paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3d9c4494f5e50aa7548babf8d790e4e7fa69e3c1
zulip/zerver/filters.py
Tim Abbott 39ea471cf1 error reports: Ensure we filter API keys from query strings. 
For some webhook endpoints where the third-party API requires us to do
this, the user's API key might appear in error emails through
appearing in the `QUERY_STRING` parameter.  Fix that by filtering any
actual content from those; what we usually need for debugging is just
what set of parameters were provided.
2018-10-19 15:03:14 -07:00

21 lines
825 B
Python
Raw Blame History

import re
from typing import Any, Dict
from django.http import HttpRequest
from django.views.debug import SafeExceptionReporterFilter
class ZulipExceptionReporterFilter(SafeExceptionReporterFilter):
def get_post_parameters(self, request: HttpRequest) -> Dict[str, Any]:
filtered_post = SafeExceptionReporterFilter.get_post_parameters(self, request).copy()
filtered_vars = ['content', 'secret', 'password', 'key', 'api-key', 'subject', 'stream',
'subscriptions', 'to', 'csrfmiddlewaretoken', 'api_key']
for var in filtered_vars:
if var in filtered_post:
filtered_post[var] = '**********'
return filtered_post
def clean_data_from_query_parameters(val: str) -> str:
return re.sub(r"([a-z_-]+=)([^&]+)([&]|$)", r"\1******\3", val)
Reference in New Issue View Git Blame Copy Permalink