Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly filter URL with an email address in it #1418

Closed
Tracked by #39
krystofwoldrich opened this issue May 2, 2023 · 1 comment · Fixed by #1424
Closed
Tracked by #39

Correctly filter URL with an email address in it #1418

krystofwoldrich opened this issue May 2, 2023 · 1 comment · Fixed by #1424
Assignees
@denrase
Labels
bug Platform: Dart
Milestone
7.x

Comments

@krystofwoldrich
Copy link
Member

Description

Based on #1412 (comment)

This function doesn't filter out email addresses in URLs correctly.

sentry-dart/dart/lib/src/utils/http_sanitizer.dart

Lines 63 to 75 in c4f1621

static String _urlWithAuthRemoved(String url) {
final userInfoMatch = _authRegExp.firstMatch(url);
if (userInfoMatch != null && userInfoMatch.groupCount == 3) {
final userInfoString = userInfoMatch.group(2) ?? '';
final replacementString = userInfoString.contains(":")
? "[Filtered]:[Filtered]@"
: "[Filtered]@";
return '${userInfoMatch.group(1) ?? ''}$replacementString${userInfoMatch.group(3) ?? ''}';
} else {
return url;
}
}
}

Example URL: staging.server.com/api/v4/auth/password/reset/[email protected]

The output is https://[Filtered]@example.com but @example.com is part of the email and not the URL or userInfo.
@krystofwoldrich krystofwoldrich mentioned this issue May 2, 2023
Open
@marandaneto marandaneto added this to the 7.x milestone May 5, 2023
@marandaneto
Copy link
Contributor

Btw also add tests for other symbols that may break the parsing or Regex, maybe there are more cases besides @.

@denrase denrase mentioned this issue May 8, 2023
Merged
6 tasks
@kahest kahest mentioned this issue Nov 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@denrase denrase

Labels
bug Platform: Dart
Projects
Mobile & Cross Platform SDK
Archived in project
Milestone
7.x
Development

Successfully merging a pull request may close this issue.

Fix authority redaction getsentry/sentry-dart
3 participants
@denrase @marandaneto @krystofwoldrich