|
6 | 6 | from sentry_sdk._types import SENSITIVE_DATA_SUBSTITUTE |
7 | 7 | from sentry_sdk.data_collection import _apply_key_value_collection_filtering |
8 | 8 | from sentry_sdk.scope import should_send_default_pii |
9 | | -from sentry_sdk.utils import AnnotatedValue, logger |
| 9 | +from sentry_sdk.utils import AnnotatedValue, has_data_collection_enabled, logger |
10 | 10 |
|
11 | 11 | try: |
12 | 12 | from django.http.request import RawPostDataException |
|
23 | 23 |
|
24 | 24 | from sentry_sdk._types import Event, HttpStatusCodeRange |
25 | 25 |
|
| 26 | +SENSITIVE_ENV_KEYS = ( |
| 27 | + "REMOTE_ADDR", |
| 28 | + "HTTP_X_FORWARDED_FOR", |
| 29 | + "HTTP_SET_COOKIE", |
| 30 | + "HTTP_COOKIE", |
| 31 | + "HTTP_AUTHORIZATION", |
| 32 | + "HTTP_PROXY_AUTHORIZATION", |
| 33 | + "HTTP_X_API_KEY", |
| 34 | + "HTTP_X_FORWARDED_FOR", |
| 35 | + "HTTP_X_REAL_IP", |
| 36 | +) |
| 37 | + |
| 38 | +SENSITIVE_HEADERS = tuple( |
| 39 | + x[len("HTTP_") :] for x in SENSITIVE_ENV_KEYS if x.startswith("HTTP_") |
| 40 | +) |
26 | 41 |
|
27 | 42 | DEFAULT_HTTP_METHODS_TO_CAPTURE = ( |
28 | 43 | "CONNECT", |
@@ -196,19 +211,41 @@ def _is_json_content_type(ct: "Optional[str]") -> bool: |
196 | 211 |
|
197 | 212 | def _filter_headers( |
198 | 213 | headers: "Mapping[str, str]", |
199 | | -) -> "Mapping[str, str]": |
200 | | - data_collection_configuration = sentry_sdk.get_client().options["data_collection"] |
| 214 | + use_annotated_value: bool = True, |
| 215 | +) -> "Mapping[str, Union[str, AnnotatedValue]]": |
| 216 | + client_options = sentry_sdk.get_client().options |
201 | 217 |
|
202 | | - filtered = _apply_key_value_collection_filtering( |
203 | | - items=headers, |
204 | | - behaviour=data_collection_configuration["http_headers"]["request"], |
205 | | - ) |
| 218 | + if has_data_collection_enabled(client_options): |
| 219 | + data_collection_configuration = client_options["data_collection"] |
206 | 220 |
|
207 | | - for key in filtered: |
208 | | - if isinstance(key, str) and key.lower() in ("cookie", "set-cookie"): |
209 | | - filtered[key] = SENSITIVE_DATA_SUBSTITUTE |
| 221 | + filtered = _apply_key_value_collection_filtering( |
| 222 | + items=headers, |
| 223 | + behaviour=data_collection_configuration["http_headers"]["request"], |
| 224 | + ) |
210 | 225 |
|
211 | | - return filtered |
| 226 | + for key in filtered: |
| 227 | + if isinstance(key, str) and key.lower() in ("cookie", "set-cookie"): |
| 228 | + filtered[key] = SENSITIVE_DATA_SUBSTITUTE |
| 229 | + |
| 230 | + return filtered |
| 231 | + else: |
| 232 | + if should_send_default_pii(): |
| 233 | + return headers |
| 234 | + |
| 235 | + substitute: "Union[AnnotatedValue, str]" = ( |
| 236 | + SENSITIVE_DATA_SUBSTITUTE |
| 237 | + if not use_annotated_value |
| 238 | + else AnnotatedValue.removed_because_over_size_limit() |
| 239 | + ) |
| 240 | + |
| 241 | + return { |
| 242 | + k: ( |
| 243 | + v |
| 244 | + if k.upper().replace("-", "_") not in SENSITIVE_HEADERS |
| 245 | + else substitute |
| 246 | + ) |
| 247 | + for k, v in headers.items() |
| 248 | + } |
212 | 249 |
|
213 | 250 |
|
214 | 251 | def _in_http_status_code_range( |
|
0 commit comments