CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-26 18:43:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sentry: Scrub secrets from event details

Browse Source
This commit is contained in:
Raphael Michel
2026-05-23 17:57:06 +02:00
parent e4da2e5e03
commit 36e2d4334e
2 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/pretix/sentry.py
View File

@@ -19,12 +19,18 @@
# You should have received a copy of the GNU Affero General Public License along with this program. If not, see # You should have received a copy of the GNU Affero General Public License along with this program. If not, see
# <https://www.gnu.org/licenses/>. # <https://www.gnu.org/licenses/>.
# #
import re
import typing
import weakref import weakref
from celery.exceptions import Retry from celery.exceptions import Retry
from sentry_sdk import Hub from sentry_sdk import Hub
from sentry_sdk.integrations import django as djangosentry from sentry_sdk.integrations import django as djangosentry
from sentry_sdk.utils import capture_internal_exceptions from sentry_sdk.scrubber import EventScrubber
from sentry_sdk.utils import AnnotatedValue, capture_internal_exceptions
if typing.TYPE_CHECKING:
from sentry_sdk._types import Event
def _make_event_processor(weak_request, integration): def _make_event_processor(weak_request, integration):
@@ -96,3 +102,32 @@ def setup_custom_filters():
hub = Hub.current hub = Hub.current
with hub.configure_scope() as scope: with hub.configure_scope() as scope:
scope.add_event_processor(ignore_retry) scope.add_event_processor(ignore_retry)
class PretixEventScrubber(EventScrubber):
secret_re = re.compile(
'.*(pretixsecret|ramiiosecret|PRIVATE KEY|://[^/@:]*:[^/@:]+@).*',
re.IGNORECASE
)
def scrub_dict(self, d: object) -> None:
if not isinstance(d, dict):
return
super().scrub_dict(d)
self._scrub_dict_for_known_secrets(d)
def _scrub_dict_for_known_secrets(self, d: dict):
for k, v in d.items():
if isinstance(v, str) and self.secret_re.match(v):
d[k] = AnnotatedValue.substituted_because_contains_sensitive_data()
def scrub_exception(self, event: "Event") -> None:
with capture_internal_exceptions():
if "exception" in event:
self.scrub_dict(event["exception"])
def scrub_event(self, event: "Event") -> None:
super().scrub_event(event)
self.scrub_exception(event)
print(event)

6
src/pretix/settings.py
View File

@@ -704,9 +704,9 @@ if config.has_option('sentry', 'dsn') and not any(c in sys.argv for c in ('shell
from sentry_sdk.integrations.logging import ( from sentry_sdk.integrations.logging import (
LoggingIntegration, ignore_logger, LoggingIntegration, ignore_logger,
) )
from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST from sentry_sdk.scrubber import DEFAULT_DENYLIST
from .sentry import PretixSentryIntegration, setup_custom_filters from .sentry import PretixSentryIntegration, PretixEventScrubber, setup_custom_filters
SENTRY_TOKEN = config.get('sentry', 'traces_sample_token', fallback='') SENTRY_TOKEN = config.get('sentry', 'traces_sample_token', fallback='')
pretix_denylist = DEFAULT_DENYLIST + [ pretix_denylist = DEFAULT_DENYLIST + [
@@ -739,7 +739,7 @@ if config.has_option('sentry', 'dsn') and not any(c in sys.argv for c in ('shell
traces_sampler=traces_sampler, traces_sampler=traces_sampler,
environment=urlparse(SITE_URL).netloc, environment=urlparse(SITE_URL).netloc,
release=__version__, release=__version__,
event_scrubber=EventScrubber(denylist=pretix_denylist, recursive=True), event_scrubber=PretixEventScrubber(denylist=pretix_denylist, recursive=True),
send_default_pii=False, send_default_pii=False,
propagate_traces=False, # see https://github.com/getsentry/sentry-python/issues/1717 propagate_traces=False, # see https://github.com/getsentry/sentry-python/issues/1717
) )