fix: Disable SessionSentryReplayIntegration if the environment is unsafe (#6573)

* fix: Disable SessionSentryReplayIntegration if the environment is unsafe

* Simplify shouldEnableSessionReplay

* Rename test

* Add log message

* Update changelog

* Safely unwrap SentryOptions

Author: itaybre

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Fixes
 
+- Disable SessionSentryReplayIntegration if the environment is unsafe [#6573]
 - Fix crash when last replay info is missing some keys [#6577]
 
 ## 8.57.0

Sentry.xcodeproj/project.pbxproj

@@ -1012,6 +1012,7 @@
 		F41362112E1C55AF00B84443 /* SentryScopePersistentStore+Tags.swift in Sources */ = {isa = PBXBuildFile; fileRef = F41362102E1C55AF00B84443 /* SentryScopePersistentStore+Tags.swift */; };
 		F41362132E1C566100B84443 /* SentryScopePersistentStore+User.swift in Sources */ = {isa = PBXBuildFile; fileRef = F41362122E1C566100B84443 /* SentryScopePersistentStore+User.swift */; };
 		F41362152E1C568400B84443 /* SentryScopePersistentStore+Context.swift in Sources */ = {isa = PBXBuildFile; fileRef = F41362142E1C568400B84443 /* SentryScopePersistentStore+Context.swift */; };
+		F426748D2EB11E7900E09150 /* SentryReplayApiTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F42674872EB11E7000E09150 /* SentryReplayApiTests.swift */; };
 		F443DB272E09BE8C009A9045 /* LoadValidatorTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = F443DB262E09BE8C009A9045 /* LoadValidatorTests.swift */; };
 		F44858132E03579D0013E63B /* SentryCrashDynamicLinker+Test.h in Headers */ = {isa = PBXBuildFile; fileRef = F44858122E0357940013E63B /* SentryCrashDynamicLinker+Test.h */; };
 		F451FAA62E0B304E0050ACF2 /* LoadValidator.swift in Sources */ = {isa = PBXBuildFile; fileRef = F451FAA52E0B304E0050ACF2 /* LoadValidator.swift */; };
@@ -2376,6 +2377,7 @@
 		F41362102E1C55AF00B84443 /* SentryScopePersistentStore+Tags.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SentryScopePersistentStore+Tags.swift"; sourceTree = "<group>"; };
 		F41362122E1C566100B84443 /* SentryScopePersistentStore+User.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SentryScopePersistentStore+User.swift"; sourceTree = "<group>"; };
 		F41362142E1C568400B84443 /* SentryScopePersistentStore+Context.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = "SentryScopePersistentStore+Context.swift"; sourceTree = "<group>"; };
+		F42674872EB11E7000E09150 /* SentryReplayApiTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SentryReplayApiTests.swift; sourceTree = "<group>"; };
 		F443DB262E09BE8C009A9045 /* LoadValidatorTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoadValidatorTests.swift; sourceTree = "<group>"; };
 		F44858122E0357940013E63B /* SentryCrashDynamicLinker+Test.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "SentryCrashDynamicLinker+Test.h"; sourceTree = "<group>"; };
 		F451FAA52E0B304E0050ACF2 /* LoadValidator.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = LoadValidator.swift; sourceTree = "<group>"; };
@@ -4418,6 +4420,7 @@
 		D80694C12B7CC85800B820E6 /* SessionReplay */ = {
 			isa = PBXGroup;
 			children = (
+				F42674872EB11E7000E09150 /* SentryReplayApiTests.swift */,
 				D4D0E1E22E9D040800358814 /* SentrySessionReplayEnvironmentCheckerTests.swift */,
 				D49480D22DC23E8E00A3B6E9 /* SentryReplayTypeTests.swift */,
 				D80694C22B7CC86E00B820E6 /* SentryReplayEventTests.swift */,
@@ -6371,6 +6374,7 @@
 				D4CA34832E378C9900E92A61 /* SentryArrayTests.swift in Sources */,
 				7B05A61824A4D14A00EF211D /* SentrySessionGeneratorTests.swift in Sources */,
 				D8CB742B294B1DD000A5F964 /* SentryUIApplicationTests.swift in Sources */,
+				F426748D2EB11E7900E09150 /* SentryReplayApiTests.swift in Sources */,
 				63FE720920DA66EC00CDBAE8 /* XCTestCase+SentryCrash.m in Sources */,
 				D8918B222849FA6D00701F9A /* SentrySDKIntegrationTestsBase.swift in Sources */,
 				620078782D3906BF0022CB67 /* SentryCodableTests.swift in Sources */,

