Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #205 from TrueCar/master

Updated to encrypted fields to truncate if necessary before encryption
  • Loading branch information...
commit 5da6ff0461fa7b6b854e88a1180b8efd05c76a2d 2 parents 2b91641 + b9beb4a
@trbs trbs authored
Showing with 18 additions and 2 deletions.
  1. +18 −2 django_extensions/db/fields/encrypted.py
View
20 django_extensions/db/fields/encrypted.py
@@ -2,6 +2,7 @@
from django.core.exceptions import ImproperlyConfigured
from django import forms
from django.conf import settings
+import warnings
try:
from keyczar import keyczar
@@ -9,6 +10,7 @@
raise ImportError('Using an encrypted field requires the Keyczar module. '
'You can obtain Keyczar from http://www.keyczar.org/.')
+class EncryptionWarning(RuntimeWarning): pass
class BaseEncryptedField(models.Field):
prefix = 'enc_str:::'
@@ -17,6 +19,13 @@ def __init__(self, *args, **kwargs):
raise ImproperlyConfigured('You must set the '
'ENCRYPTED_FIELD_KEYS_DIR setting to your Keyczar keys directory.')
self.crypt = keyczar.Crypter.Read(settings.ENCRYPTED_FIELD_KEYS_DIR)
+
+ # Encrypted size is larger than unencrypted
+ self.unencrypted_length = max_length
+ if max_length:
+ max_length = len(self.prefix) + \
+ len(self.crypt.Encrypt('x'*max_length))
+
super(BaseEncryptedField, self).__init__(*args, **kwargs)
def to_python(self, value):
@@ -28,6 +37,15 @@ def to_python(self, value):
def get_db_prep_value(self, value, connection, prepared=False):
if value and not value.startswith(self.prefix):
+
+ # Truncated encrypted content is unreadable,
+ # so truncate before encryption
+ max_length = self.unencrypted_length
+ if max_length and len(value) > max_length:
+ warnings.warn("Truncating field %s from %d to %d bytes" % \
+ (self.name, len(value), max_length),EncryptionWarning)
+ value = value[:max_length]
+
value = self.prefix + self.crypt.Encrypt(value)
return value
@@ -57,8 +75,6 @@ class EncryptedCharField(BaseEncryptedField):
__metaclass__ = models.SubfieldBase
def __init__(self, max_length=None, *args, **kwargs):
- if max_length:
- max_length += len(self.prefix)
super(EncryptedCharField, self).__init__(max_length=max_length, *args, **kwargs)
def get_internal_type(self):
Please sign in to comment.
Something went wrong with that request. Please try again.