From dec0333c127d467f2b489ee0d8e3b4211b53620a Mon Sep 17 00:00:00 2001 From: Berkant AYDIN Date: Thu, 25 Jul 2013 08:28:55 +0300 Subject: [PATCH 1/5] Hide Django sensitive datas --- raven/contrib/django/client.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/raven/contrib/django/client.py b/raven/contrib/django/client.py index 43e73ccae..f3b92bd97 100644 --- a/raven/contrib/django/client.py +++ b/raven/contrib/django/client.py @@ -80,6 +80,11 @@ def get_data_from_request(self, request): except Exception: # assume we had a partial read: data = '' + + # hide sensitive data + if hasattr(request, 'sensitive_post_parameters'): + if request.sensitive_post_parameters == '__ALL__': + data ='' else: data = None From 19109f8f885f1075f98745817031e4ba77d9e555 Mon Sep 17 00:00:00 2001 From: Berkant AYDIN Date: Fri, 2 Aug 2013 14:39:07 +0300 Subject: [PATCH 2/5] post_sensitive_data acceptable dict and raven will really hide sensitive dict datas --- raven/contrib/django/client.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/raven/contrib/django/client.py b/raven/contrib/django/client.py index f3b92bd97..96e0d1d74 100644 --- a/raven/contrib/django/client.py +++ b/raven/contrib/django/client.py @@ -81,10 +81,19 @@ def get_data_from_request(self, request): # assume we had a partial read: data = '' - # hide sensitive data + # hide sensitive data if hasattr(request, 'sensitive_post_parameters'): if request.sensitive_post_parameters == '__ALL__': - data ='' + data = '' + elif data != '': + tmp = data.split('&') + tmp = dict(keys.split('=') for keys in tmp) + for param in request.sensitive_post_parameters: + if param in tmp.keys(): + tmp[param] = '' + data = '&'.join(['%s=%s' % (key, value) + for (key, value) in tmp.items()]) + else: data = None From 193e91c492ab7cae76bc3c90af5c082172e18e1e Mon Sep 17 00:00:00 2001 From: Berkant AYDIN Date: Mon, 5 Aug 2013 16:52:53 +0300 Subject: [PATCH 3/5] More performance & more readable coding --- raven/contrib/django/client.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/raven/contrib/django/client.py b/raven/contrib/django/client.py index 96e0d1d74..b4b21558c 100644 --- a/raven/contrib/django/client.py +++ b/raven/contrib/django/client.py @@ -15,6 +15,8 @@ from django.http import HttpRequest from django.template import TemplateSyntaxError from django.template.loader import LoaderOrigin +from urlparse import parse_qs +from urllib import urlencode from raven.base import Client from raven.contrib.django.utils import get_data_from_template, get_host @@ -86,13 +88,11 @@ def get_data_from_request(self, request): if request.sensitive_post_parameters == '__ALL__': data = '' elif data != '': - tmp = data.split('&') - tmp = dict(keys.split('=') for keys in tmp) + qs = parse_qs(data) for param in request.sensitive_post_parameters: - if param in tmp.keys(): - tmp[param] = '' - data = '&'.join(['%s=%s' % (key, value) - for (key, value) in tmp.items()]) + if param in qs: + qs[param] = '' + data = urlencode(qs, doseq=True) else: data = None From 9c0595c145fc08890339f48209e41ac2bdaefb45 Mon Sep 17 00:00:00 2001 From: Berkant AYDIN Date: Mon, 12 Aug 2013 08:35:47 +0300 Subject: [PATCH 4/5] fix urlencode and urlparse imports for python3 --- raven/contrib/django/client.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/raven/contrib/django/client.py b/raven/contrib/django/client.py index b4b21558c..47033fb2f 100644 --- a/raven/contrib/django/client.py +++ b/raven/contrib/django/client.py @@ -15,8 +15,7 @@ from django.http import HttpRequest from django.template import TemplateSyntaxError from django.template.loader import LoaderOrigin -from urlparse import parse_qs -from urllib import urlencode +from django.utils.http import urlencode from raven.base import Client from raven.contrib.django.utils import get_data_from_template, get_host @@ -88,7 +87,7 @@ def get_data_from_request(self, request): if request.sensitive_post_parameters == '__ALL__': data = '' elif data != '': - qs = parse_qs(data) + qs = _urlparse.parse_qs(data) for param in request.sensitive_post_parameters: if param in qs: qs[param] = '' From 8da376eb180cbd1835ba4d11f3e07db2db35035f Mon Sep 17 00:00:00 2001 From: Berkant AYDIN Date: Thu, 15 Aug 2013 11:57:52 +0300 Subject: [PATCH 5/5] Hiding sensitive post parameters in Stacktrace --- raven/contrib/django/client.py | 3 +++ raven/processors.py | 15 +++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/raven/contrib/django/client.py b/raven/contrib/django/client.py index 47033fb2f..ba8321840 100644 --- a/raven/contrib/django/client.py +++ b/raven/contrib/django/client.py @@ -107,6 +107,9 @@ def get_data_from_request(self, request): 'cookies': dict(request.COOKIES), 'headers': dict(get_headers(environ)), 'env': dict(get_environ(environ)), + 'sensitive_post_params': + request.sensitive_post_parameters and + request.sensitive_post_parameters or False } }) diff --git a/raven/processors.py b/raven/processors.py index 224dc1d47..134c1b04b 100644 --- a/raven/processors.py +++ b/raven/processors.py @@ -71,7 +71,7 @@ def sanitize(self, key, value): key = key.lower() for field in self.FIELDS: - if field in key: + if self.FIELDS == "__ALL__" or field in key: # store mask as a fixed length for security return self.MASK return value @@ -104,10 +104,17 @@ def filter_http(self, data): data[n] = varmap(self.sanitize, data[n]) def process(self, data, **kwargs): - if 'sentry.interfaces.Stacktrace' in data: - self.filter_stacktrace(data['sentry.interfaces.Stacktrace']) - if 'sentry.interfaces.Http' in data: + if 'sensitive_post_params' in data['sentry.interfaces.Http']: + + if data['sentry.interfaces.Http']['sensitive_post_params'] == '__ALL__': + self.FIELDS = "__ALL__" + elif data['sentry.interfaces.Http']['sensitive_post_params']: + self.FIELDS = self.FIELDS.union(data['sentry.interfaces.Http']['sensitive_post_params']) + self.filter_http(data['sentry.interfaces.Http']) + if 'sentry.interfaces.Stacktrace' in data: + self.filter_stacktrace(data['sentry.interfaces.Stacktrace']) + return data