From 9ca28fb6c9a96191a918a44d69375556eb88fc99 Mon Sep 17 00:00:00 2001 From: Manoel Aranda Neto Date: Fri, 8 Jul 2022 08:37:35 +0200 Subject: [PATCH 1/3] Remove userId and transaction from baggage due to PII --- CHANGELOG.md | 1 + sentry/src/main/java/io/sentry/TraceContext.java | 8 ++++++-- sentry/src/test/java/io/sentry/SentryTracerTest.kt | 14 +++++++------- 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 855e5c3cc1..65e056ef6e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Fixes - Only send userid in Dynamic Sampling Context if sendDefaultPii is true ([#2147](https://github.com/getsentry/sentry-java/pull/2147)) +- Remove userId and transaction from baggage due to PII ([#2147](https://github.com/getsentry/sentry-java/pull/2147)) ### Features diff --git a/sentry/src/main/java/io/sentry/TraceContext.java b/sentry/src/main/java/io/sentry/TraceContext.java index 28a235797b..53a178f256 100644 --- a/sentry/src/main/java/io/sentry/TraceContext.java +++ b/sentry/src/main/java/io/sentry/TraceContext.java @@ -56,17 +56,21 @@ public final class TraceContext implements JsonUnknown, JsonSerializable { final @Nullable User user, final @NotNull SentryOptions sentryOptions, final @Nullable TracesSamplingDecision samplingDecision) { + // transaction and user_id, which are not part of the dynamic sampling context right now because + // of PII concerns. + // https://develop.sentry.dev/sdk/performance/dynamic-sampling-context/#the-temporal-problem this( transaction.getSpanContext().getTraceId(), new Dsn(sentryOptions.getDsn()).getPublicKey(), sentryOptions.getRelease(), sentryOptions.getEnvironment(), - getUserId(sentryOptions, user), + null, // getUserId(sentryOptions, user), user != null ? getSegment(user) : null, - transaction.getName(), + null, // transaction.getName(), sampleRateToString(sampleRate(samplingDecision))); } + @SuppressWarnings("UnusedMethod") private static @Nullable String getUserId( final @NotNull SentryOptions options, final @Nullable User user) { if (options.isSendDefaultPii() && user != null) { diff --git a/sentry/src/test/java/io/sentry/SentryTracerTest.kt b/sentry/src/test/java/io/sentry/SentryTracerTest.kt index c5bc1a37a6..b2c270b208 100644 --- a/sentry/src/test/java/io/sentry/SentryTracerTest.kt +++ b/sentry/src/test/java/io/sentry/SentryTracerTest.kt @@ -495,8 +495,8 @@ class SentryTracerTest { assertEquals("key", it.publicKey) assertEquals("environment", it.environment) assertEquals("release@3.0.0", it.release) - assertEquals(transaction.name, it.transaction) - assertEquals("user-id", it.userId) + // assertEquals(transaction.name, it.transaction) + // assertEquals("user-id", it.userId) assertEquals("pro", it.userSegment) } } @@ -518,7 +518,7 @@ class SentryTracerTest { assertEquals("key", it.publicKey) assertEquals("environment", it.environment) assertEquals("release@3.0.0", it.release) - assertEquals(transaction.name, it.transaction) + // assertEquals(transaction.name, it.transaction) assertNull(it.userId) assertEquals("pro", it.userSegment) } @@ -568,8 +568,8 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - assertTrue(it.value.contains("sentry-transaction=name,")) - assertTrue(it.value.contains("sentry-user_id=userId12345,")) + // assertTrue(it.value.contains("sentry-transaction=name,")) + // assertTrue(it.value.contains("sentry-user_id=userId12345,")) assertTrue(it.value.contains("sentry-user_segment=pro$".toRegex())) } } @@ -598,7 +598,7 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - assertTrue(it.value.contains("sentry-transaction=name,")) + // assertTrue(it.value.contains("sentry-transaction=name,")) assertFalse(it.value.contains("sentry-user_id")) assertTrue(it.value.contains("sentry-user_segment=pro$".toRegex())) } @@ -624,7 +624,7 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - assertTrue(it.value.contains("sentry-transaction=name")) + // assertTrue(it.value.contains("sentry-transaction=name")) assertFalse(it.value.contains("sentry-user_id")) assertFalse(it.value.contains("sentry-user_segment")) } From 75b56d9f75b3d54fb78d519aaae5b6e92c0eca36 Mon Sep 17 00:00:00 2001 From: Manoel Aranda Neto Date: Fri, 8 Jul 2022 08:37:59 +0200 Subject: [PATCH 2/3] pr id --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65e056ef6e..19fb088dc3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ ### Fixes - Only