|
5 | 5 |
|
6 | 6 | import sentry_sdk |
7 | 7 | from sentry_sdk import capture_message |
8 | | -from sentry_sdk.integrations._asgi_common import _get_headers, _get_ip |
| 8 | +from sentry_sdk.integrations._asgi_common import ( |
| 9 | + _get_headers, |
| 10 | + _get_ip, |
| 11 | + _get_request_attributes, |
| 12 | + _get_request_data, |
| 13 | + _RootPathInPath, |
| 14 | +) |
9 | 15 | from sentry_sdk.integrations.asgi import SentryAsgiMiddleware, _looks_like_asgi3 |
10 | 16 | from sentry_sdk.tracing import TransactionSource |
11 | 17 |
|
@@ -831,6 +837,61 @@ def test_get_headers(): |
831 | 837 | } |
832 | 838 |
|
833 | 839 |
|
| 840 | +def test_get_request_data_url_with_filtered_host(sentry_init): |
| 841 | + # allowlist mode in data collection that does not allow "host" scrubs the host header value, |
| 842 | + # but the reported URL must still resolve via rather than embedding the substituted "[Filtered]" value. |
| 843 | + sentry_init( |
| 844 | + _experiments={ |
| 845 | + "data_collection": { |
| 846 | + "http_headers": {"request": {"mode": "allowlist", "terms": []}} |
| 847 | + } |
| 848 | + } |
| 849 | + ) |
| 850 | + |
| 851 | + scope = { |
| 852 | + "type": "http", |
| 853 | + "method": "GET", |
| 854 | + "scheme": "http", |
| 855 | + "server": ("example.com", 80), |
| 856 | + "path": "/foo", |
| 857 | + "query_string": b"", |
| 858 | + "headers": [(b"host", b"example.com")], |
| 859 | + } |
| 860 | + |
| 861 | + request_data = _get_request_data(scope, _RootPathInPath.EXCLUDED) |
| 862 | + |
| 863 | + assert request_data["headers"]["host"] == "[Filtered]" |
| 864 | + assert request_data["url"] == "http://example.com/foo" |
| 865 | + |
| 866 | + |
| 867 | +def test_get_request_attributes_url_with_filtered_host(sentry_init): |
| 868 | + # As with _get_request_data, an allowlist mode that does not allow "host" |
| 869 | + # scrubs the host header value, but "url.full" must still resolve rather than embedding the substituted value. |
| 870 | + sentry_init( |
| 871 | + send_default_pii=True, |
| 872 | + _experiments={ |
| 873 | + "data_collection": { |
| 874 | + "http_headers": {"request": {"mode": "allowlist", "terms": []}} |
| 875 | + } |
| 876 | + }, |
| 877 | + ) |
| 878 | + |
| 879 | + scope = { |
| 880 | + "type": "http", |
| 881 | + "method": "GET", |
| 882 | + "scheme": "http", |
| 883 | + "server": ("example.com", 80), |
| 884 | + "path": "/foo", |
| 885 | + "query_string": b"somevalue=123", |
| 886 | + "headers": [(b"host", b"example.com")], |
| 887 | + } |
| 888 | + |
| 889 | + attributes = _get_request_attributes(scope, _RootPathInPath.EXCLUDED) |
| 890 | + |
| 891 | + assert attributes["http.request.header.host"] == "[Filtered]" |
| 892 | + assert attributes["url.full"] == "http://example.com/foo?somevalue=123" |
| 893 | + |
| 894 | + |
834 | 895 | @pytest.mark.asyncio |
835 | 896 | @pytest.mark.parametrize( |
836 | 897 | "request_url,transaction_style,expected_transaction_name,expected_transaction_source", |
|
0 commit comments