Sources/Sentry/SentryReplayApi.m

@@ -4,6 +4,7 @@
 
 #    import "SentryHub+Private.h"
 #    import "SentryInternalCDefines.h"
+#    import "SentryInternalDefines.h"
 #    import "SentryLogC.h"
 #    import "SentryOptions+Private.h"
 #    import "SentrySDK+Private.h"
@@ -55,9 +56,16 @@ - (void)start SENTRY_DISABLE_THREAD_SANITIZER("double-checked lock produce false
         @synchronized(self) {
             replayIntegration = (SentrySessionReplayIntegration *)[SentrySDKInternal.currentHub
                 getInstalledIntegration:SentrySessionReplayIntegration.class];
-            if (replayIntegration == nil) {
+            if (replayIntegration == nil && SentrySDKInternal.currentHub.client.options) {
+                SentryOptions *currentOptions = SENTRY_UNWRAP_NULLABLE(
+                    SentryOptions, SentrySDKInternal.currentHub.client.options);
+                if (![SentrySessionReplayIntegration shouldEnableForOptions:currentOptions]) {
+                    SENTRY_LOG_ERROR(@"[Session Replay] Session replay is disabled due to "
+                                     @"environment potentially causing PII leaks.");
+                    return;
+                }
                 SENTRY_LOG_DEBUG(@"[Session Replay] Initializing replay integration");
-                SentryOptions *currentOptions = SentrySDKInternal.currentHub.client.options;
+
                 replayIntegration =
                     [[SentrySessionReplayIntegration alloc] initForManualUse:currentOptions];
 

Sources/Sentry/SentrySessionReplayIntegration.m

@@ -53,7 +53,6 @@ - (void)newSceneActivate;
 @implementation SentrySessionReplayIntegration {
     BOOL _startedAsFullSession;
     SentryReplayOptions *_replayOptions;
-    SentryExperimentalOptions *_experimentalOptions;
     id<SentryNSNotificationCenterWrapper> _notificationCenter;
     id<SentryRateLimits> _rateLimits;
     id<SentryViewScreenshotProvider> _currentScreenshotProvider;
@@ -65,7 +64,14 @@ @implementation SentrySessionReplayIntegration {
     // replay absolutely needs segment 0 to make replay work.
     BOOL _rateLimited;
     id<SentryCurrentDateProvider> _dateProvider;
-    id<SentrySessionReplayEnvironmentCheckerProvider> _environmentChecker;
+}
+
++ (BOOL)shouldEnableForOptions:(SentryOptions *)options
+{
+    return [SentrySessionReplay
+        shouldEnableSessionReplayWithEnvironmentChecker:SentryDependencyContainer.sharedInstance
+                                                            .sessionReplayEnvironmentChecker
+                                    experimentalOptions:options.experimental];
 }
 
 - (instancetype)init
@@ -78,39 +84,34 @@ - (instancetype)initForManualUse:(nonnull SentryOptions *)options
 {
     if (self = [super init]) {
         [self setupWith:options.sessionReplay
-                experimentalOptions:options.experimental
                  enableTouchTracker:options.enableSwizzling
                enableViewRendererV2:options.sessionReplay.enableViewRendererV2
             enableFastViewRendering:options.sessionReplay.enableFastViewRendering];
-        [self startWithOptions:options.sessionReplay
-            experimentalOptions:options.experimental
-                    fullSession:YES];
+        [self startWithOptions:options.sessionReplay fullSession:YES];
     }
     return self;
 }
 
 - (BOOL)installWithOptions:(nonnull SentryOptions *)options
 {
-    if ([super installWithOptions:options] == NO) {
+    if ([super installWithOptions:options] == NO ||
+        [SentrySessionReplayIntegration shouldEnableForOptions:options] == NO) {
         return NO;
     }
 
     [self setupWith:options.sessionReplay
-            experimentalOptions:options.experimental
              enableTouchTracker:options.enableSwizzling
            enableViewRendererV2:options.sessionReplay.enableViewRendererV2
         enableFastViewRendering:options.sessionReplay.enableFastViewRendering];
     return YES;
 }
 
 - (void)setupWith:(SentryReplayOptions *)replayOptions
-        experimentalOptions:(SentryExperimentalOptions *)experimentalOptions
          enableTouchTracker:(BOOL)touchTracker
        enableViewRendererV2:(BOOL)enableViewRendererV2
     enableFastViewRendering:(BOOL)enableFastViewRendering
 {
     _replayOptions = replayOptions;
-    _experimentalOptions = experimentalOptions;
     _rateLimits = SentryDependencyContainer.sharedInstance.rateLimits;
     _dateProvider = SentryDependencyContainer.sharedInstance.dateProvider;
 
@@ -141,7 +142,6 @@ - (void)setupWith:(SentryReplayOptions *)replayOptions
 
     _notificationCenter = SentryDependencyContainer.sharedInstance.notificationCenterWrapper;
     _dateProvider = SentryDependencyContainer.sharedInstance.dateProvider;
-    _environmentChecker = SentryDependencyContainer.sharedInstance.sessionReplayEnvironmentChecker;
 
