Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(normalization): bypass host scrubbing via allow list #3813

Merged
merged 11 commits into from
Aug 2, 2024
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@
- Report outcomes for spans when transactions are rate limited. ([#3749](https://github.com/getsentry/relay/pull/3749))
- Only transfer valid profile ids. ([#3809](https://github.com/getsentry/relay/pull/3809))

**Features**:
- Allow list for excluding certain host/IPs from scrubbing in spans. ([#3813](https://github.com/getsentry/relay/pull/3813))

**Internal**:

- Aggregate metrics before rate limiting. ([#3746](https://github.com/getsentry/relay/pull/3746))
Expand Down
1 change: 1 addition & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions relay-cabi/src/processing.rs
Original file line number Diff line number Diff line change
Expand Up @@ -273,6 +273,7 @@ pub unsafe extern "C" fn relay_store_normalizer_normalize_event(
measurements: None,
normalize_spans: config.normalize_spans,
replay_id: config.replay_id,
span_allowed_hosts: &[], // only supported in relay
};
normalize_event(&mut event, &normalization_config);

Expand Down
1 change: 1 addition & 0 deletions relay-dynamic-config/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ relay-quotas = { workspace = true }
relay-sampling = { workspace = true }
serde = { workspace = true }
serde_json = { workspace = true }
url = { workspace = true }

[dev-dependencies]
similar-asserts = { workspace = true }
11 changes: 11 additions & 0 deletions relay-dynamic-config/src/global.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ use relay_filter::GenericFiltersConfig;
use relay_quotas::Quota;
use serde::{de, Deserialize, Serialize};
use serde_json::Value;
use url::Host;

use crate::{defaults, ErrorBoundary, MetricExtractionGroup, MetricExtractionGroups};

Expand Down Expand Up @@ -225,6 +226,16 @@ pub struct Options {
)]
pub extrapolation_duplication_limit: usize,

/// List of values on span description that are allowed to be sent to Sentry without being scrubbed.
///
/// At this point, it doesn't accept IP addresses in CIDR format.. yet.
#[serde(
rename = "relay.span-normalization.allowed_hosts",
deserialize_with = "default_on_error",
skip_serializing_if = "Vec::is_empty"
)]
pub http_span_allowed_hosts: Vec<Host>,

/// All other unknown options.
#[serde(flatten)]
other: HashMap<String, Value>,
Expand Down
11 changes: 10 additions & 1 deletion relay-event-normalization/src/event.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ use relay_protocol::{
RemarkType, Value,
};
use smallvec::SmallVec;
use url::Host;
use uuid::Uuid;

use crate::normalize::request;
Expand Down Expand Up @@ -154,6 +155,9 @@ pub struct NormalizationConfig<'a> {
///
/// It is persisted into the event payload for correlation.
pub replay_id: Option<Uuid>,

/// Controls list of hosts to be excluded from scrubbing
pub span_allowed_hosts: &'a [Host],
}

impl<'a> Default for NormalizationConfig<'a> {
Expand Down Expand Up @@ -185,6 +189,7 @@ impl<'a> Default for NormalizationConfig<'a> {
measurements: None,
normalize_spans: true,
replay_id: Default::default(),
span_allowed_hosts: Default::default(),
}
}
}
Expand Down Expand Up @@ -323,7 +328,11 @@ fn normalize(event: &mut Event, meta: &mut Meta, config: &NormalizationConfig) {
}

if config.enrich_spans {
extract_span_tags_from_event(event, config.max_tag_value_length);
extract_span_tags_from_event(
event,
config.max_tag_value_length,
config.span_allowed_hosts,
);
}

if let Some(context) = event.context_mut::<TraceContext>() {
Expand Down
36 changes: 21 additions & 15 deletions relay-event-normalization/src/normalize/span/description/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ const DOMAIN_ALLOW_LIST: &[&str] = &["localhost"];
/// Returns `None` if no scrubbing can be performed.
pub(crate) fn scrub_span_description(
span: &Span,
span_allowed_hosts: &[Host],
) -> (Option<String>, Option<Vec<sqlparser::ast::Statement>>) {
let Some(description) = span.description.as_str() else {
return (None, None);
Expand All @@ -56,7 +57,7 @@ pub(crate) fn scrub_span_description(
.as_str()
.map(|op| op.split_once('.').unwrap_or((op, "")))
.and_then(|(op, sub)| match (op, sub) {
("http", _) => scrub_http(description),
("http", _) => scrub_http(description, span_allowed_hosts),
("cache", _) | ("db", "redis") => scrub_redis_keys(description),
("db", _) if db_system == Some("redis") => scrub_redis_keys(description),
("db", sub) => {
Expand Down Expand Up @@ -166,7 +167,7 @@ fn scrub_supabase(string: &str) -> Option<String> {
Some(DB_SUPABASE_REGEX.replace_all(string, "{%s}").into())
}

fn scrub_http(string: &str) -> Option<String> {
fn scrub_http(string: &str, allow_list: &[Host]) -> Option<String> {
let (method, url) = string.split_once(' ')?;
if !HTTP_METHOD_EXTRACTOR_REGEX.is_match(method) {
return None;
Expand All @@ -179,7 +180,7 @@ fn scrub_http(string: &str) -> Option<String> {
let scrubbed = match Url::parse(url) {
Ok(url) => {
let scheme = url.scheme();
let scrubbed_host = url.host().map(scrub_host);
let scrubbed_host = url.host().map(|host| scrub_host(host, allow_list));
let domain = concatenate_host_and_port(scrubbed_host.as_deref(), url.port());

format!("{method} {scheme}://{domain}")
Expand Down Expand Up @@ -222,10 +223,15 @@ fn scrub_file(description: &str) -> Option<String> {
/// use std::net::{Ipv4Addr, Ipv6Addr};
/// use relay_event_normalization::span::description::scrub_host;
///
/// assert_eq!(scrub_host(Host::Domain("foo.bar.baz")), "*.bar.baz");
/// assert_eq!(scrub_host(Host::Ipv4(Ipv4Addr::LOCALHOST)), "127.0.0.1");
/// assert_eq!(scrub_host(Host::Domain("foo.bar.baz"), &[]), "*.bar.baz");
/// assert_eq!(scrub_host(Host::Ipv4(Ipv4Addr::LOCALHOST), &[]), "127.0.0.1");
/// assert_eq!(scrub_host(Host::Ipv4(Ipv4Addr::new(8, 8, 8, 8)), &[Host::parse("8.8.8.8").unwrap()]), "8.8.8.8");
/// ```
pub fn scrub_host(host: Host<&str>) -> Cow<'_, str> {
pub fn scrub_host<'a>(host: Host<&'a str>, allow_list: &'a [Host]) -> Cow<'a, str> {
if allow_list.iter().any(|allowed_host| &host == allowed_host) {
return host.to_string().into();
}

match host {
Host::Ipv4(ip) => Cow::Borrowed(scrub_ipv4(ip)),
Host::Ipv6(ip) => Cow::Borrowed(scrub_ipv6(ip)),
Expand Down Expand Up @@ -394,7 +400,7 @@ fn scrub_resource(resource_type: &str, string: &str) -> Option<String> {
return Some("browser-extension://*".to_owned());
}
scheme => {
let scrubbed_host = url.host().map(scrub_host);
let scrubbed_host = url.host().map(|host| scrub_host(host, &[]));
let domain = concatenate_host_and_port(scrubbed_host.as_deref(), url.port());

let segment_count = url.path_segments().map(|s| s.count()).unwrap_or_default();
Expand Down Expand Up @@ -562,7 +568,7 @@ mod tests {
.description
.set_value(Some($description_in.into()));

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

if $expected == "" {
assert!(scrubbed.0.is_none());
Expand Down Expand Up @@ -1121,7 +1127,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();
let span = span.value_mut().as_mut().unwrap();
let scrubbed = scrub_span_description(span);
let scrubbed = scrub_span_description(span, &[]);
assert_eq!(scrubbed.0.as_deref(), Some("SELECT %s"));
}

Expand All @@ -1134,7 +1140,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

// When db.system is missing, no scrubbed description (i.e. no group) is set.
assert!(scrubbed.0.is_none());
Expand All @@ -1152,7 +1158,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

// Can be scrubbed with db system.
assert_eq!(scrubbed.0.as_deref(), Some("SELECT a FROM b"));
Expand All @@ -1170,7 +1176,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

// NOTE: this should return `DEL *`, but we cannot detect lowercase command names yet.
assert_eq!(scrubbed.0.as_deref(), Some("*"));
Expand All @@ -1186,7 +1192,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

assert_eq!(scrubbed.0.as_deref(), Some("INSERTED * 'UAEventData'"));
}
Expand All @@ -1201,7 +1207,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

assert_eq!(
scrubbed.0.as_deref(),
Expand All @@ -1221,7 +1227,7 @@ mod tests {

let mut span = Annotated::<Span>::from_json(json).unwrap();

let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap());
let scrubbed = scrub_span_description(span.value_mut().as_mut().unwrap(), &[]);

// Can be scrubbed with db system.
assert_eq!(scrubbed.0.as_deref(), Some("my-component-name"));
Expand Down
Loading
Loading