ref: Expand scrubbing

sentry_sdk/integrations/_wsgi_common.py

@@ -31,6 +31,7 @@
     "HTTP_SET_COOKIE",
     "HTTP_COOKIE",
     "HTTP_AUTHORIZATION",
+    "HTTP_PROXY_AUTHORIZATION",
     "HTTP_X_API_KEY",
     "HTTP_X_FORWARDED_FOR",
     "HTTP_X_REAL_IP",

sentry_sdk/scrubber.py

@@ -34,6 +34,7 @@
     "set_cookie",
     "cookie",
     "authorization",
+    "proxy-authorization",
     "x_api_key",
     # other common names used in the wild
     "aiohttp_session",  # aiohttp

tests/integrations/fastapi/test_fastapi.py

@@ -265,6 +265,7 @@ async def test_original_request_not_scrubbed(
     async def _error(request: Request):
         logging.critical("Oh no!")
         assert request.headers["Authorization"] == "Bearer ohno"
+        assert request.headers["Proxy-Authorization"] == "Basic ohno"
         assert await request.json() == {"password": "secret"}
 
         return {"error": "Oh no!"}
@@ -273,12 +274,18 @@ async def _error(request: Request):
 
     client = TestClient(app)
     client.post(
-        "/error", json={"password": "secret"}, headers={"Authorization": "Bearer ohno"}
+        "/error",
+        json={"password": "secret"},
+        headers={
+            "Authorization": "Bearer ohno",
+            "Proxy-Authorization": "Basic ohno",
+        },
     )
 
     event = events[0]
     assert event["request"]["data"] == {"password": "[Filtered]"}
     assert event["request"]["headers"]["authorization"] == "[Filtered]"
+    assert event["request"]["headers"]["proxy-authorization"] == "[Filtered]"
 
 
 def test_response_status_code_ok_in_transaction_context(sentry_init, capture_envelopes):

tests/integrations/flask/test_flask.py

@@ -903,19 +903,26 @@ def index():
         logging.critical("oops")
         assert request.get_json() == {"password": "ohno"}
         assert request.headers["Authorization"] == "Bearer ohno"
+        assert request.headers["Proxy-Authorization"] == "Basic ohno"
         return "ok"
 
     events = capture_events()
 
     client = app.test_client()
     client.post(
-        "/", json={"password": "ohno"}, headers={"Authorization": "Bearer ohno"}
+        "/",
+        json={"password": "ohno"},
+        headers={
+            "Authorization": "Bearer ohno",
+            "Proxy-Authorization": "Basic ohno",
+        },
     )
 
     (event,) = events
 
     assert event["request"]["data"]["password"] == "[Filtered]"
     assert event["request"]["headers"]["Authorization"] == "[Filtered]"
+    assert event["request"]["headers"]["Proxy-Authorization"] == "[Filtered]"
 
 
 def test_response_status_code_ok_in_transaction_context(

tests/integrations/starlette/test_starlette.py

@@ -954,6 +954,7 @@ def test_original_request_not_scrubbed(sentry_init, capture_events):
     async def _error(request):
         logging.critical("Oh no!")
         assert request.headers["Authorization"] == "Bearer ohno"
+        assert request.headers["Proxy-Authorization"] == "Basic ohno"
         assert await request.json() == {"password": "ohno"}
         return starlette.responses.JSONResponse({"status": "Oh no!"})
 
@@ -967,12 +968,16 @@ async def _error(request):
     client.post(
         "/error",
         json={"password": "ohno"},
-        headers={"Authorization": "Bearer ohno"},
+        headers={
+            "Authorization": "Bearer ohno",
+            "Proxy-Authorization": "Basic ohno",
+        },
     )
 
     event = events[0]
     assert event["request"]["data"] == {"password": "[Filtered]"}
     assert event["request"]["headers"]["authorization"] == "[Filtered]"
+    assert event["request"]["headers"]["proxy-authorization"] == "[Filtered]"
 
 
 @pytest.mark.skipif(STARLETTE_VERSION < (0, 24), reason="Requires Starlette >= 0.24")