Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to Prevent Sensitive URLs from Being Sent to Datadog in React Native using resourceEventMapper? #678

Open
pleandrosousa opened this issue Jun 15, 2024 · 1 comment
Open

How to Prevent Sensitive URLs from Being Sent to Datadog in React Native using resourceEventMapper? #678

pleandrosousa opened this issue Jun 15, 2024 · 1 comment
Labels
question Further information is requested

Comments

@pleandrosousa
Copy link

Question

I'm struggling to prevent sensitive URLs from being captured and sent to Datadog in my React Native application.

I'm using resourceEventMapper to sanitize URLs before they're sent, but sensitive data is still appearing in Datadog.

Here's my code:

const sanitizeURL = (url) => {
  return url
    .replace(/cpf=\d{3}\.\d{3}\.\d{3}-\d{2}/g, 'cpf=[CPF_REMOVED]')
    .replace(/email=[^&]+/g, 'email=[EMAIL_REMOVED]');
};

const resourceEventMapper = (event) => {
    // Sanitize nested URLs in resourceContext
    if (event.resourceContext) {
      if (event.resourceContext._url) {
        event.resourceContext._url = sanitizeURL(event.resourceContext._url);
      }
      if (event.resourceContext._datadog_xhr && event.resourceContext._datadog_xhr.url) {
        event.resourceContext._datadog_xhr.url = sanitizeURL(event.resourceContext._datadog_xhr.url);
      }
      if (event.resourceContext.responseURL) {
        event.resourceContext.responseURL = sanitizeURL(event.resourceContext.responseURL);
      }
    }
  return event;
};

const initializeDatadog = () => {
  const config = new DdSdkReactNativeConfiguration(
    ...config
  );

  config.resourceEventMapper = resourceEventMapper;

  DdSdkReactNative.initialize(config);
};

initializeDatadog();

I tried using the resourceEventMapper to sanitize URLs and prevent sensitive data from being sent to Datadog. I expected that the URLs would be sanitized or filtered out before being sent, but sensitive data is still appearing in the Datadog logs.

Any help or suggestions on how to properly sanitize or filter these URLs would be greatly appreciated.
@pleandrosousa pleandrosousa added the question Further information is requested label Jun 15, 2024
@marco-saia-datadog
Copy link
Member

Hello @pleandrosousa 👋

Sorry for the long wait, we will look into this as soon as possible!

Can you please complete the PR with some more information on your setup?

I am particularly interested in your Datadog SDK version and on which OS you are experiencing the issue (Android or iOS).

It would be great if you could fill this template.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marco-saia-datadog @pleandrosousa