     // We use the dispatch queue provider as a factory to create the queues, but store the queues
     // directly in this instance, so they get deallocated when the integration is deallocated.
@@ -354,9 +354,7 @@ - (void)runReplayForAvailableWindow
     if ([SentryDependencyContainer.sharedInstance.application getWindows].count > 0) {
         SENTRY_LOG_DEBUG(@"[Session Replay] Running replay for available window");
         // If a window its already available start replay right away
-        [self startWithOptions:_replayOptions
-            experimentalOptions:_experimentalOptions
-                    fullSession:_startedAsFullSession];
+        [self startWithOptions:_replayOptions fullSession:_startedAsFullSession];
     } else if (@available(iOS 13.0, tvOS 13.0, *)) {
         SENTRY_LOG_DEBUG(
             @"[Session Replay] Waiting for a scene to be available to started the replay");
@@ -376,27 +374,22 @@ - (void)newSceneActivate
             removeObserver:self
                       name:UISceneDidActivateNotification
                     object:nil];
-        [self startWithOptions:_replayOptions
-            experimentalOptions:_experimentalOptions
-                    fullSession:_startedAsFullSession];
+        [self startWithOptions:_replayOptions fullSession:_startedAsFullSession];
     }
 }
 
 - (void)startWithOptions:(SentryReplayOptions *)replayOptions
-     experimentalOptions:(SentryExperimentalOptions *)experimentalOptions
              fullSession:(BOOL)shouldReplayFullSession
 {
     SENTRY_LOG_DEBUG(@"[Session Replay] Starting session");
     [self startWithOptions:replayOptions
-        experimentalOptions:experimentalOptions
          screenshotProvider:_currentScreenshotProvider ?: _viewPhotographer
         breadcrumbConverter:_currentBreadcrumbConverter
             ?: [[SentrySRDefaultBreadcrumbConverter alloc] init]
                 fullSession:shouldReplayFullSession];
 }
 
 - (void)startWithOptions:(SentryReplayOptions *)replayOptions
-     experimentalOptions:(SentryExperimentalOptions *)experimentalOptions
       screenshotProvider:(id<SentryViewScreenshotProvider>)screenshotProvider
      breadcrumbConverter:(id<SentryReplayBreadcrumbConverter>)breadcrumbConverter
              fullSession:(BOOL)shouldReplayFullSession
@@ -431,16 +424,14 @@ - (void)startWithOptions:(SentryReplayOptions *)replayOptions
 
     SentryDisplayLinkWrapper *displayLinkWrapper = [[SentryDisplayLinkWrapper alloc] init];
     self.sessionReplay = [[SentrySessionReplay alloc] initWithReplayOptions:replayOptions
-                                                        experimentalOptions:experimentalOptions
                                                            replayFolderPath:docs
                                                          screenshotProvider:screenshotProvider
                                                                 replayMaker:replayMaker
                                                         breadcrumbConverter:breadcrumbConverter
                                                                touchTracker:_touchTracker
                                                                dateProvider:_dateProvider
                                                                    delegate:self
-                                                         displayLinkWrapper:displayLinkWrapper
-                                                         environmentChecker:_environmentChecker];
+                                                         displayLinkWrapper:displayLinkWrapper];
 
     [self.sessionReplay
         startWithRootView:[SentryDependencyContainer.sharedInstance.application getWindows]
@@ -472,15 +463,19 @@ - (nullable NSURL *)replayDirectory
     return [dir URLByAppendingPathComponent:SENTRY_REPLAY_FOLDER];
 }
 
-- (void)saveCurrentSessionInfo:(SentryId *)sessionId
+- (void)saveCurrentSessionInfo:(SentryId *_Nullable)sessionId
                           path:(NSString *)path
                        options:(SentryReplayOptions *)options
 {
     SENTRY_LOG_DEBUG(@"[Session Replay] Saving current session info for session: %@ to path: %@",
         sessionId, path);
-    NSDictionary *info =
-        [[NSDictionary alloc] initWithObjectsAndKeys:sessionId.sentryIdString, @"replayId",
-            path.lastPathComponent, @"path", @(options.onErrorSampleRate), @"errorSampleRate", nil];
+    NSMutableDictionary *info = [NSMutableDictionary new];
+    if (sessionId != nil) {
+        [info setObject:SENTRY_UNWRAP_NULLABLE(SentryId, sessionId).sentryIdString
+                 forKey:@"replayId"];
+    }
+    [info setObject:path.lastPathComponent forKey:@"path"];
+    [info setObject:@(options.onErrorSampleRate) forKey:@"errorSampleRate"];
 
     NSData *data = [SentrySerializationSwift dataWithJSONObject:info];
 

