Merge branch 'master' into scraps/form/hash-iv

Author: natemoo-re

.claude/skills/sentry-security/SKILL.md

@@ -67,6 +67,9 @@ The most common vulnerability. An endpoint accepts an ID from the request but do
 - Query includes `organization_id=organization.id` where `organization` comes from `convert_args()`
 - Uses `self.get_projects()` which scopes by org internally
 - Object is fetched via URL kwargs resolved by `convert_args()`
+- Unscoped query is a guard that only raises an error (never returns data), AND
+  a downstream query in the same flow IS org-scoped and raises the same error —
+  no differential behavior means no information leak
 
 ### Check 2: Missing Authorization Checks — 10 patches last year
 
@@ -137,10 +140,19 @@ For each potential finding, trace the **complete** request flow end-to-end. Do n
 7. Serializer             → do validate_*() methods enforce it?
 ```
 
-**A check at ANY layer is enforcement.** Before marking HIGH, confirm the check is absent from all 7 layers using the checklist in `enforcement-layers.md`.
+**A check at ANY layer is enforcement.** Before marking HIGH, confirm the check is absent from all layers using the checklist in `enforcement-layers.md`.
 
 If you cannot confirm the check is absent from every layer, mark the finding as **MEDIUM** (needs verification), not HIGH.
 
+**Cross-flow enforcement for token issuance:** For token/credential issuance flows, also check whether the issued credential is blocked at **usage time** (e.g., `determine_access()` rejects it at all endpoints in the relevant scope). Classify based on the enforcement scope:
+
+- **Centralized enforcement** (check runs in a permission class inherited by all endpoints in the affected scope) → the credential is effectively inert → **LOW** (do not report)
+- **Scattered enforcement** (only some endpoints or serializers check, others may not) → **MEDIUM** (report as needs verification)
+
+See `enforcement-layers.md` "Cross-Flow Enforcement."
+
+**Non-DRF views:** OAuth views are plain Django views — the 7-layer DRF model does not apply to the view itself. Check the view's own decorators and handler logic. But tokens issued by these views are later used at DRF endpoints where the full enforcement chain applies.
+
 ## Step 4: Report Findings
 
 ````markdown

.claude/skills/sentry-security/references/endpoint-patterns.md

@@ -107,6 +107,49 @@ class BaseDataConditionGroupValidator(serializers.Serializer):
 □ For PUT/POST/DELETE: the object being modified is scoped by org/project
 ```
 
+## Guard Queries vs. Data Queries
+
+Not all unscoped queries are exploitable. Before flagging an unscoped query, determine
+whether it is a **data query** or a **guard query**:
+
+**Data query** — fetches an object whose attributes are returned to the caller (in a
+Response, serializer, or side effect). An unscoped data query is a real IDOR because the
+attacker receives cross-org information.
+
+**Guard query** — checks for the existence of a record only to raise an error or block
+access. The query result is never returned to the caller.
+
+**A guard query is not exploitable when:**
+
+1. It only raises an error (e.g., `ResourceDoesNotExist`, `PermissionDenied`)
+2. A downstream query in the same request flow IS org-scoped
+3. The downstream query raises the same error class for the same input
+4. Therefore the attacker observes identical responses regardless of the guard
+
+**Example (not exploitable):**
+
+```python
+# Guard query — no org scope, but only raises an error
+invite = OrganizationMemberInvite.objects.filter(organization_member_id=om_id).first()
+if invite is not None:
+    raise ResourceDoesNotExist          # ← same error as below
+
+# Data query — properly org-scoped
+return OrganizationMember.objects.filter(id=om_id, organization_id=org.id).get()
+#                                        ↑ DoesNotExist → ResourceDoesNotExist
+```
+
+**Example (exploitable — still flag this):**
+
+```python
+# Unscoped query whose result is RETURNED to the caller
+widget = DashboardWidget.objects.get(id=widget_id)  # ← no org scope
+return Response(serialize(widget))                   # ← attacker gets cross-org data
+```
+
+**Note:** Even when a guard query is not exploitable, adding org scoping is valid
+defense-in-depth. But it should not be reported as a finding.
+
 ## Using self.get_projects()
 
 When project IDs come from the request, always use `self.get_projects()`:

.claude/skills/sentry-security/references/enforcement-layers.md

@@ -69,9 +69,31 @@ Classes like `Validator`, `ManualTokenRefresher`, `GrantExchanger`, and `Refresh
 
 `validate_*()` methods and field-level validators may enforce org/project scoping on FK references.
 
+## Non-DRF Views
+
+OAuth views (`OAuthAuthorizeView`, `OAuthDeviceView`, `OAuthTokenView`) are plain Django views, **not** DRF endpoints. Layers 1–4 do not apply to the view itself. Check the view's own authentication decorators, `dispatch()`, and handler logic directly.
+
+However, tokens issued by these views are later used at DRF API endpoints where layers 1–7 **do** apply. See "Cross-Flow Enforcement" below.
+
+## Cross-Flow Enforcement
+
+For token and credential issuance, enforcement may exist in a **different request flow** than the one being reviewed:
+
+- **Issuance flow**: The OAuth authorize/token view that creates the credential
+- **Usage flow**: The DRF API endpoints where the credential is subsequently used
+
+If the issued credential cannot be used because a separate enforcement point blocks it, classify based on where the enforcement lives:
+
+- **Centralized enforcement** — the check runs in a permission class inherited by all endpoints within the affected scope. The credential cannot reach any endpoint that lacks the check. Classify as **LOW** (do not report).
+- **Scattered enforcement** — the check exists in some endpoints or serializers but not all. The credential may be usable against unchecked endpoints. Classify as **MEDIUM** (report as needs verification).
+
+**Example (LOW — centralized):** OAuth authorize view issues a token to a `member-limit:restricted` member. The token exists, but `is_member_disabled_from_limit()` in `OrganizationPermission.determine_access()` rejects it at every organization-scoped DRF endpoint. Since the token is only usable against organization endpoints (which all inherit this permission class), the enforcement covers all relevant paths. Do not report.
+
+**Example (MEDIUM — scattered):** A token is issued without checking X, and X is only validated in specific endpoint subclasses (not the base). Some endpoints may not inherit the check. Report as needs verification.
+
 ## Tracing Requirements
 
-Before marking a finding as **HIGH**, confirm the check is absent from **all** layers:
+Before marking a finding as **HIGH**, confirm the check is absent from **all** layers AND from cross-flow enforcement:
 
 ```
 □ Authentication class does not enforce it
@@ -81,6 +103,7 @@ Before marking a finding as **HIGH**, confirm the check is absent from **all** l
 □ Handler method does not enforce it
 □ Business logic classes do not enforce it
 □ Serializer does not enforce it
+□ Cross-flow: the issued credential is not blocked at usage time
 ```
 
-If the check exists in any layer, the finding is either invalid or at most **MEDIUM** (if the enforcement is indirect or fragile).
+If the check exists in any layer or in a cross-flow enforcement point, the finding is either invalid, **LOW** (if enforcement is centralized in a base class), or at most **MEDIUM** (if enforcement is scattered or fragile).

.claude/skills/sentry-security/references/token-lifecycle.md

@@ -45,6 +45,16 @@ OAuth applications with org-level access did not require `organization_id`, allo
 
 ## Member Status Checks
 
+### Member disabled states in Sentry
+
+| State                 | Field / Flag                                          | Can log in? | Reachable in OAuth? | Where enforced                                                                    |
+| --------------------- | ----------------------------------------------------- | ----------- | ------------------- | --------------------------------------------------------------------------------- |
+| Account deactivated   | `OrganizationMember.user_is_active=False`             | No          | No — login blocked  | Login flow                                                                        |
+| Pending invitation    | `OrganizationMember.is_pending`                       | No          | No — requires login | Login flow                                                                        |
+| Seat-limit restricted | `OrganizationMember.flags["member-limit:restricted"]` | **Yes**     | **Yes**             | `OrganizationPermission.determine_access()` via `is_member_disabled_from_limit()` |
+
+The seat-limit restricted state is the one that matters for OAuth and token issuance reviews. The user can still log in and complete an OAuth flow, but all organization-scoped DRF endpoints block the resulting token via `is_member_disabled_from_limit()` in `OrganizationPermission`.
+
 ### Real vulnerability: Disabled member tokens (PR #92616)
 
 Disabled organization members could still request auth tokens.
@@ -61,6 +71,8 @@ if member.is_pending or not member.user_is_active:
     return Response({"detail": "Member is not active"}, status=403)
 ```
 
+**Known downstream enforcement:** PR #92616 added `is_member_disabled_from_limit()` checks via the organization permission base class. This is **centralized enforcement** — the check runs for every organization-scoped DRF endpoint via `OrganizationPermission.determine_access()`. Tokens held by seat-limit restricted members are blocked at all organization API endpoints. Because the enforcement covers all endpoints the token can be used against, this pattern is **LOW** (do not report). See `enforcement-layers.md` "Cross-Flow Enforcement."
+
 ### Real vulnerability: Personal tokens managing org tokens (PR #99457)
 
