From 971835148fec8f34f4f92b3b77ad505b03e9f7b2 Mon Sep 17 00:00:00 2001 From: Neel Shah Date: Mon, 23 Sep 2024 17:59:12 +0200 Subject: [PATCH] feat(python): Update EventScrubber docs with new pii denylist (#11154) --- docs/platforms/python/configuration/options.mdx | 2 +- .../configuration/event-scrubber/python.mdx | 11 +++++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/platforms/python/configuration/options.mdx b/docs/platforms/python/configuration/options.mdx index 140d266d2383f..586863249fbfb 100644 --- a/docs/platforms/python/configuration/options.mdx +++ b/docs/platforms/python/configuration/options.mdx @@ -111,7 +111,7 @@ If you enable this option, be sure to manually remove what you don't want to sen -If is turned off, scrubs the event payload for sensitive information from a `denylist`. See how to [configure the scrubber here](../../data-management/sensitive-data/#event-scrubber). +Scrubs the event payload for sensitive information such as cookies, sessions, and passwords from a `denylist`. It can additionally be used to scrub from another `pii_denylist` if is disabled. See how to [configure the scrubber here](../../data-management/sensitive-data/#event-scrubber). diff --git a/platform-includes/configuration/event-scrubber/python.mdx b/platform-includes/configuration/event-scrubber/python.mdx index c2e79d76d9342..b9111394fc5e1 100644 --- a/platform-includes/configuration/event-scrubber/python.mdx +++ b/platform-includes/configuration/event-scrubber/python.mdx @@ -1,4 +1,6 @@ -If is set to `False`, the default scrubber implementation will run automatically and filter anything in the [`denylist`](https://github.com/getsentry/sentry-python/blob/1.18.0/sentry_sdk/scrubber.py#L17-L58) from [potentially sensitive interfaces](/platforms/python/data-collected/) in the event payload. +The default scrubber implementation will run automatically and filter anything in the [`denylist`](https://github.com/getsentry/sentry-python/blob/4b361c5c008aec1a33cf521014edc0297fbf89c1/sentry_sdk/scrubber.py#L15-L56) from [potentially sensitive interfaces](/platforms/python/data-collected/) in the event payload. These are typically security values such as passwords, authentication, sessions, cookies, and CSRF tokens. + +Additionally, if is set to `False`, the scrubber will also filter from a separate `pii_denylist` that typically has PII values such as IP addresses. ```python import sentry_sdk @@ -11,18 +13,19 @@ sentry_sdk.init( ) ``` -You can also pass in a custom `denylist` to the `EventScrubber` class and filter additional fields that you want. +You can also pass in a custom `denylist` or `pii_denylist` to the `EventScrubber` class and filter additional fields that you want. Make sure you extend the current lists if you want to use the default lists as well. ```python -from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST +from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST, DEFAULT_PII_DENYLIST # custom denylist denylist = DEFAULT_DENYLIST + ["my_sensitive_var"] +pii_denylist = DEFAULT_PII_DENYLIST + ["my_private_var"] sentry_sdk.init( # ... send_default_pii=False, - event_scrubber=EventScrubber(denylist=denylist), + event_scrubber=EventScrubber(denylist=denylist, pii_denylist=pii_denylist), ) ```