ref(argv): Update integration #6155
1 issue
find-bugs: Found 1 issue (1 high)
High
should_send_default_pii used as truthy reference instead of being called, PII gate is always true - `sentry_sdk/integrations/argv.py:26`
should_send_default_pii is a function (defined in sentry_sdk/scope.py at line 2136 as def should_send_default_pii() -> bool), but at line 26 it is referenced without parentheses. A function object is always truthy in Python, so the condition is effectively a no-op and sys.argv is attached to every event regardless of the user's send_default_pii setting. This leaks potentially sensitive command-line arguments (tokens, secrets, file paths, usernames) to Sentry for users who explicitly opted out of PII transmission.
Duration: 27.3s · Tokens: 48.6k in / 1.6k out · Cost: $0.23 (+fix_gate: $0.00)
Annotations
Check failure on line 26 in sentry_sdk/integrations/argv.py
sentry-warden / warden: find-bugs
should_send_default_pii used as truthy reference instead of being called, PII gate is always true
should_send_default_pii is a function (defined in sentry_sdk/scope.py at line 2136 as `def should_send_default_pii() -> bool`), but at line 26 it is referenced without parentheses. A function object is always truthy in Python, so the condition is effectively a no-op and sys.argv is attached to every event regardless of the user's send_default_pii setting. This leaks potentially sensitive command-line arguments (tokens, secrets, file paths, usernames) to Sentry for users who explicitly opted out of PII transmission.