Hide Django sensitive datas #345
Conversation
|
Is there any reason you can't do that with a processor ? |
|
No i have not any reason for this. I'm looking now. Sorry |
|
I tried do this but this for only Django. Because i need sensitive_post_parameters from django decorators. But processors.py is general for Django, flask and more. |
|
we could change default Django processors, but in the end this is really specific, so ideally we'd be able to actually support sensitive_post_parameters (and not just all) I'm actually OK with this being only available in the Django client as well, but I'd love to see it correctly support the sensitive params |
|
We are use Django 1.4 Added note: My Message not offensive. Sorry for my English. I want to help for better raven. I like it. |
|
Indeed processors aren't enough in your case, I'm sorry I missed the point. |
|
I modified the django client in raven because sensitive_post_parameters (https://docs.djangoproject.com/en/1.4/howto/error-reporting/#sensitive_post_parameters) are built in django 1.4 and in new versions by default decorators. I check whether sensitive_post_parameters exist in old versions of django. (older than 1.4) this is the most generic situation I have ever known. Do you have any suggestions to make my code effective? Thanks. |
|
I need to write some test cases to see how raven already behave and figure what the next steps are. |
|
Thank you. |
|
Why i am added new lines ? Because, sensitive post parameters decorators, usable with non-params or with params. My previous (first) commit for "non-params type" and hide everything -if developer want- But if developer only masking few post variable "like credit-numer, username, password" must be use with params. I fix this. Sorry for less commit. Commit last for more performance. We are waiting for news. I wish you success in your work |
|
This looks pretty good. I'd like to get some tests for this though as I dont feel like manually QAing a patch |
|
Please wait, i will change some import because we have "probably" unicode error. I have to use django's urllib. I will fix this. Sorry again. I will fix and push. Our codereview team said need more test. |
|
urlparse doesn't exists in python3 out of the box. See https://github.com/getsentry/raven-python/blob/master/raven/utils/compat.py#L36 about. If you fix those two points, you'll be able to see any unicode encode/decode error in the tests. |
|
I will fix urlparse with _urlparse (in raven compat) and urlencode with "from django.utils.http import urlencode" |
|
system working good but "we have to" use processors. Because sensitive datas still can be readable with other methods. This pull request NOT OK! :( Sorry. I will work on this. |
|
I'll try to have a look at that one this week end |
|
Ok now. |
There was a problem hiding this comment.
we can just require the use of the raven middleware for this, and install a custom Django processor.
See raven.contrib.django.middleware.SentryMiddleware
It gives us access to the request object, and then we can have a SensitiveDataProcessor or something that we add to the default processors (for Django client) which applies this
|
We are resolve this with Processor. Sorry your time. |
|
@berkantaydin can you please share how you accomplished this with processors? I am currently having the same issue and would love to solve. thanks |
|
You can use the Processor. http://raven.readthedocs.org/en/latest/config/ look at processor tabs; You write own processor and use like this processors = ( |
5 participants
If use "sensitive_post_parameters" decorator in Django, running perfectly but raven send to sentry everything. Request Body have all datas (sensitive too). I fixed this for replace .