Permalink
Browse files

scrub passwords from GET and POST

  • Loading branch information...
Brian Rue
Brian Rue committed Nov 21, 2012
1 parent 2c06ba2 commit a57235e4e2ea3a5b1f2621d4072ed1712d051f21
Showing with 24 additions and 6 deletions.
  1. +1 −1 README.rst
  2. +22 −4 django_ratchet/middleware.py
  3. +1 −1 setup.py
View
@@ -50,7 +50,7 @@ Basic configuration requires two changes in your ``settings.py``.
To make the ``RATCHET`` settings available in your templates as ``ratchet_settings``, add the context processor::
- from django.conf import glaobl_settings
+ from django.conf import global_settings
TEMPLATE_CONTEXT_PROCESSORS = global_settings.TEMPLATE_CONTEXT_PROCESSORS + (
'django_ratchet.context_processors.ratchet_settings',
)
@@ -27,7 +27,7 @@
log = logging.getLogger(__name__)
-VERSION = '0.3.3'
+VERSION = '0.3.5'
DEFAULTS = {
@@ -38,7 +38,8 @@
'timeout': 1,
'environment': lambda: 'development' if settings.DEBUG else 'production',
'agent.log_file': 'log.ratchet',
- 'patch_debugview': True
+ 'patch_debugview': True,
+ 'scrub_fields': ['passwd', 'password', 'secret']
}
@@ -222,8 +223,8 @@ def _build_payload(self, request):
data['request'] = {
'url': request.build_absolute_uri(),
'method': request.method,
- 'GET': dict(request.GET),
- 'POST': dict(request.POST),
+ 'GET': self._scrub_request_params(request.GET),
+ 'POST': self._scrub_request_params(request.POST),
'user_ip': _extract_user_ip(request),
}
# headers
@@ -252,6 +253,23 @@ def _build_payload(self, request):
'data': data
}
return self.encoder.encode(payload)
+
+ def _scrub_request_params(self, params):
+ """
+ Given request.POST/request.GET, returns a dict with passwords scrubbed out
+ (replaced with astrickses)
+ """
+ scrub_fields = set(self._get_setting('scrub_fields'))
+ params = dict(params)
+
+ for k, v in params.items():
+ if k.lower() in scrub_fields:
+ if isinstance(v, list):
+ params[k] = ['*' * len(x) for x in v]
+ else:
+ params[k] = '*' * len(v)
+
+ return params
def _extract_person_data(self, request, data):
"""
View
@@ -12,7 +12,7 @@
setup(
name='django-ratchet',
packages=['django_ratchet'],
- version='0.3.3',
+ version='0.3.5',
description='Ratchet.io plugin for django',
long_description=README,
author='Brian Rue',

0 comments on commit a57235e

Please sign in to comment.