From 3ba38e60a5cb6ff0b861dfc9dad1de95f3f4d4c0 Mon Sep 17 00:00:00 2001
From: Jenny Danzmayr <mail@evilscientress.de>
Date: Mon, 27 Nov 2023 22:40:30 +0100
Subject: [PATCH] scrub sensitve data from sentry events

---
 src/c3nav/settings.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/c3nav/settings.py b/src/c3nav/settings.py
index 8bc6f6e0..4db0a35d 100644
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@@ -49,10 +49,18 @@ with suppress(ImportError):
         import sentry_sdk
         from sentry_sdk.integrations.celery import CeleryIntegration
         from sentry_sdk.integrations.django import DjangoIntegration
+        from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST
 
+        sensitive_env_vars = ['C3NAV_DJANGO_SECRET', 'C3NAV_TILE_SECRET', 'C3NAV_DATABASE', 'C3NAV_DATABASE_PASSWORD',
+                              'C3NAV_MEMCACHED', 'C3NAV_REDIS', 'C3NAV_CELERY_BROKER', 'C3NAV_CELERY_BACKEND',
+                              'C3NAV_EMAIL', 'C3NAV_EMAIL_PASSWORD']
+        sensitive_vars = ['SECRET_KEY', 'TILE_SECRET_KEY', 'DATABASES', 'CACHES', 'BROKER_URL', 'CELERY_RESULT_BACKEND']
+
+        denylist = DEFAULT_DENYLIST + sensitive_env_vars + sensitive_vars
         sentry_sdk.init(
             dsn=SENTRY_DSN,
-            integrations=[CeleryIntegration(), DjangoIntegration()]
+            integrations=[CeleryIntegration(), DjangoIntegration()],
+            event_scrubber=EventScrubber(denylist=denylist),
         )
 
 # Build paths inside the project like this: BASE_DIR / 'something'