Add sensitive data control

Author: antonpirker

sentry_sdk/integrations/rust_tracing.py

@@ -37,6 +37,7 @@
 import sentry_sdk
 from sentry_sdk.integrations import Integration
 from sentry_sdk.tracing import Span as SentrySpan
+from sentry_sdk.utils import SENSITIVE_DATA_SUBSTITUTE
 
 TraceState = Optional[Tuple[Optional[SentrySpan], SentrySpan]]
 
@@ -149,10 +150,12 @@ def __init__(
             [Dict[str, Any]], EventTypeMapping
         ] = default_event_type_mapping,
         span_filter: Callable[[Dict[str, Any]], bool] = default_span_filter,
+        send_sensitive_data: bool = None,
     ):
         self.origin = origin
         self.event_type_mapping = event_type_mapping
         self.span_filter = span_filter
+        self.send_sensitive_data = send_sensitive_data
 
     def on_event(self, event: str, _span_state: TraceState) -> None:
         deserialized_event = json.loads(event)
@@ -221,9 +224,19 @@ def on_record(self, span_id: str, values: str, span_state: TraceState) -> None:
             return
         _parent_sentry_span, sentry_span = span_state
 
+        client_options = sentry_sdk.get_client().options
+        send_sensitive_data = (
+            client_options["send_default_pii"]
+            if self.send_sensitive_data is None
+            else self.send_sensitive_data
+        )
+
         deserialized_values = json.loads(values)
         for key, value in deserialized_values.items():
-            sentry_span.set_data(key, value)
+            if send_sensitive_data:
+                sentry_span.set_data(key, value)
+            else:
+                sentry_span.set_data(key, SENSITIVE_DATA_SUBSTITUTE)
 
 
 class RustTracingIntegration(Integration):
@@ -246,11 +259,13 @@ def __init__(
             [Dict[str, Any]], EventTypeMapping
         ] = default_event_type_mapping,
         span_filter: Callable[[Dict[str, Any]], bool] = default_span_filter,
+        send_sensitive_data: Optional[bool] = None,
     ):
         self.identifier = identifier
-
         origin = f"auto.function.rust_tracing.{identifier}"
-        self.tracing_layer = RustTracingLayer(origin, event_type_mapping, span_filter)
+        self.tracing_layer = RustTracingLayer(
+            origin, event_type_mapping, span_filter, send_sensitive_data
+        )
 
         initializer(self.tracing_layer)
 

tests/integrations/rust_tracing/test_rust_tracing.py

@@ -1,3 +1,5 @@
+import pytest
+
 from string import Template
 from typing import Dict
 
@@ -360,7 +362,11 @@ def span_filter(metadata: Dict[str, object]) -> bool:
 
 def test_record(sentry_init):
     rust_tracing = FakeRustTracing()
-    integration = RustTracingIntegration("test_record", rust_tracing.set_layer_impl)
+    integration = RustTracingIntegration(
+        "test_record",
+        initializer=rust_tracing.set_layer_impl,
+        send_sensitive_data=True,
+    )
     sentry_init(integrations=[integration], traces_sample_rate=1.0)
 
     with start_transaction():
@@ -400,3 +406,45 @@ def span_filter(metadata: Dict[str, object]) -> bool:
         # `on_record()` should not do anything to the current Sentry span if the associated Rust span was ignored
         span_after_record = sentry_sdk.get_current_span().to_json()
         assert span_after_record["data"]["version"] is None
+
+
+@pytest.mark.parametrize(
+    "send_default_pii, send_sensitive_data, sensitive_data_expected",
+    [
+        (True, True, True),
+        (True, False, False),
+        (True, None, True),
+        (False, True, True),
+        (False, False, False),
+        (False, None, False),
+    ],
+)
+def test_sensitive_data(
+    sentry_init, send_default_pii, send_sensitive_data, sensitive_data_expected
+):
+    rust_tracing = FakeRustTracing()
+    integration = RustTracingIntegration(
+        "test_record",
+        initializer=rust_tracing.set_layer_impl,
+        send_sensitive_data=send_sensitive_data,
+    )
+
+    sentry_init(
+        integrations=[integration],
+        traces_sample_rate=1.0,
+        send_default_pii=send_default_pii,
+    )
+    with start_transaction():
+        rust_tracing.new_span(RustTracingLevel.Info, 3)
+
+        span_before_record = sentry_sdk.get_current_span().to_json()
+        assert span_before_record["data"]["version"] is None
+
+        rust_tracing.record(3)
+
+        span_after_record = sentry_sdk.get_current_span().to_json()
+
+        if sensitive_data_expected:
+            assert span_after_record["data"]["version"] == "memoized"
+        else:
+            assert span_after_record["data"]["version"] == "[Filtered]"