Skip to content

fix(asgi): Gate query string and client IP behind send_default_pii#6501

Merged
ericapisani merged 5 commits into
masterfrom
py-2514-gate-asgi-values-behind-pii
Jun 11, 2026
Merged

fix(asgi): Gate query string and client IP behind send_default_pii#6501
ericapisani merged 5 commits into
masterfrom
py-2514-gate-asgi-values-behind-pii

Conversation

@ericapisani

Copy link
Copy Markdown
Member

Move http.query and client.address attribute collection inside the
should_send_default_pii() check so sensitive values are not captured
by default.

Fixes PY-2514
Fixes #6499

Move http.query and client.address attribute collection inside the
should_send_default_pii() check so sensitive values are not captured
by default.

Fixes PY-2514
Fixes #6499
@linear-code

linear-code Bot commented Jun 4, 2026

Copy link
Copy Markdown
@ericapisani

Copy link
Copy Markdown
Member Author

bugbot run
@sentry review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 666e6fb. Configure here.

Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Codecov Results 📊

89282 passed | ⏭️ 6013 skipped | Total: 95295 | Pass Rate: 93.69% | Execution Time: 301m 7s

📊 Comparison with Base Branch

Metric Change
Total Tests 📈 +10
Passed Tests 📈 +10
Failed Tests
Skipped Tests

All tests are passing successfully.

✅ Patch coverage is 100.00%. Project has 2392 uncovered lines.
✅ Project coverage is 89.8%. Comparing base (base) to head (head).

Coverage diff
@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    89.80%    89.80%        —%
==========================================
  Files          192       192         —
  Lines        23453     23456        +3
  Branches      8060      8062        +2
==========================================
+ Hits         21061     21064        +3
- Misses        2392      2392         —
- Partials      1329      1329         —

Generated by Codecov Action

@ericapisani ericapisani marked this pull request as ready for review June 4, 2026 12:56
@ericapisani ericapisani requested a review from a team as a code owner June 4, 2026 12:56
Comment thread tests/integrations/asgi/test_asgi.py
@sentrivana

Copy link
Copy Markdown
Contributor

If Warden is right about url.full not actually being the full URL, we should probably fix that as well (append ? + the query part?).

url.full is the base URL path with no query string — _get_url() docstring says it builds the URL "without also including the querystring" — so gating it behind should_send_default_pii() silently drops the request URL from all ASGI traces when PII is disabled, breaking basic HTTP observability.

wahajahmed010

This comment was marked as spam.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit eb14dd0. Configure here.

Comment thread sentry_sdk/integrations/_asgi_common.py Outdated
Comment thread sentry_sdk/integrations/_asgi_common.py
@ericapisani ericapisani marked this pull request as draft June 10, 2026 15:02
@ericapisani ericapisani marked this pull request as ready for review June 10, 2026 15:25
@ericapisani ericapisani merged commit f17dad9 into master Jun 11, 2026
271 of 273 checks passed
@ericapisani ericapisani deleted the py-2514-gate-asgi-values-behind-pii branch June 11, 2026 14:51
ericapisani added a commit that referenced this pull request Jun 12, 2026
Add span streaming support for the Quart integration when the
trace_lifecycle stream experiment is enabled. Sets HTTP request
attributes (method, headers, URL, query, client IP) on the segment
span and uses the correct source constant from sentry_sdk.traces
for span-first mode.

Depends on #6501
being merged first.

Fixes PY-2352
Fixes #6050
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants