Add extra code to make sure we can't upload a session/user id as an extra by mistake

2025-12-16 16:52:48 +01:00 · 2025-12-16 16:52:48 +01:00 · c864fbac8c
commit c864fbac8c
parent c9b904e606
1 changed files with 6 additions and 1 deletions
--- a/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt
+++ b/services/analyticsproviders/sentry/src/main/kotlin/io/element/android/services/analyticsproviders/sentry/SentryAnalyticsProvider.kt
@ -55,8 +55,13 @@ class SentryAnalyticsProvider(

        SentryAndroid.init(context) { options ->
            options.dsn = dsn
-            options.beforeSend = SentryOptions.BeforeSendCallback { event, _ -> event }
            options.beforeSendTransaction = SentryOptions.BeforeSendTransactionCallback { transaction, _ ->
+                // Ensure we'll never upload any session ids
+                val possibleSessionIds = transaction.extras?.filter { (it.value as? String)?.startsWith("@") == true }.orEmpty()
+                for (invalidExtra in possibleSessionIds) {
+                    transaction.extras?.remove(invalidExtra.key)
+                }
+
                val sessionId = appNavigationStateService.appNavigationState.value.navigationState.currentSessionId()
                if (sessionId != null) {
                    // This runs in a separate thread, so although using `runBlocking` is not great, at least it shouldn't freeze the app