GDPR SAR yanıtımda IBAN'ımı Sentry stack-trace'de gördüm — worker PII scrub eksiği (PR #626 GGG F4)

Trabzon Ortahisar Ataturk Alani nda 31 yaslarinda dijital pazarlamaci + TikTok food creator Eren (@ereneats, 43k takipci), 14 aydir thMenu affiliate aktif (~6-9 restaurant/ay, ~€85 komisyon). Onceki ay baska SaaS data ihlali okuduktan sonra kendi accountlari uzerine GDPR Article 15 SAR cekme aliskanligi. thMenu support 30 gun sonra ZIP arsivi gonderdi — affiliate_profiles dump, commission history, postback log, customer_activity events, + **sentry_events.json**. Eren ZIP icinden sentry_events.json a bakti, 7 event. 3.unde Wise transfer failure exception, stack trace context.extra alaninda: **"iban": "TR48 0006 1005 1978 6457 5310 03"** — Eren in kendi IBAN i plaintext olarak Sentry de loglanmis. Forensik: apps/web-superadmin/src/lib/wise.ts:initiateTransfer() catch branch Sentry.captureException(err, { extra: { affiliateId, transferId, iban: decryptedIban, ... }}) — IBAN dahil tum context dolduruyor. Niyet iyi (debugging icin Wise reject ettigi IBAN i gormek). Ama Sentry default retention **90 gun**, Synaltix internal SRE + contractor + dev erisim genis, IBAN plaintext kaliyor. Eren in 3 ay onceki Wise transfer fail in catch branch Sentry e event gonderdi, IBAN extra alanina yazildi, 90-gun retention boyunca dashboard a accessible. Eren scan: Event 3 IBAN, Event 5 Resend email send failure email + name, Event 7 Stripe checkout webhook breadcrumb customer_email + plan_id. 3 distinct event PII. Eren GDPR Article 5(1)(f) integrity + confidentiality violation reported. thMenu engineering 1 saat reproduce + severity HIGH. apps/web-admin/src/lib/observability.ts Sentry.init beforeSend hook missing. cloudflare/src/lib/sentry.ts worker tarafi (PR #362 fire-and-forget envelope) ayni pattern. 90-day Sentry retention audit iban + email + customer_phone + tax_id + session_id keyword grep: **3,847 event PII iceriyordu**, 218 unique affiliate/customer. **PR #626 batch GGG F4** 4-katmanli fix: **Layer 1 beforeSend hook PII scrub** — PII_KEYS denylist (iban, tax_id, ssn, email, phone, address, card_number, cvv, session_id, token, magic_link, password, authorization, cookie) + PII_REGEX inline pattern (IBAN-like [A-Z]{2}\d{2}[A-Z0-9 ]{15,30}, email-like, phone-like). redactObject recursive applied to event.extra + event.contexts + event.breadcrumbs.data + event.request.url + event.user. Defense-in-depth key denylist + regex pattern. **Layer 2 worker-side sibling fix** — cloudflare/src/lib/sentry.ts pure-fetch envelope POST ayni redactObject; helper shared packages/sentry-redact module e tasindi single source of truth. **Layer 3 Backfill retroactive Sentry redaction** — Sentry events.update API 3,847 affected event extra + contexts + breadcrumbs alanlarini script ile redact, ~6 saat. **Layer 4 CI test** — vitest fixture exception payload IBAN/email/phone simulate, beforeSend gecirir, [REDACTED] assert; CI regression guard. 24 saatte Eren e response + 6-ay ucretsiz Pro tier + Hall of Fame. Platform-wide 218 affected proactive email + Synaltix DPA addendum "Sentry now PII-scrubbed at SDK level" line. Schrems II audit doc update. Pattern: **Sentry / Datadog / Honeycomb / Logz.io gibi observability stack lere giden exception + log payload lari zorunlu PII scrub. SDK init beforeSend / before_log hook key denylist + regex inline pattern defense-in-depth.** Implementation checklist: (1) beforeSend hook mandatory empty config ile ship etme; (2) PII_KEYS denylist standart 15 field; (3) PII_REGEX inline pattern match; (4) event.extra/contexts/breadcrumbs/request/user coverage; (5) shared packages/sentry-redact module; (6) CI vitest fixture regression test; (7) retroactive backfill events.update API; (8) quarterly audit random sample grep PII threshold alarm. Aleksi Helsinki Kallio version (@aleksieats) ayni flow FI IBAN.

İlgili makaleler