SafeExceptionReporterFilter obfuscates variables in the function decorated
with sensitive_variables, but it does not obfuscate variables lower in the
call stack, which could result in sensitive data being leaked in exception
reports.
For instance:
@sensitive_variables('sensitive')
def decorated_function():
sensitive = 'something sensitive'
undecorated_function(sensitive)
def undecorated_function(var):
raise Exception()
In this code, the "sensitive" variable will be obfuscated in
the decorated_function stack frame, but "var" in the undecorated_function
stack frame will not, resulting in the sensitive data being leaked in the
report. If we wrote undecorated_function, then we can just decorate the
function ourselves, but if it's from a third-party package, we are unable
to decorate it.
The solution here is to obfuscate _all_ variables in all stack frames below
a function decorated with sensitive_variables, since these functions can do
arbitrary things with the sensitive data. I've written a custom
SafeExceptionReporterFilter that does this for the company I work for, and
I think it would be a good behavior to adopt in core Django.
Any thoughts or concerns with this approach?
--
This message, including any attachments, is a PRIVATE communication,
which may contain confidential, legally privileged, and/or proprietary
information. If you are not the intended recipient, you are hereby
notified that any dissemination, disclosure, copying, distribution or use
of the information contained in or attached to this message is strictly
prohibited. Please notify the sender of the delivery error by replying to
this message, and then permanently delete it from your system. Unless
explicitly stated to the contrary, nothing contained in this message shall
constitute an offer to buy or sell, or a solicitation of an offer to buy or
sell, any security, property interest or other asset, nor shall it
constitute a binding obligation of any kind, an official confirmation of
any transaction or an official statement of Cadre.
Cadre may monitor,
review and retain email communications traveling through its networks or
systems, AND CADRE IS NOT OBLIGATED TO RESTRICT THE USE OR DISCLOSURE OF
ANY INFORMATION SENT TO IT BY YOU VIA E-MAIL COMMUNICATION.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/7376ab0c-530c-42d8-9cfb-6c829af21098%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
