Advanced Data Scrubbing - not understanding

I’m attempting to use Advanced Data Scrubbing to remove some sensitive data from a payload being sent as extras.currentState. The payload is a deeply nested object, but it looks something like this:

  "context": {
    "viewer": {
      "admin": true,
      "__typename": "Viewer",
      "roles": ["aaaaa", "bbbbb", "ccccc"],
      "user": {
        "username": "someusername",
        "hardwareToken": null,
        "enrolledTOTP": true,
        "roles": ["role1", "role2", "role3"],
        "backupCodes": null,
        "__typename": "User",
        "trustedBrowsers": [],
        "registration": null,
    "client": { "mutate": "[Function: bound ]", "query": "[Function: bound ]" },
    "error": "[undefined]"

I specifically want to filter the extras.currentState,context.viewer.userbackupCodes property, which may either be null or an Array. I’ve tried various incantations in the Advanced Data Scrubbing settings for the project, but none have worked. Any suggestions?

Which incantations have you tried? [Remove] [Anything] from [extras.currentState.context.viewer.userbackupCodes] should work.

1 Like

That’s actually what I currently have there, and it doesn’t work (in this case it’s None because the value is null but what’s more important is redacting it when it’s an array of data). When I tried earlier with having it replace the data rather than remove it, it would never be replaced.

Screen Shot 2021-02-05 at 15.11.48

Ah, I think I understand it now – it’s not removing them because there’s nothing to remove since the value is null. I tried with a different array field, and it’s kind of working; it’s finding the field, but instead replacing the values with another string or removing them, I’m seeing <invalid> instead. For example, in the roles field here, which I’ve configured with [Mask] [Anything] from [extra.currentState.context.viewer.user.roles.*] (the same thing happens if I use [Replace] instead of [Mask]).

Screen Shot 2021-02-05 at 15.29.13

Yeah in principle removing only ever nulls out data. We’ll get the <Invalid> thing fixed, that definitely should not happen.

Thanks for letting us know about this issue. It was fixed today through this PR: fix(pii): Fix wrong Pii replacement by priscilawebdev · Pull Request #23828 · getsentry/sentry · GitHub

1 Like