Skip to content

Commit 1354596

Browse files
untitakeruntitaker
authored
fix: Remove more headers containing IP addrs (getsentry#391)
See getsentry#350
1 parent 8d669f6 commit 1354596

File tree

2 files changed

+23
-4
lines changed

2 files changed

+23
-4
lines changed

sentry_sdk/integrations/_wsgi_common.py

+20-2
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,21 @@
1111
from typing import Union
1212

1313

14+
SENSITIVE_ENV_KEYS = (
15+
"REMOTE_ADDR",
16+
"HTTP_X_FORWARDED_FOR",
17+
"HTTP_SET_COOKIE",
18+
"HTTP_COOKIE",
19+
"HTTP_AUTHORIZATION",
20+
"HTTP_X_FORWARDED_FOR",
21+
"HTTP_X_REAL_IP",
22+
)
23+
24+
SENSITIVE_HEADERS = tuple(
25+
x[len("HTTP_") :] for x in SENSITIVE_ENV_KEYS if x.startswith("HTTP_")
26+
)
27+
28+
1429
class RequestExtractor(object):
1530
def __init__(self, request):
1631
# type: (Any) -> None
@@ -129,7 +144,10 @@ def _filter_headers(headers):
129144
return headers
130145

131146
return {
132-
k: v
147+
k: (
148+
v
149+
if k.upper().replace("-", "_") not in SENSITIVE_HEADERS
150+
else AnnotatedValue("", {"rem": [["!config", "x", 0, len(v)]]})
151+
)
133152
for k, v in iteritems(headers)
134-
if k.lower().replace("_", "-") not in ("set-cookie", "cookie", "authorization")
135153
}

sentry_sdk/integrations/wsgi.py

+3-2
Original file line numberDiff line numberDiff line change
@@ -100,8 +100,9 @@ def _get_environ(environ):
100100
"""
101101
keys = ["SERVER_NAME", "SERVER_PORT"]
102102
if _should_send_default_pii():
103-
# Add all three headers here to make debugging of proxy setup easier.
104-
keys += ["REMOTE_ADDR", "HTTP_X_FORWARDED_FOR", "HTTP_X_REAL_IP"]
103+
# make debugging of proxy setup easier. Proxy headers are
104+
# in headers.
105+
keys += ["REMOTE_ADDR"]
105106

106107
for key in keys:
107108
if key in environ:

0 commit comments

Comments
 (0)