ref: Extract scrubbing logic into Sentry.Scrubber module

Move the recursive map/list scrubbing logic and default sensitive
parameter keys out of Sentry.PlugContext and into a new
framework-agnostic Sentry.Scrubber module so it can be reused by other
parts of the SDK (for example, Sentry.LiveViewHook). PlugContext now
delegates to Sentry.Scrubber.scrub_map/1 from default_body_scrubber/1.

No behavior change.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: solnic

lib/sentry/plug_context.ex

@@ -153,9 +153,7 @@ defmodule Sentry.PlugContext do
     end
   end
 
-  @default_scrubbed_param_keys ["password", "passwd", "secret"]
   @default_scrubbed_header_keys ["authorization", "authentication", "cookie"]
-  @scrubbed_value "*********"
   @default_plug_request_id_header "x-request-id"
 
   @doc false
@@ -264,39 +262,10 @@ defmodule Sentry.PlugContext do
 
   The default scrubbed keys are:
 
-  #{Enum.map_join(@default_scrubbed_param_keys, "\n", &"*  `#{&1}`")}
+  #{Enum.map_join(Sentry.Scrubber.default_scrubbed_param_keys(), "\n", &"*  `#{&1}`")}
   """
   @spec default_body_scrubber(Plug.Conn.t()) :: map()
   def default_body_scrubber(conn) do
-    scrub_map(conn.params, @default_scrubbed_param_keys)
+    Sentry.Scrubber.scrub_map(conn.params)
   end
-
-  defp scrub_map(map, scrubbed_keys) do
-    Map.new(map, fn {key, value} ->
-      value =
-        cond do
-          key in scrubbed_keys -> @scrubbed_value
-          is_binary(value) and value =~ credit_card_regex() -> @scrubbed_value
-          is_struct(value) -> value |> Map.from_struct() |> scrub_map(scrubbed_keys)
-          is_map(value) -> scrub_map(value, scrubbed_keys)
-          is_list(value) -> scrub_list(value, scrubbed_keys)
-          true -> value
-        end
-
-      {key, value}
-    end)
-  end
-
-  defp scrub_list(list, scrubbed_keys) do
-    Enum.map(list, fn value ->
-      cond do
-        is_struct(value) -> value |> Map.from_struct() |> scrub_map(scrubbed_keys)
-        is_map(value) -> scrub_map(value, scrubbed_keys)
-        is_list(value) -> scrub_list(value, scrubbed_keys)
-        true -> value
-      end
-    end)
-  end
-
-  defp credit_card_regex, do: ~r/^(?:\d[ -]*?){13,16}$/
 end

lib/sentry/scrubber.ex

@@ -0,0 +1,67 @@
+defmodule Sentry.Scrubber do
+  @moduledoc """
+  Provides scrubbing of sensitive data from maps before they are sent to Sentry.
+
+  This module is used internally by `Sentry.PlugContext` and `Sentry.LiveViewHook`
+  to redact sensitive values like passwords and credit card numbers before they
+  appear in Sentry events and breadcrumbs.
+  """
+
+  @moduledoc since: "10.9.0"
+
+  @default_scrubbed_param_keys ["password", "passwd", "secret"]
+  @scrubbed_value "*********"
+
+  @doc """
+  Returns the list of parameter keys scrubbed by default.
+  """
+  @spec default_scrubbed_param_keys() :: [String.t()]
+  def default_scrubbed_param_keys, do: @default_scrubbed_param_keys
+
+  @doc """
+  Returns the value used to replace scrubbed data.
+  """
+  @spec scrubbed_value() :: String.t()
+  def scrubbed_value, do: @scrubbed_value
+
+  @doc """
+  Scrubs a map of sensitive parameter values using the default scrubbed keys.
+
+  Values whose key matches one of the default sensitive keys (`"password"`, `"passwd"`,
+  `"secret"`), or whose value matches a credit card number pattern, are replaced with
+  `"*********"`. The function recurses into nested maps and lists.
+  """
+  @spec scrub_map(map()) :: map()
+  def scrub_map(map) when is_map(map) do
+    scrub_map(map, @default_scrubbed_param_keys)
+  end
+
+  defp scrub_map(map, scrubbed_keys) do
+    Map.new(map, fn {key, value} ->
+      value =
+        cond do
+          key in scrubbed_keys -> @scrubbed_value
+          is_binary(value) and value =~ credit_card_regex() -> @scrubbed_value
+          is_struct(value) -> value |> Map.from_struct() |> scrub_map(scrubbed_keys)
+          is_map(value) -> scrub_map(value, scrubbed_keys)
+          is_list(value) -> scrub_list(value, scrubbed_keys)
+          true -> value
+        end
+
+      {key, value}
+    end)
+  end
+
+  defp scrub_list(list, scrubbed_keys) do
+    Enum.map(list, fn value ->
+      cond do
+        is_struct(value) -> value |> Map.from_struct() |> scrub_map(scrubbed_keys)
+        is_map(value) -> scrub_map(value, scrubbed_keys)
+        is_list(value) -> scrub_list(value, scrubbed_keys)
+        true -> value
+      end
+    end)
+  end
+
+  defp credit_card_regex, do: ~r/^(?:\d[ -]*?){13,16}$/
+end