Skip to content

feat: apply sensitive data filters to grpc & sql#1333

Open
giortzisg wants to merge 4 commits into
feat/sensitive-httpfrom
feat/sensitive-grpc
Open

feat: apply sensitive data filters to grpc & sql#1333
giortzisg wants to merge 4 commits into
feat/sensitive-httpfrom
feat/sensitive-grpc

Conversation

@giortzisg

@giortzisg giortzisg commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Description

This adds the sensitive data collection filters to grpc and sql. It also removes the now unused IsSensitiveHeader.

#skip-changelog

Issues

Changelog Entry Instructions

To add a custom changelog entry, uncomment the section above. Supports:

  • Single entry: just write text
  • Multiple entries: use bullet points
  • Nested bullets: indent 4+ spaces

For more details: custom changelog entries

Reminders

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

Semver Impact of This PR

🟡 Minor (new features)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).


This PR will not appear in the changelog.


🤖 This preview updates automatically when you update the PR.

@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 6c7bf59 to 9e3a4cd Compare June 23, 2026 12:58
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from f8baa8f to 7e6b84c Compare June 23, 2026 13:20
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 9e3a4cd to eb15116 Compare June 23, 2026 13:20
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from 7e6b84c to 5eda06c Compare June 24, 2026 07:27
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from eb15116 to cdae5e0 Compare June 24, 2026 07:27
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from 5eda06c to e875b27 Compare June 24, 2026 07:30
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from cdae5e0 to b0f2552 Compare June 24, 2026 07:30
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from e875b27 to 3a856b9 Compare June 24, 2026 07:59
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from b0f2552 to a10bcaa Compare June 24, 2026 07:59
@giortzisg giortzisg marked this pull request as ready for review June 24, 2026 09:13
Comment thread grpc/server.go
Comment thread grpc/server.go Outdated
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from a10bcaa to 1c717f4 Compare June 25, 2026 08:18
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from 3a856b9 to 6a5d2c6 Compare June 25, 2026 08:18
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 1c717f4 to 212ed30 Compare June 25, 2026 08:45
Comment thread grpc/server.go Outdated
Comment thread grpc/server.go
Comment thread grpc/server.go
@giortzisg giortzisg requested a review from Litarnus June 25, 2026 08:55
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from fb04b19 to d53a01b Compare June 25, 2026 14:50
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from b75a56b to 0ff9c58 Compare June 25, 2026 15:03
@giortzisg giortzisg force-pushed the feat/sensitive-http branch 2 times, most recently from a00b7cb to 0048667 Compare June 26, 2026 08:02
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 0ff9c58 to 7f9cb0b Compare June 26, 2026 08:02
Comment thread sql/span.go
Comment thread grpc/server.go
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from 0048667 to c3e6aeb Compare June 29, 2026 12:40
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from a407d39 to 98cb8dd Compare June 29, 2026 12:40
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 98cb8dd to ed9967f Compare June 29, 2026 14:24
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from ed66d64 to b4614a1 Compare July 1, 2026 08:44
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from ed9967f to 753d7fa Compare July 1, 2026 08:44
giortzisg added 4 commits July 1, 2026 12:10
This also removes the unused IsSensitiveHeader. This was a workaround
for filtering grpc sensitive headers, but is now included under
DataCollection
@giortzisg giortzisg force-pushed the feat/sensitive-http branch from b4614a1 to e1a1006 Compare July 1, 2026 10:10
@giortzisg giortzisg force-pushed the feat/sensitive-grpc branch from 753d7fa to 8bd0126 Compare July 1, 2026 10:10

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 8bd0126. Configure here.

Comment thread grpc/server.go
ctx := make(map[string]any, len(filtered))
for key, value := range filtered {
ctx[key] = value
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cookies lost when headers off

Medium Severity

In metadataToContext, cookie and set-cookie metadata are merged into the same map passed to FilterRequestHeaders. When HTTPHeaders.Request uses CollectionOff, that helper returns nil for the whole map, so filtered cookie metadata is dropped even while CollectCookies() remains enabled.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 8bd0126. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants