Make File I/O instrumentation configurable to not log filename/path

getsentry / sentry-java

A Sentry SDK for Java, Android and other JVM languages.

https://docs.sentry.io/

MIT License

1.11k stars 427 forks source link

Make File I/O instrumentation configurable to not log filename/path #3324

Open devPalacio opened 3 months ago

devPalacio commented 3 months ago

Problem Statement

I want to be able to use the file.read span without exposing user’s file paths. Currently, the filename is captured under Description and there’s also a file.path field in the data of the span.

In a perfect world I'd like to keep the file extension and file size. We're currently using data scrubbing rules to redact this information.

Solution Brainstorm

Expose a setting in SentryPluginExtension such as

sentry {
logFileNames = false
}

romtsn commented 3 months ago

hi @devPalacio that makes sense! it'd have to be part of SentryOptions though and done at runtime rather than build time, but I guess it's also fine for you? Reason is, file i/o instrumentation can also be used manually, bypassing the gradle plugin magic, so we better expose this option at runtime

devPalacio commented 3 months ago

Ya'll would have the best context on how to best implement it. Runtime works for me!

stefanosiano commented 2 months ago

@devPalacio we have the option sendDefaultPii. We just don't apply this flag for the file path on Android. Would it work to have this behaviour under the same sendDefaultPii option? For the meantime we can add another option. When releasing the next major, we will evaluate to keep it or put everything under sendDefaultPii

devPalacio commented 2 months ago

Putting this behavior under the existing pii option would be great, I'm not too picky on how ya'll decide to implement it.