fix(logs): guard pii in logs (#2076)

Litarnus · web-flow · commit 89fdff02fb6f · 2026-04-28T14:44:37.000+02:00
diff --git a/src/Logs/LogsAggregator.php b/src/Logs/LogsAggregator.php
@@ -90,20 +90,22 @@ public function add(
             $log->setAttribute('sentry.sdk.version', $client->getSdkVersion());
         }
 
-        $hub->configureScope(static function (Scope $scope) use ($log) {
-            $user = $scope->getUser();
-            if ($user !== null) {
-                if ($user->getId() !== null) {
-                    $log->setAttribute('user.id', $user->getId());
+        if ($options->shouldSendDefaultPii()) {
+            $hub->configureScope(static function (Scope $scope) use ($log) {
+                $user = $scope->getUser();
+                if ($user !== null) {
+                    if ($user->getId() !== null) {
+                        $log->setAttribute('user.id', $user->getId());
+                    }
+                    if ($user->getEmail() !== null) {
+                        $log->setAttribute('user.email', $user->getEmail());
+                    }
+                    if ($user->getUsername() !== null) {
+                        $log->setAttribute('user.name', $user->getUsername());
+                    }
                 }
-                if ($user->getEmail() !== null) {
-                    $log->setAttribute('user.email', $user->getEmail());
-                }
-                if ($user->getUsername() !== null) {
-                    $log->setAttribute('user.name', $user->getUsername());
-                }
-            }
-        });
+            });
+        }
 
         if (\count($values)) {
             $log->setAttribute('sentry.message.template', $message);
diff --git a/tests/Logs/LogsAggregatorTest.php b/tests/Logs/LogsAggregatorTest.php
@@ -164,6 +164,7 @@ public function testAttributesAreAddedToLogMessage(): void
     {
         $client = ClientBuilder::create([
             'enable_logs' => true,
+            'send_default_pii' => true,
             'release' => '1.0.0',
             'environment' => 'production',
             'server_name' => 'web-server-01',
@@ -210,6 +211,37 @@ public function testAttributesAreAddedToLogMessage(): void
         $this->assertSame('my_user', $attributes->get('user.name')->getValue());
     }
 
+    public function testUserAttributesAreNotAddedToLogMessageWhenSendDefaultPiiIsDisabled(): void
+    {
+        $client = ClientBuilder::create([
+            'enable_logs' => true,
+            'send_default_pii' => false,
+        ])->getClient();
+
+        $hub = new Hub($client);
+        SentrySdk::setCurrentHub($hub);
+
+        $hub->configureScope(static function (Scope $scope) {
+            $userDataBag = new UserDataBag();
+            $userDataBag->setId('unique_id');
+            $userDataBag->setEmail('foo@example.com');
+            $userDataBag->setUsername('my_user');
+            $scope->setUser($userDataBag);
+        });
+
+        $aggregator = new LogsAggregator();
+        $aggregator->add(LogLevel::info(), 'User performed action');
+
+        $logs = $aggregator->all();
+        $this->assertCount(1, $logs);
+
+        $attributes = $logs[0]->attributes();
+
+        $this->assertNull($attributes->get('user.id'));
+        $this->assertNull($attributes->get('user.email'));
+        $this->assertNull($attributes->get('user.name'));
+    }
+
     public function testFlushesImmediatelyWhenThresholdIsReached(): void
     {
         StubTransport::$events = [];
