fix(pii): Fix attachment check (#4441)

Attachments items are not guaranteed to have an "attachment_type".
getsentry · Jan 14, 2025 · 1023edc · 1023edc
1 parent fc25ba9
commit 1023edc
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,7 @@
 **Features**:
 
 - Increase stacktrace function and symbol length limits to 512 chars. ([#4436](https://github.com/getsentry/relay/pull/4436))
-- Scrub non-minidump attachments if there are explicit `$attachment` rules. ([#4415](https://github.com/getsentry/relay/pull/4415))
+- Scrub non-minidump attachments if there are explicit `$attachment` rules. ([#4415](https://github.com/getsentry/relay/pull/4415), [#4441](https://github.com/getsentry/relay/pull/4441))
 - Include blocked domain in CSP reports as a tag. ([#4435](https://github.com/getsentry/relay/pull/4435))
 
 **Internal**:

diff --git a/relay-server/src/services/processor/attachment.rs b/relay-server/src/services/processor/attachment.rs
@@ -7,7 +7,7 @@ use std::time::Instant;
 use relay_pii::{PiiAttachmentsProcessor, SelectorPathItem, SelectorSpec};
 use relay_statsd::metric;
 
-use crate::envelope::{AttachmentType, ContentType};
+use crate::envelope::{AttachmentType, ContentType, ItemType};
 use crate::statsd::RelayTimers;
 
 use crate::services::projects::project::ProjectInfo;
@@ -72,7 +72,7 @@ pub fn scrub<Group>(managed_envelope: &mut TypedEnvelope<Group>, project_info: A
             // After we have assessed the impact on performance we can relax this condition.
             for item in envelope
                 .items_mut()
-                .filter(|item| item.attachment_type().is_some())
+                .filter(|item| item.ty() == &ItemType::Attachment)
             {
                 scrub_attachment(item, config);
             }

diff --git a/tests/integration/test_attachments.py b/tests/integration/test_attachments.py
@@ -177,6 +177,52 @@ def test_attachments_pii(mini_sentry, relay):
     }
 
 
+def test_attachments_pii_logfile(mini_sentry, relay):
+    project_id = 42
+    project_config = mini_sentry.add_full_project_config(project_id)
+    project_config["config"]["piiConfig"] = {
+        "rules": {
+            "0": {"type": "email", "redaction": {"method": "mask"}},
+            "1": {"type": "userpath", "redaction": {"method": "remove"}},
+        },
+        "applications": {"$attachments.'logfile.txt'": ["0", "1"]},
+    }
+    relay = relay(mini_sentry)
+
+    attachment = r"""Alice Johnson
+[email protected]
++1234567890
+4111 1111 1111 1111
+Bob Smith [email protected] +9876543210 5500 0000 0000 0004
+Charlie Brown [email protected] +1928374650 3782 822463 10005
+Dana White [email protected] +1029384756 6011 0009 9013 9424
+path=c:\Users\yan\mylogfile.txt
+password=mysupersecretpassword123"""
+
+    envelope = Envelope()
+    item = Item(
+        payload=attachment, type="attachment", headers={"filename": "logfile.txt"}
+    )
+    envelope.add_item(item)
+
+    relay.send_envelope(project_id, envelope)
+
+    scrubbed_payload = mini_sentry.captured_events.get().items[0].payload.bytes
+
+    assert (
+        scrubbed_payload
+        == rb"""Alice Johnson
+*************************
++1234567890
+4111 1111 1111 1111
+Bob Smith ********************* +9876543210 5500 0000 0000 0004
+Charlie Brown ************************* +1928374650 3782 822463 10005
+Dana White ************************ +1029384756 6011 0009 9013 9424
+path=c:\Users\***\mylogfile.txt
+password=mysupersecretpassword123"""
+    )
+
+
 def test_attachments_quotas(
     mini_sentry,
     relay_with_processing,