Merge pull request #413 from rollbar/pawel/cover_sensitive_post_param…

…s_django

handling sensitive_post_parameters decorator in django

.github/workflows/ci.yml

@@ -237,7 +237,7 @@ jobs:
         # certifi dropped support for Python 2 in 2020.4.5.2 but only started
         # using Python 3 syntax in 2022.5.18. 2021.10.8 is the last release with
         # Python 2 support.
-        run: pip install certifi==2021.10.8
+        run: pip install certifi==2021.10.8 requests==2.27.1
 
       - name: Install Python 3.4 dependencies
         if: ${{ contains(matrix.python-version, '3.4') }}

rollbar/contrib/django/middleware.py

@@ -185,6 +185,14 @@ def _should_ignore_404(url):
     url_patterns = getattr(settings, 'ROLLBAR', {}).get('ignorable_404_urls', ())
     return any(p.search(url) for p in url_patterns)
 
+def _apply_sensitive_post_params(request):
+    if request.sensitive_post_parameters:
+        mutable = request.POST._mutable
+        request.POST._mutable = True
+        for param in request.sensitive_post_parameters:
+            if param in request.POST:
+                request.POST[param] = "******"
+        request.POST._mutable = mutable
 
 class RollbarNotifierMiddleware(MiddlewareMixin):
     def __init__(self, get_response=None):
@@ -276,6 +284,8 @@ def process_response(self, request, response):
     def process_exception(self, request, exc):
         if isinstance(exc, Http404) and _should_ignore_404(request.get_full_path()):
             return
+        _apply_sensitive_post_params(request)
+
         rollbar.report_exc_info(
             sys.exc_info(),
             request,
@@ -305,6 +315,7 @@ def process_response(self, request, response):
             else:
                 raise Http404()
         except Exception as exc:
+            _apply_sensitive_post_params(request)
             rollbar.report_exc_info(
                 sys.exc_info(),
                 request,