SafeExceptionReporterFilter obfuscates variables in the function decorated with sensitive_variables, but it does not obfuscate variables lower in the call stack, which could result in sensitive data being leaked in exception reports.
For instance:
@sensitive_variables('sensitive')
def decorated_function():
sensitive = 'something sensitive'
undecorated_function(sensitive)
def undecorated_function(var):
raise Exception()
In this code, the "sensitive" variable will be obfuscated in the decorated_function stack frame, but "var" in the undecorated_function stack frame will not, resulting in the sensitive data being leaked in the report. If we wrote undecorated_function, then we can just decorate the function ourselves, but if it's from a third-party package, we are unable to decorate it.
The solution here is to obfuscate _all_ variables in all stack frames below a function decorated with sensitive_variables, since these functions can do arbitrary things with the sensitive data. I've written a custom SafeExceptionReporterFilter that does this for the company I work for, and I think it would be a good behavior to adopt in core Django.
Any thoughts or concerns with this approach?
This message, including any attachments, is a PRIVATE communication, which may contain confidential, legally privileged, and/or proprietary information. If you are not the intended recipient, you are hereby notified that any dissemination, disclosure, copying, distribution or use of the information contained in or attached to this message is strictly prohibited. Please notify the sender of the delivery error by replying to this message, and then permanently delete it from your system. Unless explicitly stated to the contrary, nothing contained in this message shall constitute an offer to buy or sell, or a solicitation of an offer to buy or sell, any security, property interest or other asset, nor shall it constitute a binding obligation of any kind, an official confirmation of any transaction or an official statement of Cadre.
Cadre may monitor, review and retain email communications traveling through its networks or systems, AND CADRE IS NOT OBLIGATED TO RESTRICT THE USE OR DISCLOSURE OF ANY INFORMATION SENT TO IT BY YOU VIA E-MAIL COMMUNICATION.