getsentry
SanitizePasswordsProcessor and local vars
I'm experiencing an issue where values in certain locations are being masked by the SanitizePasswordsProcessor and not in others, namely in local variables pulled from stack traces.
The default regex for the processor is ^(?:\d[ -]*?){13,16}$ and when I have code such as this in my app:
@app.route('/')
def index():
# masked correctly
current_app.sentry.client.context.merge({'extra': {
'example': '4242424242424242'}})
# shows up in sentry wrapped in single quotes
example_var = "4242424242424242"
raise Exception('foo')
the example from the extra context is masked correctly with asterisks, and the example_var from the stack trace is in plain text with quotes around it. It appears when it enters the sanitize method it is a string wrapped in single quotes which fails SanitizePasswordsProcessor.VALUES_RE.
Version information:
Python 3.6.5
raven==6.8.0
Is this expected behavior?
You are correct. The current regex does not capture the string wrapped in quotes, which is often how it is represented in stack locals. That seems like more of an oversight, and I've opened up a PR for that.
As it may be some time before a new version is stamped, in the meantime I'd suggest subclassing it and adding this processor to app.config['SENTRY_PROCESSORS'] = (SanitizeStackLocalStringValuesProcessor, ...) (assuming you're using flask) alongside whatever other processors you might already be using.
class SanitizeStackLocalStringValuesProcessor(SanitizePasswordsProcessor):
VALUES_RE = re.compile(r'^\'?(?:\d[ -]*?){13,16}\'?$')
