feat: send_default_pii flag

Author: untitaker

.flake8

@@ -1,5 +1,5 @@
 [flake8]
-ignore = E203, E266, E501, W503, E402
+ignore = E203, E266, E501, W503, E402, E731
 max-line-length = 80
 max-complexity = 18
 select = B,C,E,F,W,T4,B9

docs/django.md

@@ -9,10 +9,16 @@ In your ``settings.py``:
 
 * All exceptions are reported.
 
-* Request data is attached to your events.
+* A bit of data is attached to each event:
 
-* The current user ID, email and username from ``django.contrib.auth`` is
-  attached to your events.
+    * Personally identifiable information (such as user ids, usernames,
+      cookies, authorization headers, ip addresses) is excluded unless
+      ``send_default_pii`` is set to ``true``. See ``README.md``, section "PII"
+
+    * Request data is attached to all events.
+
+    * If you have ``django.contrib.auth`` installed and configured, user data
+      (current user id, email address, username) is attached to the event.
 
 * Logging with any logger will create breadcrumbs. See logging docs for more
   information.

docs/flask.md

@@ -1,5 +1,6 @@
 # Using Sentry with Flask
 
+
     from sentry_sdk.integrations.flask import FlaskIntegration
     from sentry_sdk import init
 
@@ -14,7 +15,16 @@
 * The Flask integration will be installed for all of your apps. It hooks into
   Flask's signals, not anything on the app object.
 
-* Request data is attached to all events.
+* A bit of data is attached to each event:
+
+    * Personally identifiable information (such as user ids, usernames,
+      cookies, authorization headers, ip addresses) is excluded unless
+      ``send_default_pii`` is set to ``true``. See ``README.md``, section "PII"
+
+    * Request data is attached to all events.
+
+    * If you have Flask-Login installed and configured, user data is attached to
+      the event.
 
 * All exceptions leading to a Internal Server Error are reported.
 

sentry_sdk/client.py

@@ -86,7 +86,7 @@ def _prepare_event(self, event, scope):
         ):
             raise SkipEvent()
 
-        event = strip_event(event)
+        event = strip_event(event, client=self)
         event = flatten_metadata(event)
         return event
 

sentry_sdk/consts.py

@@ -15,6 +15,7 @@
     "dist": None,
     "transport": None,
     "sample_rate": 1.0,
+    "send_default_pii": False,
 }
 
 SDK_INFO = {"name": "sentry-python", "version": VERSION}

sentry_sdk/stripping.py

@@ -23,6 +23,8 @@ def inner(obj):
                 rv[k], meta[k] = inner(v)
                 if meta[k] is None:
                     del meta[k]
+                if rv[k] is None:
+                    del rv[k]
             return rv, (meta or None)
         if isinstance(obj, Sequence) and not isinstance(obj, (text_type, bytes)):
             rv = []
@@ -43,7 +45,7 @@ def inner(obj):
     return obj
 
 
-def strip_event(event):
+def strip_event(event, client=None):
     old_frames = event.get("stacktrace", {}).get("frames", None)
     if old_frames:
         event["stacktrace"]["frames"] = [strip_frame(frame) for frame in old_frames]
@@ -52,6 +54,32 @@ def strip_event(event):
     if old_request_data:
         event["request"]["data"] = strip_databag(old_request_data)
 
+    if not client or not client.options["send_default_pii"]:
+        event = strip_default_pii(event)
+
+    return event
+
+
+def strip_default_pii(event):
+    gone = lambda: AnnotatedValue(None, {"rem": [["!strip_default_pii", "x"]]})
+
+    if event.get("user"):
+        event["user"] = gone()
+
+    request = event.get("request")
+    if request:
+        if request.get("cookies"):
+            request["cookies"] = gone()
+        if request.get("headers"):
+            headers = request["headers"]
+            for key in list(headers):
+                if key.lower().replace("_", "-") in (
+                    "set-cookie",
+                    "cookie",
+                    "authentication",
+                ):
+                    headers[key] = gone()
+
     return event
 
 
@@ -63,7 +91,7 @@ def strip_frame(frame):
 def strip_databag(obj, remaining_depth=20):
     assert not isinstance(obj, bytes), "bytes should have been normalized before"
     if remaining_depth <= 0:
-        return AnnotatedValue(None, {"": {"rem": [["!dep", "x"]]}})
+        return AnnotatedValue(None, {"rem": [["!dep", "x"]]})
     if isinstance(obj, text_type):
         return strip_string(obj)
     if isinstance(obj, Mapping):

tests/integrations/django/myapp/settings.py

@@ -136,5 +136,5 @@ def process_response(self, request, response):
 STATIC_URL = "/static/"
 
 sentry_sdk.get_current_hub().bind_client(
-    sentry_sdk.Client(integrations=[DjangoIntegration()])
+    sentry_sdk.Client(integrations=[DjangoIntegration()], send_default_pii=True)
 )

tests/integrations/flask/test_flask.py

@@ -115,9 +115,15 @@ def test_flask_login_partially_configured(
     assert event.get("user", {}).get("id") is None
 
 
+@pytest.mark.parametrize("send_default_pii", [True, False])
 @pytest.mark.parametrize("user_id", [None, "42", 3])
-def test_flask_login_configured(sentry_init, app, user_id, capture_events, monkeypatch):
-    sentry_init(integrations=[flask_sentry.FlaskIntegration()])
+def test_flask_login_configured(
+    send_default_pii, sentry_init, app, user_id, capture_events, monkeypatch
+):
+    sentry_init(
+        send_default_pii=send_default_pii,
+        integrations=[flask_sentry.FlaskIntegration()],
+    )
 
     class User(object):
         is_authenticated = is_active = True
@@ -146,7 +152,7 @@ def login():
     assert client.get("/message").status_code == 200
 
     event, = events
-    if user_id is None:
+    if user_id is None or not send_default_pii:
         assert event.get("user", {}).get("id") is None
     else:
         assert event["user"]["id"] == str(user_id)