Merge pull request #23 from silinternational/feature-filtersenstives

Praveenraj-K · web-flow · commit 309fbb8bc18b · 2025-08-28T09:53:53.000+05:30
Filter sensitive values from Sentry events
diff --git a/application/backup.sh b/application/backup.sh
@@ -7,12 +7,26 @@ log() {
     echo "[$(date '+%Y-%m-%d %H:%M:%S')] ${level}: ${message}";
 }
 
+# Function to remove sensitive values from sentry Event
+filter_sensitive_values() {
+    local msg="$1"
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+        val="${!var}"
+        if [ -n "$val" ]; then
+            msg="${msg//$val/[FILTERED]}"
+        fi
+    done
+    echo "$msg"
+}
+
 # Sentry reporting with validation and backwards compatibility
 error_to_sentry() {
     local error_message="$1";
     local db_name="$2";
     local status_code="$3";
 
+    error_message=$(filter_sensitive_values "$error_message")
+
     # Check if SENTRY_DSN is configured - ensures backup continues
     if [ -z "${SENTRY_DSN:-}" ]; then
         log "DEBUG" "Sentry logging skipped - SENTRY_DSN not configured";
diff --git a/application/restore.sh b/application/restore.sh
@@ -7,12 +7,25 @@ log() {
     echo "[$(date '+%Y-%m-%d %H:%M:%S')] ${level}: ${message}"
 }
 
+filter_sensitive_values() {
+    local msg="$1"
+    for var in AWS_ACCESS_KEY AWS_SECRET_KEY B2_APPLICATION_KEY B2_APPLICATION_KEY_ID DB_ROOTPASSWORD DB_USERPASSWORD; do
+        val="${!var}"
+        if [ -n "$val" ]; then
+            msg="${msg//$val/[FILTERED]}"
+        fi
+    done
+    echo "$msg"
+}
+
 # Sentry reporting with validation and backwards compatibility
 error_to_sentry() {
     local error_message="$1"
     local db_name="$2"
     local status_code="$3"
 
+    error_message=$(filter_sensitive_values "$error_message")
+
     # Check if SENTRY_DSN is configured - ensures restore continues
     if [ -z "${SENTRY_DSN:-}" ]; then
         log "DEBUG" "Sentry logging skipped - SENTRY_DSN not configured"
