I use an on-premises installation. I use the master branch to deploy at least once per-week. Currently I’m running commit 5f17a3b08b.
I also use raven and the it’s logging integration to report events to sentry.
I noticed that when errors occur using some protocol-oriented modules from the standard library, sensitive information may be sent to the Sentry.
Example: An error occurred while executing the IMAP LOGIN command and see the user’s email and password arguments to the _simple_command
function in imaplib.py. This is because in this function takes *args
. In the same traceback the calling function has local variable password
is properly filtered out.
Do raven keeps a blacklist of ‘standard library’ packages to filter. I know I could write a processor, but being the standard library standard, I think raven could include several known leaks like this one and avoid them by default.
Best regards,
Manuel.