In a laravel php application I use the sentry to keep error info for example this controller:
class MuController
{
private function someMethodThatThrowsException()
{
throw new Exception('Told ya');
}
public function foo()
{
try {
$this->someMethodThatThrowsException();
return new JsonResponse(204);
} catch(Exception $e) {
app('sentry')->captureException($e);
return new JsonResponse(500);
}
}
}
I have setup my sentry as documentation says so:
use SentryLaravelIntegration;
....
public function register(): void
{
$this->reportable(function (Throwable $e) {
Integration::captureUnhandledException($e);
});
}
And I have exposed the sentry like this:
php artisan sentry:publish --dsn=___PUBLIC_DSN___
But sometimes I want some information from incomming http call to be hidden for security reasponse once reported to sentry. Is there a way to hide information from sentry regarding the http body?
I see that there’s the functionality in https://docs.sentry.io/platforms/php/guides/laravel/configuration/filtering/ but Idk where this code should be places upon in my laravel project.
2
Answers
According to sentry's documentation you can set the following config at
config/sentry.php
:For example you can remove any field in the body that contains password information:
As you can see I use the
$request['body']
and I check for any input, if input parameter matches then I replace the item with[FILTERED]
therefore I avoid leaking sensitive info to 3rd party sentry.That is my workaround for a Laravel-based app without rewriting provider’s
sentry.php
.Fields to hide can be defined via
SENTRY_SANITIZE_DATA
-env-var, e.g.SENTRY_SANITIZE_DATA=token,password,password_confirmation,secret,foo,bar
.https://gist.github.com/mingalevme/1beec319c17286df76afad068ee00c76:
App/Helpers/SentrySanitizeDataOnBeforeSendListener.php
:App/Providers/AppServiceProvider.php
:Or via
config/sentry.php
: