Automatically filter sensitive information in some Python standard libraries

mvaled · February 7, 2017, 1:58pm

I use an on-premises installation. I use the master branch to deploy at least once per-week. Currently I’m running commit 5f17a3b08b.

I also use raven and the it’s logging integration to report events to sentry.

I noticed that when errors occur using some protocol-oriented modules from the standard library, sensitive information may be sent to the Sentry.

Example: An error occurred while executing the IMAP LOGIN command and see the user’s email and password arguments to the _simple_command function in imaplib.py. This is because in this function takes *args. In the same traceback the calling function has local variable password is properly filtered out.

Do raven keeps a blacklist of ‘standard library’ packages to filter. I know I could write a processor, but being the standard library standard, I think raven could include several known leaks like this one and avoid them by default.

Best regards,
Manuel.

benvinegar · February 10, 2017, 6:48pm

Do raven keeps a blacklist of ‘standard library’ packages to filter.

We don’t. The tricky thing here is that Sentry processes exceptions from dozens of platforms, so maintaining such a list for every platform will be really onerous and hard to maintain.

I think it would be our preference that this be done in the Python SDK, perhaps ideally as a plugin of some kind.

Topic		Replies	Views
Config to Disable email, username and ip address logging in raven-python SDKs	0	1234	April 24, 2018
Django Management Command Error Tracking SDKs	7	3064	August 13, 2018
Confused about new SDK	5	911	November 16, 2018
How to customize event in before_send SDKs	4	5482	August 19, 2019
Not all issues are passing through the raven filter? Python + Pyramid	2	937	March 9, 2018

Automatically filter sensitive information in some Python standard libraries

Related Topics