Url parameter secrets are not sanitized by default in ASP.NET
Closed this issue · 6 comments
Package
Sentry
.NET Flavor
.NET
.NET Version
8.0.0
OS
Any (not platform specific)
SDK Version
4.6.2
Self-Hosted Sentry Version
No response
Steps to Reproduce
- Create endpoint with an url parameter named
secret
- Send trace using Sentry
Expected Result
Url parameter would be masked (like with user ids).
Actual Result
Url parameter is not masked and full unmasked path is send to Sentry.
Thanks for reaching out. That does sound like something that we probably should not do. Let me get back to you.
It looks like we have something to redact PII but nothing for secrets or sensitive information more generally:
sentry-dotnet/src/Sentry/SentryClient.cs
Lines 167 to 170 in c96e3ef
If we did add something more generic to redact sensitive information, it would have to be flexible/configurable, as the kinds of things that indicate whether something is sensitive or not would definitely be culture specific and likely domain specific as well.
Possibly something like List<Regex> RedactUrlParameters
on the SentryOptions
.
Possibly something like List RedactUrlParameters on the SentryOptions.
I really like this idea. Let me check with the other SDKs if they have something like that in place.
I found an event scrubber
on the Python SDK that has an extendable deny-list.
I found an
event scrubber
on the Python SDK that has an extendable deny-list.
Looks like that scrubs everything.
I can't see any reference to this in the Developer Docs but we could just mimic the behaviour of the Python SDK.
Python has a default deny-list.