def test_stacktrace(self):
data = {
'sentry.interfaces.Stacktrace': {
'frames': [{
'vars': {
'foo': 'bar',
'password': '******',
'the_secret': 'hello',
'a_password_here': 'hello',
},
}]
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('sentry.interfaces.Stacktrace' in result)
stack = result['sentry.interfaces.Stacktrace']
self.assertTrue('frames' in stack)
self.assertEquals(len(stack['frames']), 1)
frame = stack['frames'][0]
self.assertTrue('vars' in frame)
vars = frame['vars']
self.assertTrue('foo' in vars)
self.assertEquals(vars['foo'], 'bar')
self.assertTrue('password' in vars)
self.assertEquals(vars['password'], proc.MASK)
self.assertTrue('the_secret' in vars)
self.assertEquals(vars['the_secret'], proc.MASK)
self.assertTrue('a_password_here' in vars)
self.assertEquals(vars['a_password_here'], proc.MASK)
def test_cookie_as_string_with_partials(self):
data = get_http_data()
data['request']['cookies'] = 'foo=bar;password;baz=bar'
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('request' in result)
http = result['request']
self.assertEquals(http['cookies'], 'foo=bar;password;baz=bar' % dict(m=proc.MASK))
def test_extra(self):
data = get_extra_data()
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('extra' in result)
extra = result['extra']
self._check_vars_sanitized(extra, proc)
def test_http(self):
data = get_http_data()
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('request' in result)
http = result['request']
for n in ('data', 'env', 'headers', 'cookies'):
self.assertTrue(n in http)
self._check_vars_sanitized(http[n], proc)
def test_cookie_as_string(self):
data = get_http_data()
data['request']['cookies'] = 'foo=bar;password=hello;the_secret=hello'\
';a_password_here=hello;api_key=secret_key'
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('request' in result)
http = result['request']
self.assertEquals(
http['cookies'], 'foo=bar;password=%(m)s;the_secret=%(m)s'
';a_password_here=%(m)s;api_key=%(m)s' % dict(m=proc.MASK))
def test_querystring_as_string(self):
data = get_http_data()
data['request']['query_string'] = 'foo=bar&password=hello&the_secret=hello'\
'&a_password_here=hello&api_key=secret_key'
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('request' in result)
http = result['request']
self.assertEquals(
http['query_string'], 'foo=bar&password=%(m)s&the_secret=%(m)s'
'&a_password_here=%(m)s&api_key=%(m)s' % dict(m=proc.MASK))
def test_querystring_as_string(self):
data = {
'sentry.interfaces.Http': {
'query_string': 'foo=bar&password=hello&the_secret=hello&a_password_here=hello',
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('sentry.interfaces.Http' in result)
http = result['sentry.interfaces.Http']
self.assertEquals(http['query_string'], 'foo=bar&password=%(m)s&the_secret=%(m)s&a_password_here=%(m)s' % dict(m=proc.MASK))
def test_querystring_as_string_with_partials(self):
data = {
'sentry.interfaces.Http': {
'query_string': 'foo=bar&password&baz=bar',
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('sentry.interfaces.Http' in result)
http = result['sentry.interfaces.Http']
self.assertEquals(http['query_string'], 'foo=bar&password&baz=bar' % dict(m=proc.MASK))
def test_http(self):
data = {
'sentry.interfaces.Http': {
'data': {
'foo': 'bar',
'password': '******',
'the_secret': 'hello',
'a_password_here': 'hello',
},
'env': {
'foo': 'bar',
'password': '******',
'the_secret': 'hello',
'a_password_here': 'hello',
},
'headers': {
'foo': 'bar',
'password': '******',
'the_secret': 'hello',
'a_password_here': 'hello',
},
'cookies': {
'foo': 'bar',
'password': '******',
'the_secret': 'hello',
'a_password_here': 'hello',
},
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('sentry.interfaces.Http' in result)
http = result['sentry.interfaces.Http']
for n in ('data', 'env', 'headers', 'cookies'):
self.assertTrue(n in http)
vars = http[n]
self.assertTrue('foo' in vars)
self.assertEquals(vars['foo'], 'bar')
self.assertTrue('password' in vars)
self.assertEquals(vars['password'], proc.MASK)
self.assertTrue('the_secret' in vars)
self.assertEquals(vars['the_secret'], proc.MASK)
self.assertTrue('a_password_here' in vars)
self.assertEquals(vars['a_password_here'], proc.MASK)
def test_http(self):
data = {
'sentry.interfaces.Http': {
'data': VARS,
'env': VARS,
'headers': VARS,
'cookies': VARS,
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('sentry.interfaces.Http' in result)
http = result['sentry.interfaces.Http']
for n in ('data', 'env', 'headers', 'cookies'):
self.assertTrue(n in http)
self._check_vars_sanitized(http[n], proc)
def test_stacktrace(self):
data = {
'stacktrace': {
'frames': [{
'vars': VARS
}],
}
}
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
self.assertTrue('stacktrace' in result)
stack = result['stacktrace']
self.assertTrue('frames' in stack)
self.assertEquals(len(stack['frames']), 1)
frame = stack['frames'][0]
self.assertTrue('vars' in frame)
self._check_vars_sanitized(frame['vars'], proc)
def test_stacktrace(self, *args, **kwargs):
"""
Check whether sensitive variables are properly stripped from stack-trace
messages.
"""
data = get_stack_trace_data_real()
proc = SanitizePasswordsProcessor(Mock())
result = proc.process(data)
# data['exception']['values'][0]['stacktrace']['frames'][0]['vars']
self.assertTrue('exception' in result)
exception = result['exception']
self.assertTrue('values' in exception)
values = exception['values']
stack = values[0]['stacktrace']
self.assertTrue('frames' in stack)
self.assertEquals(len(stack['frames']), 2)
frame = stack['frames'][1] # frame of will_throw_type_error()
self.assertTrue('vars' in frame)
self._check_vars_sanitized(frame['vars'], proc)
def test_sanitize_credit_card_amex(self):
# AMEX numbers are 15 digits, not 16
proc = SanitizePasswordsProcessor(Mock())
result = proc.sanitize('foo', '424242424242424')
self.assertEquals(result, proc.MASK)
def test_sanitize_credit_card(self):
proc = SanitizePasswordsProcessor(Mock())
result = proc.sanitize('foo', '4242424242424242')
self.assertEquals(result, proc.MASK)
def test_sanitize_non_ascii(self):
proc = SanitizePasswordsProcessor(Mock())
result = proc.sanitize('__repr__: жили-были', '42')
self.assertEquals(result, '42')
def test_sanitize_bytes(self):
proc = SanitizePasswordsProcessor(Mock())
data = {'data': b'password=1234'}
result = proc.filter_http(data)
self.assertIn(data['data'], 'password=%s' % proc.MASK)
