From aa9079505082d92d4ee5dc6a4adca056422422ed Mon Sep 17 00:00:00 2001 From: Markus Holtermann Date: Wed, 31 Jul 2024 11:44:49 -0300 Subject: [PATCH] Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat `AUTH` as a sensitive match. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> --- django/views/debug.py | 2 +- docs/howto/error-reporting.txt | 6 +++++- docs/releases/5.2.txt | 3 ++- tests/view_tests/tests/test_debug.py | 4 +++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/django/views/debug.py b/django/views/debug.py index c1265bfe6b..38f1338461 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -113,7 +113,7 @@ class SafeExceptionReporterFilter: cleansed_substitute = "********************" hidden_settings = _lazy_re_compile( - "API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I + "API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I ) def cleanse_setting(self, key, value): diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 61450dfe7a..17ba14c35c 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -282,7 +282,11 @@ following attributes and methods: import re - re.compile(r"API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE) + re.compile(r"API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE) + + .. versionchanged:: 5.2 + + The term ``AUTH`` was added. .. method:: is_active(request) diff --git a/docs/releases/5.2.txt b/docs/releases/5.2.txt index ba9a3dfd4c..b732e98c9f 100644 --- a/docs/releases/5.2.txt +++ b/docs/releases/5.2.txt @@ -150,7 +150,8 @@ Email Error Reporting ~~~~~~~~~~~~~~~ -* ... +* The attribute :attr:`.SafeExceptionReporterFilter.hidden_settings` now + treats values as sensitive if their name includes ``AUTH``. File Storage ~~~~~~~~~~~~ diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 0cc6348920..4b0a7cf49d 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -1557,7 +1557,8 @@ class ExceptionReporterFilterTests( "SECRET_KEY_FALLBACKS", "PASSWORD", "API_KEY", - "AUTH_TOKEN", + "SOME_TOKEN", + "MY_AUTH", ] def test_non_sensitive_request(self): @@ -1885,6 +1886,7 @@ class ExceptionReporterFilterTests( "PASSWORD": "super secret", "SECRET_VALUE": "super secret", "SOME_TOKEN": "super secret", + "THE_AUTH": "super secret", } request = self.rf.get("/", headers=headers) reporter_filter = SafeExceptionReporterFilter()