Sanitize oauth callback error logging

[cursor]

Fixes a log injection vulnerability by sanitizing user-controlled OAuth error parameters before they are logged or displayed.

Previously, the error parameter from OAuth callbacks was used directly in logs and error messages, allowing malicious strings to be injected. This PR introduces a dedicated _sanitize_oauth_error_parameter helper that collapses multi-line errors, strips disallowed characters, and truncates overly long values, ensuring only safe strings are processed.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

---

 

[codecov]

❌ 1 Tests Failed:

Tests completed	Failed	Passed	Skipped
29869	1	29868	245

View the top 1 failed test(s) by shortest run time

tests.sentry.identity.test_oauth2.OAuth2CallbackViewTest::test_error_parameter_is_sanitized

Stack Traces | 0.061s run time

#x1B[1m#x1B[.../sentry/identity/oauth2.py#x1B[0m:382: in dispatch
    lifecycle.record_failure(
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1167: in __call__
    return self._mock_call(*args, **kwargs)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1171: in _mock_call
    return self._execute_mock_call(*args, **kwargs)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1244: in _execute_mock_call
    return self._mock_wraps(*args, **kwargs)
#x1B[1m#x1B[.../integrations/utils/metrics.py#x1B[0m:263: in record_failure
    self._extra.update(extra)
#x1B[1m#x1B[31mE   AttributeError: 'IntegrationPipelineErrorReason' object has no attribute '_extra'#x1B[0m

#x1B[33mDuring handling of the above exception, another exception occurred:#x1B[0m
#x1B[1m#x1B[.../sentry/identity/test_oauth2.py#x1B[0m:177: in test_error_parameter_is_sanitized
    response = self.view.dispatch(request, pipeline)
#x1B[1m#x1B[.../sentry/identity/oauth2.py#x1B[0m:373: in dispatch
    with record_event(
#x1B[1m#x1B[.../integrations/utils/metrics.py#x1B[0m:353: in __exit__
    super().__exit__(exc_type, exc_value, traceback)
#x1B[1m#x1B[.../integrations/utils/metrics.py#x1B[0m:325: in __exit__
    self.record_failure(exc_value, create_issue=True)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1167: in __call__
    return self._mock_call(*args, **kwargs)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1171: in _mock_call
    return self._execute_mock_call(*args, **kwargs)
#x1B[1m#x1B[.../hostedtoolcache/Python/3.13.1................../x64/lib/python3.13/unittest/mock.py#x1B[0m:1244: in _execute_mock_call
    return self._mock_wraps(*args, **kwargs)
#x1B[1m#x1B[.../integrations/utils/metrics.py#x1B[0m:264: in record_failure
    self._terminate(
#x1B[1m#x1B[31mE   AttributeError: 'AttributeError' object has no attribute '_terminate'#x1B[0m

To view more test analytics, go to the Test Analytics Dashboard
_{📋 Got 3 mins? Take this short survey to help us improve Test Analytics.}