sentry-java icon indicating copy to clipboard operation
sentry-java copied to clipboard
verified publisher icon getsentry

Make File I/O instrumentation configurable to not log filename/path

Open devPalacio opened this issue 1 year ago • 4 comments

Problem Statement

I want to be able to use the file.read span without exposing user’s file paths. Currently, the filename is captured under Description and there’s also a file.path field in the data of the span.

In a perfect world I'd like to keep the file extension and file size. We're currently using data scrubbing rules to redact this information.

Solution Brainstorm

Expose a setting in SentryPluginExtension such as

sentry {
logFileNames = false
}

devPalacio avatar Apr 03 '24 19:04 devPalacio

hi @devPalacio that makes sense! it'd have to be part of SentryOptions though and done at runtime rather than build time, but I guess it's also fine for you? Reason is, file i/o instrumentation can also be used manually, bypassing the gradle plugin magic, so we better expose this option at runtime

romtsn avatar Apr 03 '24 20:04 romtsn

Ya'll would have the best context on how to best implement it. Runtime works for me!

devPalacio avatar Apr 04 '24 15:04 devPalacio

@devPalacio we have the option sendDefaultPii. We just don't apply this flag for the file path on Android. Would it work to have this behaviour under the same sendDefaultPii option? For the meantime we can add another option. When releasing the next major, we will evaluate to keep it or put everything under sendDefaultPii

stefanosiano avatar Apr 10 '24 13:04 stefanosiano

Putting this behavior under the existing pii option would be great, I'm not too picky on how ya'll decide to implement it.

devPalacio avatar Apr 10 '24 13:04 devPalacio