
+
+    internal void Redact()
+    {
+        Url = Url.RedactUrl();
+    }
 }

src/Sentry/Scope.cs

@@ -270,11 +270,6 @@ public void AddBreadcrumb(Breadcrumb breadcrumb)
             _breadcrumbs.TryDequeue(out _);
         }
 
-        if (!Options.SendDefaultPii)
-        {
-            breadcrumb = breadcrumb.Sanitize();
-        }
-
         _breadcrumbs.Enqueue(breadcrumb);
         if (Options.EnableScopeSync)
         {

src/Sentry/SentryClient.cs

@@ -142,7 +142,7 @@ public void CaptureTransaction(Transaction transaction)
 
         if (!_options.SendDefaultPii)
         {
-            processedTransaction = processedTransaction.Sanitize();
+            processedTransaction.Redact();
         }
 
         CaptureEnvelope(Envelope.FromTransaction(processedTransaction));
@@ -271,6 +271,11 @@ private SentryId DoSendEvent(SentryEvent @event, Scope? scope)
             return SentryId.Empty;
         }
 
+        if (!Options.SendDefaultPii)
+        {
+            processedEvent.Redact();
+        }
+
         return CaptureEnvelope(Envelope.FromEvent(processedEvent, _options.DiagnosticLogger, scope.Attachments, scope.SessionUpdate))
             ? processedEvent.EventId
             : SentryId.Empty;

src/Sentry/SentryEvent.cs

@@ -242,6 +242,15 @@ public void SetTag(string key, string value) =>
     public void UnsetTag(string key) =>
         (_tags ??= new Dictionary<string, string>()).Remove(key);
 
+    internal void Redact()
+    {
+        _request?.Redact();
+        foreach (var breadcrumb in Breadcrumbs)
+        {
+            breadcrumb.Redact();
+        }
+    }
+
     /// <inheritdoc />
     public void WriteTo(Utf8JsonWriter writer, IDiagnosticLogger? logger)
     {

src/Sentry/Transaction.cs

@@ -298,6 +298,18 @@ public void SetMeasurement(string name, Measurement measurement) =>
         SpanId,
         IsSampled);
 
+    /// <summary>
+    /// Redacts PII from the transaction
+    /// </summary>
+    internal void Redact()
+    {
+        Description = Description.RedactUrl();
+        foreach (var breadcrumb in Breadcrumbs)
+        {
+            breadcrumb.Redact();
+        }
+    }
+
     /// <inheritdoc />
     public void WriteTo(Utf8JsonWriter writer, IDiagnosticLogger? logger)
     {

test/Sentry.Tests/Internals/PiiUrlSanitizerTests.cs → test/Sentry.Tests/Internals/PiiExtensionsTests.cs

@@ -1,11 +1,11 @@
 namespace Sentry.Tests.Internals;
 
-public class PiiUrlSanitizerTests
+public class PiiExtensionsTests
 {
     [Fact]
     public void Sanitize_Null()
     {
-        var actual = PiiUrlSanitizer.Sanitize(null);
+        var actual = PiiExtensions.RedactUrl(null);
 
         Assert.Null(actual);
     }
@@ -16,7 +16,7 @@ public void Sanitize_Null()
     [InlineData("htp://user:[email protected]?q=1&s=2&token=secret#top", "doesn't affect malformed http urls")]
     public void Sanitize_Data_IsNotNull_WithoutPii(string original, string reason)
     {
-        var actual = PiiUrlSanitizer.Sanitize(original);
+        var actual = original.RedactUrl();
 
         actual.Should().Be(original, reason);
     }
@@ -31,7 +31,7 @@ public void Sanitize_Data_IsNotNull_WithoutPii(string original, string reason)
     [InlineData("GET https://[email protected] for goodness", "GET https://[Filtered]@sentry.io for goodness", "strips user info from URL embedded in text")]
     public void Sanitize_Data_IsNotNull_WithPii(string original, string expected, string reason)
     {
-        var actual = PiiUrlSanitizer.Sanitize(original);
+        var actual = original.RedactUrl();
 
         actual.Should().Be(expected, reason);
     }

test/Sentry.Tests/Protocol/BreadcrumbTests.cs

@@ -1,6 +1,8 @@
+using FluentAssertions.Execution;
+
 namespace Sentry.Tests.Protocol;
 
-public class BreadcrumbTests : ImmutableTests<Breadcrumb>
+public class BreadcrumbTests
 {
     private readonly IDiagnosticLogger _testOutputLogger;
 
@@ -9,6 +11,50 @@ public BreadcrumbTests(ITestOutputHelper output)
         _testOutputLogger = new TestOutputDiagnosticLogger(output);
     }
 
+    [Fact]
+    public void Redact_Redacts_Urls()
+    {
+        // Arrange
+        var breadcrumbData = new Dictionary<string, string>
+        {
+            {"url", "https://[email protected]"},
+            {"method", "GET"},
+            {"status_code", "403"}
+        };
+        var timestamp = DateTimeOffset.UtcNow;
+        var message = "message https://[email protected]";
+        var type = "fake_type";
+        var data = breadcrumbData;
+        var category = "fake_category";
+        var level = BreadcrumbLevel.Error;
+
+        var breadcrumb = new Breadcrumb(
+            timestamp : timestamp,
+            message : message,
+            type : type,
+            data : breadcrumbData,
+            category : category,
+            level : level
+        );
+
+        // Act
+        breadcrumb.Redact();
+
+        // Assert
+        using (new AssertionScope())
+        {
+            breadcrumb.Should().NotBeNull();
+            breadcrumb.Timestamp.Should().Be(timestamp);
+            breadcrumb.Message.Should().Be("message https://[Filtered]@sentry.io"); // should be sanitized
+            breadcrumb.Type.Should().Be(type);
+            breadcrumb.Data?["url"].Should().Be("https://[Filtered]@sentry.io"); // should be sanitized
+            breadcrumb.Data?["method"].Should().Be(breadcrumb.Data?["method"]);
+            breadcrumb.Data?["status_code"].Should().Be(breadcrumb.Data?["status_code"]);
+            breadcrumb.Category.Should().Be(category);
+            breadcrumb.Level.Should().Be(level);
+        }
+    }
+
     [Fact]
     public void SerializeObject_ParameterlessConstructor_IncludesTimestamp()
     {