Skip to content

fix(asgi): Gate query string and client IP behind send_default_pii#6501

Open
ericapisani wants to merge 4 commits into
masterfrom
py-2514-gate-asgi-values-behind-pii
Open

fix(asgi): Gate query string and client IP behind send_default_pii#6501
ericapisani wants to merge 4 commits into
masterfrom
py-2514-gate-asgi-values-behind-pii

Conversation

@ericapisani

@ericapisani ericapisani commented Jun 4, 2026

Copy link
Copy Markdown
Member

Move http.query and client.address attribute collection inside the
should_send_default_pii() check so sensitive values are not captured
by default.

Fixes PY-2514
Fixes #6499

@ericapisani
fix(asgi): Gate query string and client IP behind send_default_pii
666e6fb 
Move http.query and client.address attribute collection inside the
should_send_default_pii() check so sensitive values are not captured
by default.

Fixes PY-2514
Fixes #6499
@linear-code

linear-code Bot commented Jun 4, 2026

Copy link
Copy Markdown

PY-2514

@ericapisani

ericapisani commented Jun 4, 2026

Copy link
Copy Markdown
Member Author

bugbot run
@sentry review

cursor[bot]
cursor Bot reviewed Jun 4, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 666e6fb. Configure here.

sentry[bot]
sentry Bot reviewed Jun 4, 2026
View reviewed changes
Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
sentry-warden[bot]
sentry-warden Bot reviewed Jun 4, 2026
View reviewed changes
Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
@github-actions

github-actions Bot commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Codecov Results 📊

89266 passed | ⏭️ 6013 skipped | Total: 95279 | Pass Rate: 93.69% | Execution Time: 300m 54s

📊 Comparison with Base Branch

Metric Change
Total Tests 📈 +10
Passed Tests 📈 +10
Failed Tests
Skipped Tests

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 2373 uncovered lines.
✅ Project coverage is 89.87%. Comparing base (base) to head (head).

Coverage diff 
@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    89.86%    89.87%    +0.01%
==========================================
  Files          192       192         —
  Lines        23430     23433        +3
  Branches      8050      8052        +2
==========================================
+ Hits         21056     21060        +4
- Misses        2374      2373        -1
- Partials      1329      1328        -1

Generated by Codecov Action

@ericapisani ericapisani marked this pull request as ready for review June 4, 2026 12:56
@ericapisani ericapisani requested a review from a team as a code owner June 4, 2026 12:56
sentry[bot]
sentry Bot reviewed Jun 4, 2026
View reviewed changes
Comment thread tests/integrations/asgi/test_asgi.py
@ericapisani ericapisani mentioned this pull request Jun 4, 2026
Open
@sentrivana

sentrivana commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

If Warden is right about url.full not actually being the full URL, we should probably fix that as well (append ? + the query part?).

url.full is the base URL path with no query string — _get_url() docstring says it builds the URL "without also including the querystring" — so gating it behind should_send_default_pii() silently drops the request URL from all ASGI traces when PII is disabled, breaking basic HTTP observability.

wahajahmed010

This comment was marked as spam.

Sign in to view

cursor[bot]
cursor Bot reviewed Jun 10, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit eb14dd0. Configure here.

Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
sentry[bot]
sentry Bot reviewed Jun 10, 2026
View reviewed changes
Comment thread sentry_sdk/integrations/_asgi_common.py
@ericapisani ericapisani marked this pull request as draft June 10, 2026 15:02
@ericapisani ericapisani marked this pull request as ready for review June 10, 2026 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@sentry-warden sentry-warden[bot] sentry-warden[bot] left review comments

+1 more reviewer

@wahajahmed010 wahajahmed010 wahajahmed010 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Gate the setting of url.fulland http.query within ASGI middleware behind the PII flag

3 participants

@ericapisani @sentrivana @wahajahmed010