bmoelans
commented
6 years ago @ashwoods and/or @mitsuhiko can you help me out?
Open bmoelans opened 6 years ago
bmoelans
commented
6 years ago @ashwoods and/or @mitsuhiko can you help me out?
mitsuhiko
commented
6 years ago My recommendation right now is to add a custom processor to fix such cases. The system is unfortunately not good enough to cover all cases and we're investigating some alternatives at the moment to deal with this.
bmoelans
commented
6 years ago @mitsuhiko I found a solution.
The problem is at https://github.com/getsentry/raven-python/blob/master/raven/processors.py#L118 since at that point you code have
data['data']={\n "password":"blablablabla",\n "code":"&r=0.747487-1105507184"\n}', so JSON string, but by that code it would be split as {\n "password":"blablablabla",\n "code":"&r and 0.747487-1105507184"\n}'.
A solution that does the trick for me now is before that step do
if n == 'data' and isinstance(data[n], str) and self._is_json(data[n]):
data[n] = re.sub(rf'("({"|".join(self.sanitize_keys)})":)(".*")', rf'\1"{self.MASK}"', data[n])with
def _is_json(self, value: str) -> bool:
try:
loads(value)
except ValueError:
return False
return Truealthough I am not sure that maybe adding not self._is_json(data[n]) to https://github.com/getsentry/raven-python/blob/master/raven/processors.py#L118 can be enough
We noticed getting unfiltered passwords into our Sentry.
The environment we run is:
With following json in the body of the call
we got in Sentry Body
So far so good
But now come the strange things
Strange Example 1
gives:
Body
Password is filter, but already strange behaviour
Strange Example 2
gives:
Body
So the password before
=is visibleStrange Example 3
gives:
Body
So the complete password is visible
Is this missing settings or a bug in Raven?