Sources/Sentry/include/HybridPublic/SentrySessionReplayIntegration.h

@@ -45,6 +45,12 @@ NS_ASSUME_NONNULL_BEGIN
 
 - (void)hideMaskPreview;
 
+/**
+ * Verifies the device environment and options and returns wether it is safe to enable
+ *  SessionReplay or not
+ */
++ (BOOL)shouldEnableForOptions:(SentryOptions *)options;
+
 @end
 #endif // SENTRY_TARGET_REPLAY_SUPPORTED
 NS_ASSUME_NONNULL_END

Sources/Swift/Integrations/SessionReplay/SentrySessionReplay.swift

@@ -30,14 +30,12 @@ import UIKit
     private(set) var isSessionPaused = false
 
     private let replayOptions: SentryReplayOptions
-    private let experimentalOptions: SentryExperimentalOptions
     private let replayMaker: SentryReplayVideoMaker
     private let displayLink: SentryReplayDisplayLinkWrapper
     private let dateProvider: SentryCurrentDateProvider
     private let touchTracker: SentryTouchTracker?
     private let lock = NSLock()
     public var replayTags: [String: Any]?
-    private let environmentChecker: SentrySessionReplayEnvironmentCheckerProvider
 
     var isRunning: Bool {
         displayLink.isRunning()
@@ -48,19 +46,16 @@ import UIKit
 
     public init(
         replayOptions: SentryReplayOptions,
-        experimentalOptions: SentryExperimentalOptions,
         replayFolderPath: URL,
         screenshotProvider: SentryViewScreenshotProvider,
         replayMaker: SentryReplayVideoMaker,
         breadcrumbConverter: SentryReplayBreadcrumbConverter,
         touchTracker: SentryTouchTracker?,
         dateProvider: SentryCurrentDateProvider,
         delegate: SentrySessionReplayDelegate,
-        displayLinkWrapper: SentryReplayDisplayLinkWrapper,
-        environmentChecker: SentrySessionReplayEnvironmentCheckerProvider
+        displayLinkWrapper: SentryReplayDisplayLinkWrapper
     ) {
         self.replayOptions = replayOptions
-        self.experimentalOptions = experimentalOptions
         self.dateProvider = dateProvider
         self.delegate = delegate
         self.screenshotProvider = screenshotProvider
@@ -69,27 +64,31 @@ import UIKit
         self.replayMaker = replayMaker
         self.breadcrumbConverter = breadcrumbConverter
         self.touchTracker = touchTracker
-        self.environmentChecker = environmentChecker
     }
 
     deinit { displayLink.invalidate() }
+    
+    static public func shouldEnableSessionReplay(environmentChecker: SentrySessionReplayEnvironmentCheckerProvider, experimentalOptions: SentryExperimentalOptions) -> Bool {
+        // Detect if we are running on iOS 26.0 with Liquid Glass and disable session replay.
+        // This needs to be done until masking for session replay is properly supported, as it can lead
+        // to PII leaks otherwise.
+        if environmentChecker.isReliable() {
+            return true
+        }
+        guard experimentalOptions.enableSessionReplayInUnreliableEnvironment else {
+            SentrySDKLog.fatal("[Session Replay] Detected environment potentially causing PII leaks, disabling Session Replay. To override this mechanism, set `options.experimental.enableSessionReplayInUnreliableEnvironment` to `true`")
+            return false
+        }
+        SentrySDKLog.warning("[Session Replay] Detected environment potentially causing PII leaks, but `options.experimental.enableSessionReplayInUnreliableEnvironment` is set to `true`, ignoring and enabling Session Replay.")
 
+        return true
+    }
+    
     public func start(rootView: UIView, fullSession: Bool) {
         SentrySDKLog.debug("[Session Replay] Starting session replay with full session: \(fullSession)")
-        guard !isRunning else { 
+        guard !isRunning else {
             SentrySDKLog.debug("[Session Replay] Session replay is already running, not starting again")
-            return 
-        }
-        
-        // Detect if we are running on iOS 26.0 with Liquid Glass and disable session replay.
-        // This needs to be done until masking for session replay is properly supported, as it can lead
-        // to PII leaks otherwise.
-        if !environmentChecker.isReliable() {
-            guard experimentalOptions.enableSessionReplayInUnreliableEnvironment else {
-                SentrySDKLog.fatal("[Session Replay] Detected environment potentially causing PII leaks, disabling Session Replay. To override this mechanism, set `options.experimental.enableSessionReplayInUnreliableEnvironment` to `true`")
-                return
-            }
-            SentrySDKLog.warning("[Session Replay] Detected environment potentially causing PII leaks, but `options.experimental.enableSessionReplayInUnreliableEnvironment` is set to `true`, ignoring and enabling Session Replay.")
+            return
         }
 
         displayLink.link(withTarget: self, selector: #selector(newFrame(_:)))