feat(asgi): Migrate away from event processor in span first #5920
3 issues
find-bugs: Found 3 issues (2 medium, 1 low)
Medium
Sensitive headers are improperly serialized as AnnotatedValue string representation instead of filtered values - `sentry_sdk/integrations/_asgi_common.py:123-124`
When should_send_default_pii() returns False, _filter_headers() replaces sensitive headers (like authorization, cookies, x-forwarded-for) with AnnotatedValue objects. In _get_request_attributes(), these AnnotatedValue objects are passed directly to attributes. When scope.set_attribute() processes them via format_attribute(), they fall through to safe_repr(), resulting in string representations like "{'value': '[Filtered]', 'metadata': ...}" instead of the intended filtered value. This causes ugly, confusing attribute values and may leak metadata information.
Filter logic in capture_items fixture skips all items when types is None - `tests/conftest.py:341-342`
The condition if types is None or item.type not in types is inverted. When types=None, all items should be captured (no filtering), but the current code skips ALL items because types is None evaluates to True. The correct logic should be if types is not None and item.type not in types. While the current tests always pass a types argument, any future test calling capture_items() without arguments will get an empty list.
Low
KeyError when span has no attributes in envelopes_to_spans - `tests/conftest.py:1272-1274`
The envelopes_to_spans function accesses span_json["attributes"] directly without checking if the key exists. According to _span_batcher.py lines 116-119, the attributes key is only included in the transport format when item._attributes is truthy (non-empty). If a span with empty attributes is processed, this will raise a KeyError. While current code paths typically ensure attributes are populated, the batcher explicitly handles this edge case, so the test utility should as well.
Duration: 5m 21s · Tokens: 3.2M in / 22.0k out · Cost: $4.97 (+extraction: $0.01, +merge: $0.00, +fix_gate: $0.01)
Annotations
Check warning on line 124 in sentry_sdk/integrations/_asgi_common.py
sentry-warden / warden: find-bugs
Sensitive headers are improperly serialized as AnnotatedValue string representation instead of filtered values
When `should_send_default_pii()` returns False, `_filter_headers()` replaces sensitive headers (like authorization, cookies, x-forwarded-for) with `AnnotatedValue` objects. In `_get_request_attributes()`, these `AnnotatedValue` objects are passed directly to attributes. When `scope.set_attribute()` processes them via `format_attribute()`, they fall through to `safe_repr()`, resulting in string representations like "{'value': '[Filtered]', 'metadata': ...}" instead of the intended filtered value. This causes ugly, confusing attribute values and may leak metadata information.
Check warning on line 342 in tests/conftest.py
sentry-warden / warden: find-bugs
Filter logic in capture_items fixture skips all items when types is None
The condition `if types is None or item.type not in types` is inverted. When `types=None`, all items should be captured (no filtering), but the current code skips ALL items because `types is None` evaluates to `True`. The correct logic should be `if types is not None and item.type not in types`. While the current tests always pass a `types` argument, any future test calling `capture_items()` without arguments will get an empty list.