fix: remove inconsistent PII filtering from rust_tracing integration #3773
+2
−63
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
the web framework CI failures do not appear related to my change but maybe they will go away with a re-run or a merge later |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
the PII filtering in the merged version treats span data set in
on_new_span()as safe but span data set inon_record()as sensitive. in actuality, they're two different ways to set the same thing, so they should be treated the samebelow i lay out my reasoning for removing this PII filtering. there is a tiny bit more work to do either way:
pyo3-python-tracing-subscriberto call out thetracingdocs for excluding specific fields that the developer knows are sensitiveon_new_span()andon_record()and then update my docs branch to document thesend_sensitive_dataargument and filtering behavior(the aforementioned docs branch)
the full scoop
some detail on `tracing` behavior
the
#[tracing::instrument(fields(extra1=5, extra2)]attribute at the top of a function adds all of the function's arguments + extra fields listed in the attribute arguments as span data. whenon_new_span()is called it will include all of the function arguments and fields, with one exception: fields without default values are not "recorded", soextra2in this example will be omitted.during the span,
Span::current().record(field, val)can be called to set a value forextra2after the function starts. it can also overwrite a value for an already-assigned field.on_record()will be called with the recorded fields/values.to summarize,
on_new_span()andon_record()are setting the same data, buton_new_span()sets the data to its default value at the beginning of the function andon_record()can set the data to new values after the function has begun.the data we get from
tracingamounts to stack-local variables and log statements which the Python "Scrubbing Sensitive Data" page list in the section forbefore_send/before_send_transaction. the python SDK also hasevent_scrubberfor this.additionally, this integration is basically a port of the Rust SDK's
tracingintegration which does not use the Rust SDK's version ofshould_send_default_pii()in this way (on_record()link). the Rust "Scrubbing Sensitive Data" page also describes tracing data in the section forbefore_send/before_send_transactionit seems our SDKs typically don't use all-or-nothing filtering for data like this. instead they allow the user to provide targeted filtering at the SDK level with
before_send/before_send_transaction/event_scrubber. this PR takes that approach for this integration