Closed Bug 1764570 Opened 3 years ago Closed 2 years ago

implement sensitive data scrubbing for sentry (socorro)

Categories

(Socorro :: General, task, P2)

Product:
Socorro
Component:
General
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: willkg, Assigned: willkg)

References

Details

Attachments

(5 files)

pr 6121: bug 1764570: implement sentry pii scrubbing
53 bytes, text/x-github-pull-request
Details | Review
pr 6122: bug 1764570: fix predicate rule that had wrong arg names
53 bytes, text/x-github-pull-request
Details | Review
pr 6123: bug 1764570: fix basedir and host_id for processor app sentry events
53 bytes, text/x-github-pull-request
Details | Review
pr 6124: bug 1764570: update to fillmore 0.1.1; drop capture_error
53 bytes, text/x-github-pull-request
Details | Review
pr 6134: bug 1764570: update fillmore to 0.1.2; fix fillmore logging
53 bytes, text/x-github-pull-request
Details | Review

We updated to sentry-sdk. Now that we're using that, we need to make sure we're not sending PII along with Sentry error reports.

The Socorro webapp has some sanitizing code. I think we can generalize that, combine it with the code in socorro/lib/sentry_client.py so we have a single module that we use for setting Sentry up, sanitizing events, and providing some other functionality.

Grabbing this because it's blocking the migration.

Assignee: nobody → willkg
Status: NEW → ASSIGNED
Summary: implement pii sanitizing for sentry → implement pii sanitizing for sentry (socorro)
Summary: implement pii sanitizing for sentry (socorro) → implement sensitive data scrubbing for sentry (socorro)

I did a lot of the R&D work in bug #1764569.

There's a Sentry migration doc that contains analysis on what we need to scrub and how here:

https://docs.google.com/document/d/1sIT80jMVa11T3g2GgCSCchHrMksC71fosr9VgOqAYQM/edit#heading=h.vibvf76xo2th

We're going to use the newly developed Fillmore library (https://pypi.org/project/fillmore/) to scrub Sentry events.

This adds two new metrics we need to add to the dashboard:

  • webapp.crashstats.apps.sentry_scrub_error
  • processor.sentry_scrub_error

These aren't prefixed with "socorro". Maybe when we move to GCP we can fix that.

I deployed this in bug #1782791 just now. I checked Grafana and Sentry and everything looks ok. Any new issues, we'll do new bugs. Marking as FIXED.

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: