Skip to content

Commit

Permalink
Depend solely on the jwt dependency
Browse files Browse the repository at this point in the history
Remove userId from baggage due to PII (getsentry#2157)

Rnemae jose dependency config name
  • Loading branch information
felixklauke committed Jul 11, 2022
1 parent c96fb1d commit 7064417
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 5 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
### Fixes

- Only send userid in Dynamic Sampling Context if sendDefaultPii is true ([#2147](https://github.com/getsentry/sentry-java/pull/2147))
- Remove userId from baggage due to PII ([#2157](https://github.com/getsentry/sentry-java/pull/2157))

### Features

Expand Down
3 changes: 2 additions & 1 deletion buildSrc/src/main/java/Config.kt
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ object Config {
val kotlinStdLib = "stdlib-jdk8"

val springBootVersion = "2.6.8"
val springSecurityVersion = "5.6.5"
val kotlinCompatibleLanguageVersion = "1.4"

val composeVersion = "1.1.1"
Expand Down Expand Up @@ -72,7 +73,7 @@ object Config {
val springBootStarterAop = "org.springframework.boot:spring-boot-starter-aop:$springBootVersion"
val springBootStarterSecurity = "org.springframework.boot:spring-boot-starter-security:$springBootVersion"
val springBootStarterJdbc = "org.springframework.boot:spring-boot-starter-jdbc:$springBootVersion"
val springBootStartOauth2ResourceServer = "org.springframework.boot:spring-boot-starter-oauth2-resource-server:$springBootVersion"
val springSecurityOauth2Jose = "org.springframework.security:spring-security-oauth2-jose:$springSecurityVersion"

val springWeb = "org.springframework:spring-webmvc"
val springWebflux = "org.springframework:spring-webflux"
Expand Down
2 changes: 1 addition & 1 deletion sentry-spring-boot-starter/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ dependencies {
compileOnly(Config.Libs.servletApi)
compileOnly(Config.Libs.springBootStarterAop)
compileOnly(Config.Libs.springBootStarterSecurity)
compileOnly(Config.Libs.springBootStartOauth2ResourceServer)
compileOnly(Config.Libs.springSecurityOauth2Jose)
compileOnly(Config.Libs.reactorCore)

annotationProcessor(Config.AnnotationProcessors.springBootAutoConfigure)
Expand Down
6 changes: 5 additions & 1 deletion sentry/src/main/java/io/sentry/TraceContext.java
Original file line number Diff line number Diff line change
Expand Up @@ -56,17 +56,21 @@ public final class TraceContext implements JsonUnknown, JsonSerializable {
final @Nullable User user,
final @NotNull SentryOptions sentryOptions,
final @Nullable TracesSamplingDecision samplingDecision) {
// user_id isn't part of the dynamic sampling context right now because
// of PII concerns.
// https://develop.sentry.dev/sdk/performance/dynamic-sampling-context/#the-temporal-problem
this(
transaction.getSpanContext().getTraceId(),
new Dsn(sentryOptions.getDsn()).getPublicKey(),
sentryOptions.getRelease(),
sentryOptions.getEnvironment(),
getUserId(sentryOptions, user),
null, // getUserId(sentryOptions, user),
user != null ? getSegment(user) : null,
transaction.getName(),
sampleRateToString(sampleRate(samplingDecision)));
}

@SuppressWarnings("UnusedMethod")
private static @Nullable String getUserId(
final @NotNull SentryOptions options, final @Nullable User user) {
if (options.isSendDefaultPii() && user != null) {
Expand Down
4 changes: 2 additions & 2 deletions sentry/src/test/java/io/sentry/SentryTracerTest.kt
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ class SentryTracerTest {
assertEquals("environment", it.environment)
assertEquals("[email protected]", it.release)
assertEquals(transaction.name, it.transaction)
assertEquals("user-id", it.userId)
// assertEquals("user-id", it.userId)
assertEquals("pro", it.userSegment)
}
}
Expand Down Expand Up @@ -569,7 +569,7 @@ class SentryTracerTest {
assertTrue(it.value.contains("sentry-release=1.0.99-rc.7,"))
assertTrue(it.value.contains("sentry-environment=production,"))
assertTrue(it.value.contains("sentry-transaction=name,"))
assertTrue(it.value.contains("sentry-user_id=userId12345,"))
// assertTrue(it.value.contains("sentry-user_id=userId12345,"))
assertTrue(it.value.contains("sentry-user_segment=pro$".toRegex()))
}
}
Expand Down

0 comments on commit 7064417

Please sign in to comment.