Serialize vars earlier in the pipeline

sl0thentr0py · sl0thentr0py · commit 2db1b27e6977 · 2024-08-02T16:43:48.000+02:00
We really shouldn't be holding references to `frame.f_locals`
throughout our SDK, this has all sorts of breakage potential.
diff --git a/sentry_sdk/serializer.py b/sentry_sdk/serializer.py
@@ -10,6 +10,7 @@
     format_timestamp,
     safe_repr,
     strip_string,
+    serializable_str_types,
 )
 from sentry_sdk._types import TYPE_CHECKING
 
@@ -33,10 +34,6 @@
     Segment = Union[str, int]
 
 
-# Bytes are technically not strings in Python 3, but we can serialize them
-serializable_str_types = (str, bytes, bytearray, memoryview)
-
-
 # Maximum length of JSON-serialized event payloads that can be safely sent
 # before the server may reject the event due to its size. This is not intended
 # to reflect actual values defined server-side, but rather only be an upper
diff --git a/sentry_sdk/utils.py b/sentry_sdk/utils.py
@@ -11,6 +11,7 @@
 import threading
 import time
 from collections import namedtuple
+from collections.abc import Mapping, Sequence, Set
 from datetime import datetime
 from decimal import Decimal
 from functools import partial, partialmethod, wraps
@@ -71,6 +72,9 @@
 
 SENSITIVE_DATA_SUBSTITUTE = "[Filtered]"
 
+# Bytes are technically not strings in Python 3, but we can serialize them
+serializable_str_types = (str, bytes, bytearray, memoryview)
+
 
 def json_dumps(data):
     # type: (Any) -> bytes
@@ -614,11 +618,37 @@ def serialize_frame(
         )
 
     if include_local_variables:
-        rv["vars"] = frame.f_locals.copy()
+        rv["vars"] = _serialize_vars_dict(frame.f_locals)
 
     return rv
 
 
+def _serialize_vars_dict(f_locals):
+    # type: (Mapping[str, Any]) -> Dict[str, Any]
+    vars = {}
+    for k, v in f_locals.items():
+        vars[k] = _serialize_var_value(v)
+    return vars
+
+def _serialize_vars_list(list):
+    # type: (Union[Sequence, Set]) -> List
+    vars = []
+    for x in list:
+        vars.append(_serialize_var_value(x))
+    return vars
+
+def _serialize_var_value(value):
+    # type: (Any) -> Any
+    if isinstance(value, serializable_str_types):
+        return value
+    elif isinstance(value, Mapping):
+        return _serialize_vars_dict(value)
+    elif not isinstance(value, serializable_str_types) and isinstance(value, (Set, Sequence)):
+        return _serialize_vars_list(value)
+    else:
+        return safe_repr(value)
+
+
 def current_stacktrace(
     include_local_variables=True,  # type: bool
     include_source_context=True,  # type: bool
diff --git a/tests/test_scrubber.py b/tests/test_scrubber.py
@@ -187,3 +187,20 @@ def test_recursive_event_scrubber(sentry_init, capture_events):
 
     (event,) = events
     assert event["extra"]["deep"]["deeper"][0]["deepest"]["password"] == "'[Filtered]'"
+
+
+def test_recursive_scrubber_does_not_override_original(sentry_init, capture_events):
+    sentry_init(event_scrubber=EventScrubber(recursive=True))
+    events = capture_events()
+
+    data = {"csrf": "secret"}
+    try:
+        raise RuntimeError("An error")
+    except Exception:
+        capture_exception()
+
+    (event,) = events
+    frames = event["exception"]["values"][0]["stacktrace"]["frames"]
+    (frame,) = frames
+    assert data["csrf"] == "secret"
+    assert frame["vars"]["data"]["csrf"] == "[Filtered]"
