From 20c0d0190ef659a9e89135b1e1225f1694fcc37c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Mart=C3=ADn?= Date: Tue, 16 Dec 2025 16:52:48 +0100 Subject: [PATCH] Add extra code to make sure we can't upload a session/user id as an extra by mistake --- .../analyticsproviders/sentry/SentryAnalyticsProvider.kt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt b/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt index 395e2eab25..e7f49079a4 100644 --- a/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt +++ b/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt @@ -55,8 +55,13 @@ class SentryAnalyticsProvider( SentryAndroid.init(context) { options -> options.dsn = dsn - options.beforeSend = SentryOptions.BeforeSendCallback { event, _ -> event } options.beforeSendTransaction = SentryOptions.BeforeSendTransactionCallback { transaction, _ -> + // Ensure we'll never upload any session ids + val possibleSessionIds = transaction.extras?.filter { (it.value as? String)?.startsWith("@") == true }.orEmpty() + for (invalidExtra in possibleSessionIds) { + transaction.extras?.remove(invalidExtra.key) + } + val sessionId = appNavigationStateService.appNavigationState.value.navigationState.currentSessionId() if (sessionId != null) { // This runs in a separate thread, so although using `runBlocking` is not great, at least it shouldn't freeze the app