Advanced Data Scrubbing - not understanding

grahamb · February 5, 2021, 10:30pm

I’m attempting to use Advanced Data Scrubbing to remove some sensitive data from a payload being sent as extras.currentState. The payload is a deeply nested object, but it looks something like this:

{
  "context": {
    "viewer": {
      "admin": true,
      "__typename": "Viewer",
      "roles": ["aaaaa", "bbbbb", "ccccc"],
      "user": {
        "username": "someusername",
        "hardwareToken": null,
        "enrolledTOTP": true,
        "roles": ["role1", "role2", "role3"],
        "backupCodes": null,
        "__typename": "User",
        "trustedBrowsers": [],
        "registration": null,
      }
    },
    "client": { "mutate": "[Function: bound ]", "query": "[Function: bound ]" },
    "error": "[undefined]"
  }
}

I specifically want to filter the extras.currentState,context.viewer.userbackupCodes property, which may either be null or an Array. I’ve tried various incantations in the Advanced Data Scrubbing settings for the project, but none have worked. Any suggestions?

untitaker · February 5, 2021, 10:50pm

Which incantations have you tried? [Remove] [Anything] from [extras.currentState.context.viewer.userbackupCodes] should work.

grahamb · February 5, 2021, 11:17pm

That’s actually what I currently have there, and it doesn’t work (in this case it’s None because the value is null but what’s more important is redacting it when it’s an array of data). When I tried earlier with having it replace the data rather than remove it, it would never be replaced.

Screen Shot 2021-02-05 at 15.11.48

grahamb · February 5, 2021, 11:30pm

Ah, I think I understand it now – it’s not removing them because there’s nothing to remove since the value is null. I tried with a different array field, and it’s kind of working; it’s finding the field, but instead replacing the values with another string or removing them, I’m seeing <invalid> instead. For example, in the roles field here, which I’ve configured with [Mask] [Anything] from [extra.currentState.context.viewer.user.roles.*] (the same thing happens if I use [Replace] instead of [Mask]).

Screen Shot 2021-02-05 at 15.29.13

untitaker · February 6, 2021, 1:31am

Yeah in principle removing only ever nulls out data. We’ll get the <Invalid> thing fixed, that definitely should not happen.

priscilawebdev · February 12, 2021, 12:37pm

Thanks for letting us know about this issue. It was fixed today through this PR: fix(pii): Fix wrong Pii replacement by priscilawebdev · Pull Request #23828 · getsentry/sentry · GitHub

Topic		Replies	Views
Additional data is getting agressively truncated / trimmed	6	2824	October 15, 2018
Trouble using filtering out using 'Additional sensitive fields'	9	3399	September 12, 2016
Advanced Data Scrubbing issue	2	763	October 2, 2020
Disable "Sensitive Data" still not allow view sensitive info On-Premise	1	970	July 3, 2018
All http header, query string and body parameters are shown [Filtered] by data scrubber	6	5575	March 2, 2017

Advanced Data Scrubbing - not understanding

Related topics