 Personal API tokens could perform actions on organization auth tokens, bypassing org-level authorization.
@@ -82,6 +94,8 @@ Impersonated sessions (staff acting as a user) had no rate limiting, allowing un
 □ Token issuance/refresh endpoints for org-scoped tokens require and validate organization_id
   (authentication classes reading existing tokens are exempt — org scoping is enforced by from_rpc_auth())
 □ Member active status is checked before token issuance
+  If missing at issuance but enforced at usage via is_member_disabled_from_limit() in OrganizationPermission → LOW (centralized, do not report)
+  If enforced only in specific endpoint subclasses → MEDIUM
 □ Auth method is appropriate for the operation (org token vs personal token)
 □ Impersonated sessions are rate-limited
 □ Token revocation cascades properly (revoking app revokes all its tokens)

.gitignore

@@ -1,3 +1,4 @@
+.warden/logs
 .env
 .cache/
 .code-workspace

package.json

@@ -68,7 +68,7 @@
     "@sentry-internal/rrweb": "2.40.0",
     "@sentry-internal/rrweb-player": "2.40.0",
     "@sentry-internal/rrweb-snapshot": "2.40.0",
-    "@sentry/conventions": "^0.3.1",
+    "@sentry/conventions": "^0.4.0",
     "@sentry/core": "10.27.0",
     "@sentry/node": "10.27.0",
     "@sentry/react": "10.27.0",

pnpm-lock.yaml

@@ -116,14 +116,11 @@ def build_sessions_query(
         except NoProjects:
             raise NoProjects("No projects available")  # give it a description
 
-        query_config = release_health.backend.sessions_query_config(organization)
-
         return QueryDefinition(
             query=request.GET,
             params=params,
             offset=offset,
             limit=limit,
-            query_config=query_config,
         )
 
     @contextmanager

src/sentry/api/endpoints/organization_sessions.py

@@ -42,15 +42,10 @@ def fetch_sessions_data(
         query_params["start"] = start.isoformat()
         query_params["end"] = end.isoformat()
 
-        # crash free rates are on a dynamic INTERVAL basis
-        # TODO: determine how this affects results for new releases
-        query_config = release_health.backend.sessions_query_config(organization)
-
         # NOTE: params start/end are overwritten by query start/end
         query = QueryDefinition(
             query=query_params,
             params=params,
-            query_config=query_config,
         )
 
         return release_health.backend.run_sessions_query(

src/sentry/api/endpoints/release_thresholds/utils/fetch_sessions_data.py

@@ -13,8 +13,12 @@
 
 from sentry.models.project import Project
 from sentry.services.eventstore.models import Event, GroupEvent
+from sentry.utils import json
 from sentry.utils.eap import hex_to_item_id
 
+# Max depth for recursive encoding to protobuf AnyValue.
+_ENCODE_MAX_DEPTH = 6
+
 
 def serialize_event_data_as_item(
     event: Event | GroupEvent, event_data: Mapping[str, Any], project: Project
@@ -31,12 +35,16 @@ def serialize_event_data_as_item(
         ),
         retention_days=event_data.get("retention_days", 90),
         attributes=encode_attributes(
-            event, event_data, ignore_fields={"event_id", "timestamp", "tags"}
+            event, event_data, ignore_fields={"event_id", "timestamp", "tags", "spans", "'spans'"}
         ),
     )
 
 
-def _encode_value(value: Any) -> AnyValue:
+def _encode_value(value: Any, _depth: int = 0) -> AnyValue:
+    if _depth > _ENCODE_MAX_DEPTH:
+        # Beyond max depth, stringify to prevent protobuf nesting limit errors.
+        return AnyValue(string_value=json.dumps(value))
+
     if isinstance(value, str):
         return AnyValue(string_value=value)
     elif isinstance(value, bool):
@@ -53,14 +61,16 @@ def _encode_value(value: Any) -> AnyValue:
     elif isinstance(value, list) or isinstance(value, tuple):
         # Not yet processed on EAP side
         return AnyValue(
-            array_value=ArrayValue(values=[_encode_value(v) for v in value if v is not None])
+            array_value=ArrayValue(
+                values=[_encode_value(v, _depth + 1) for v in value if v is not None]
+            )
         )
     elif isinstance(value, dict):
         # Not yet processed on EAP side
         return AnyValue(
             kvlist_value=KeyValueList(
                 values=[
-                    KeyValue(key=str(kv[0]), value=_encode_value(kv[1]))
+                    KeyValue(key=str(kv[0]), value=_encode_value(kv[1], _depth + 1))
                     for kv in value.items()
                     if kv[1] is not None
                 ]