From 165032ea027fd93605bcdea0908bfa8a750f4d65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mart=C3=ADn?= Date: Wed, 17 Dec 2025 13:09:23 +0100 Subject: [PATCH] Make sure we don't upload any user ids in tags either --- .../sentry/SentryAnalyticsProvider.kt | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt b/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt index df4f3a68a1..2a0677ed20 100644 --- a/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt +++ b/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt @@ -118,11 +118,15 @@ class SentryAnalyticsProvider( @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) internal fun prepareTransactionBeforeSend(transaction: SentryTransaction): SentryTransaction { - // Ensure we'll never upload any session ids - val possibleSessionIds = transaction.extras?.filter { (it.value as? String)?.startsWith("@") == true }.orEmpty() - for (invalidExtra in possibleSessionIds) { + // Ensure we'll never upload any session ids in extras or tags + val invalidExtras = transaction.extras?.filter { (it.value as? String)?.startsWith("@") == true }.orEmpty() + for (invalidExtra in invalidExtras) { transaction.removeExtra(invalidExtra.key) } + val invalidTags = transaction.tags?.filter { it.value.startsWith("@") }.orEmpty() + for (invalidTag in invalidExtras) { + transaction.removeTag(invalidTag.key) + } val sessionId = appNavigationStateService.appNavigationState.value.navigationState.currentSessionId() if (sessionId != null) {