fix(live_view_hook): Scrub sensitive params in breadcrumbs

LiveView event params, mount params, and handle_params params come from
client-side input over WebSocket and may contain passwords, credit card
numbers, or other sensitive data. They were previously stored verbatim
in Sentry breadcrumbs, leaking to the Sentry project on any subsequent
event.

Apply Sentry.Scrubber.scrub_map/1 to the params at all three breadcrumb
sites (on_mount, handle_event, handle_params) so that values for the
default sensitive keys ('password', 'passwd', 'secret') and credit card
patterns are redacted before being added to breadcrumbs.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: solnic

lib/sentry/live_view_hook.ex

@@ -66,7 +66,7 @@ if Code.ensure_loaded?(Phoenix.LiveView) do
       Context.add_breadcrumb(%{
         category: "web.live_view.mount",
         message: "Mounted live view",
-        data: params
+        data: Sentry.Scrubber.scrub_map(params)
       })
 
       if uri = get_connect_info_if_root(socket, :uri) do
@@ -105,7 +105,7 @@ if Code.ensure_loaded?(Phoenix.LiveView) do
       Context.add_breadcrumb(%{
         category: "web.live_view.event",
         message: inspect(event),
-        data: %{event: event, params: params}
+        data: %{event: event, params: Sentry.Scrubber.scrub_map(params)}
       })
 
       {:cont, socket}
@@ -127,7 +127,7 @@ if Code.ensure_loaded?(Phoenix.LiveView) do
       Context.add_breadcrumb(%{
         category: "web.live_view.params",
         message: "#{uri}",
-        data: %{params: params, uri: uri}
+        data: %{params: Sentry.Scrubber.scrub_map(params), uri: uri}
       })
 
       {:cont, socket}

test/sentry/live_view_hook_test.exs

@@ -18,6 +18,10 @@ defmodule SentryTest.Live do
     {:noreply, socket}
   end
 
+  def handle_event("login", _params, socket) do
+    {:noreply, socket}
+  end
+
   def handle_info(:test_message, socket) do
     {:noreply, socket}
   end
@@ -164,6 +168,33 @@ defmodule Sentry.LiveViewHookTest do
     assert Logger.metadata() == []
   end
 
+  test "scrubs sensitive params in handle_event breadcrumb", %{conn: conn} do
+    {:ok, view, _html} = live(conn, "/hook_test")
+
+    render_hook(view, :login, %{"password" => "supersecret", "username" => "alice"})
+
+    context = get_sentry_context(view)
+    [event_breadcrumb | _] = context.breadcrumbs
+
+    assert event_breadcrumb.category == "web.live_view.event"
+    assert event_breadcrumb.data.event == "login"
+    assert event_breadcrumb.data.params == %{"password" => "*********", "username" => "alice"}
+  end
+
+  test "scrubs sensitive params in on_mount and handle_params breadcrumbs", %{conn: conn} do
+    {:ok, view, _html} = live(conn, "/hook_test?password=secret&username=alice")
+
+    context = get_sentry_context(view)
+
+    assert [
+             %{category: "web.live_view.params"} = params_breadcrumb,
+             %{category: "web.live_view.mount"} = mount_breadcrumb
+           ] = context.breadcrumbs
+
+    assert mount_breadcrumb.data == %{"password" => "*********", "username" => "alice"}
+    assert params_breadcrumb.data.params == %{"password" => "*********", "username" => "alice"}
+  end
+
   defp get_sentry_context(view) do
     {:dictionary, pdict} = Process.info(view.pid, :dictionary)