send userid in Dynamic Sampling Context if sendDefaultPii is true ([#2147](https://github.com/getsentry/sentry-java/pull/2147)) -- Remove userId and transaction from baggage due to PII ([#2147](https://github.com/getsentry/sentry-java/pull/2147)) +- Remove userId and transaction from baggage due to PII ([#2157](https://github.com/getsentry/sentry-java/pull/2157)) ### Features From 79a829ef2e20095b13d964e77cf7973e6ef0db35 Mon Sep 17 00:00:00 2001 From: Manoel Aranda Neto Date: Mon, 11 Jul 2022 09:06:19 +0200 Subject: [PATCH 3/3] transaction is added back --- CHANGELOG.md | 2 +- sentry/src/main/java/io/sentry/TraceContext.java | 4 ++-- sentry/src/test/java/io/sentry/SentryTracerTest.kt | 10 +++++----- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 19fb088dc3..a75d24f86a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ ### Fixes - Only send userid in Dynamic Sampling Context if sendDefaultPii is true ([#2147](https://github.com/getsentry/sentry-java/pull/2147)) -- Remove userId and transaction from baggage due to PII ([#2157](https://github.com/getsentry/sentry-java/pull/2157)) +- Remove userId from baggage due to PII ([#2157](https://github.com/getsentry/sentry-java/pull/2157)) ### Features diff --git a/sentry/src/main/java/io/sentry/TraceContext.java b/sentry/src/main/java/io/sentry/TraceContext.java index 53a178f256..5adbd57d47 100644 --- a/sentry/src/main/java/io/sentry/TraceContext.java +++ b/sentry/src/main/java/io/sentry/TraceContext.java @@ -56,7 +56,7 @@ public final class TraceContext implements JsonUnknown, JsonSerializable { final @Nullable User user, final @NotNull SentryOptions sentryOptions, final @Nullable TracesSamplingDecision samplingDecision) { - // transaction and user_id, which are not part of the dynamic sampling context right now because + // user_id isn't part of the dynamic sampling context right now because // of PII concerns. // https://develop.sentry.dev/sdk/performance/dynamic-sampling-context/#the-temporal-problem this( @@ -66,7 +66,7 @@ public final class TraceContext implements JsonUnknown, JsonSerializable { sentryOptions.getEnvironment(), null, // getUserId(sentryOptions, user), user != null ? getSegment(user) : null, - null, // transaction.getName(), + transaction.getName(), sampleRateToString(sampleRate(samplingDecision))); } diff --git a/sentry/src/test/java/io/sentry/SentryTracerTest.kt b/sentry/src/test/java/io/sentry/SentryTracerTest.kt index b2c270b208..b5145a4658 100644 --- a/sentry/src/test/java/io/sentry/SentryTracerTest.kt +++ b/sentry/src/test/java/io/sentry/SentryTracerTest.kt @@ -495,7 +495,7 @@ class SentryTracerTest { assertEquals("key", it.publicKey) assertEquals("environment", it.environment) assertEquals("release@3.0.0", it.release) - // assertEquals(transaction.name, it.transaction) + assertEquals(transaction.name, it.transaction) // assertEquals("user-id", it.userId) assertEquals("pro", it.userSegment) } @@ -518,7 +518,7 @@ class SentryTracerTest { assertEquals("key", it.publicKey) assertEquals("environment", it.environment) assertEquals("release@3.0.0", it.release) - // assertEquals(transaction.name, it.transaction) + assertEquals(transaction.name, it.transaction) assertNull(it.userId) assertEquals("pro", it.userSegment) } @@ -568,7 +568,7 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - // assertTrue(it.value.contains("sentry-transaction=name,")) + assertTrue(it.value.contains("sentry-transaction=name,")) // assertTrue(it.value.contains("sentry-user_id=userId12345,")) assertTrue(it.value.contains("sentry-user_segment=pro$".toRegex())) } @@ -598,7 +598,7 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - // assertTrue(it.value.contains("sentry-transaction=name,")) + assertTrue(it.value.contains("sentry-transaction=name,")) assertFalse(it.value.contains("sentry-user_id")) assertTrue(it.value.contains("sentry-user_segment=pro$".toRegex())) } @@ -624,7 +624,7 @@ class SentryTracerTest { assertTrue(it.value.contains("sentry-public_key=key,")) assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,")) assertTrue(it.value.contains("sentry-environment=production,")) - // assertTrue(it.value.contains("sentry-transaction=name")) + assertTrue(it.value.contains("sentry-transaction=name")) assertFalse(it.value.contains("sentry-user_id")) assertFalse(it.value.contains("sentry-user_segment")) }