Add option to drop scrubbed user IP addresses#6241
Add option to drop scrubbed user IP addresses#6241juliosuas wants to merge 1 commit intogetsentry:masterfrom
Conversation
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| if isinstance(user, dict) and "ip_address" in self.denylist: | ||
| user.pop("ip_address", None) | ||
| self.scrub_dict(user) |
There was a problem hiding this comment.
Bug: Removing user.ip_address via pop instead of letting the scrubber replace it breaks backward-compatibility tests that expect the field to be present and marked as "[Filtered]".
Severity: MEDIUM
Suggested Fix
Revert the logic to allow the scrub_dict function to handle the scrubbing of ip_address. Instead of preemptively removing the key with user.pop("ip_address", None), let the existing scrubbing mechanism process it. This will replace the value with "[Filtered]" and generate the necessary _meta annotations, maintaining backward compatibility.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: sentry_sdk/scrubber.py#L141-L143
Potential issue: When `send_default_pii=False`, the new logic in `EventScrubber`
preemptively removes `user.ip_address` by calling `user.pop("ip_address", None)`. This
occurs before the `scrub_dict` function is executed. As a result, `scrub_dict` never
processes the `ip_address` field, so it is not replaced with `"[Filtered]"` and the
corresponding `_meta` scrubbing annotation is not created. This breaks several
backward-compatibility tests in
`tests/new_scopes_compat/test_new_scopes_compat_event.py` that assert the presence of
the scrubbed value and its metadata.
Did we get this right? 👍 / 👎 to inform future reviews.
juliosuas
force-pushed
the
fix/5701-drop-scrubbed-user-ip
branch
2 times, most recently
from
a6083fb to
1f0e89b
Compare
juliosuas
changed the title
ericapisani
left a comment
ericapisani
left a comment
There was a problem hiding this comment.
Thanks for opening a PR! These changes are generally looking good, just one small adjustment before we're good to ship 
| if isinstance(user, dict) and "ip_address" in self.denylist: | ||
| user.pop("ip_address", None) |
There was a problem hiding this comment.
This is the right idea, but let's make one further optimization:
| if isinstance(user, dict) and "ip_address" in self.denylist: | |
| user.pop("ip_address", None) | |
| if "ip_address" in self.denylist and isinstance(user, dict): | |
| user.pop("ip_address", None) |
By moving the "ip_address" in self.denylist earlier in the conditional and evaluating it first, it means that we can ignore the second condition if the first isn't satisfied.
juliosuas
force-pushed
the
fix/5701-drop-scrubbed-user-ip
branch
from
1f0e89b to
26e6a22
Compare
2 participants
Summary
Fixes #5701 by adding an EventScrubber option to remove
user.ip_addressinstead of replacing it with[Filtered].This avoids emitting
[Filtered]in a field Relay expects to be a valid IP address, while preserving the existing default behavior for backward compatibility. By default,user.ip_addressis still scrubbed through the normal scrubber path and keeps the_metaannotation.Testing
python -m pytest tests/test_scrubber.py tests/new_scopes_compat/test_new_scopes_compat_event.py -qruff check sentry_sdk/scrubber.py tests/test_scrubber.pyruff format --check sentry_sdk/scrubber.py tests/test_scrubber.pygit diff --check