ref(gitlab): Namespace webhook log attributes and add malformed-token context#117959
1 issue
wrdn-pii: Found 1 issue (1 medium)
Medium
GitLab `user_username` (personal identifier) forwarded to durable warning logs - `src/sentry/integrations/gitlab/webhooks.py:97`
The new _extract_payload_repo_info function copies user_username from the raw webhook payload into extra and then into logger.warning('gitlab.webhook.malformed-gitlab-token', extra=extra). This logs the identity of the specific person who triggered the GitLab event to Sentry's durable Logs explorer — unnecessary for the stated goal of identifying which customer sent a malformed token. Replace with a non-personal fallback or drop the field; repo path and project ID already identify the customer.
⏱ 1m 53s · 225.7k in / 16.8k out · $0.66
Annotations
Check warning on line 97 in src/sentry/integrations/gitlab/webhooks.py
sentry-warden / warden: wrdn-pii
GitLab `user_username` (personal identifier) forwarded to durable warning logs
The new `_extract_payload_repo_info` function copies `user_username` from the raw webhook payload into `extra` and then into `logger.warning('gitlab.webhook.malformed-gitlab-token', extra=extra)`. This logs the identity of the specific person who triggered the GitLab event to Sentry's durable Logs explorer — unnecessary for the stated goal of identifying *which customer* sent a malformed token. Replace with a non-personal fallback or drop the field; repo path and project ID already identify the customer.