[1.5.x] Fixed #19453 -- Ensured that the decorated function's arguments are obfuscated in the @sensitive_variables decorator's frame, in case the variables associated with those arguments were meant to be obfuscated from the decorated function's frame.

Thanks to vzima for the report. Backport of 9180146d21
2025-10-29 00:26:07 +00:00 · 2012-12-31 09:34:08 -08:00
parent fd1279a44d
commit dfd8623de4
5 changed files with 137 additions and 28 deletions
--- a/tests/regressiontests/views/views.py
+++ b/tests/regressiontests/views/views.py
@@ -132,6 +132,7 @@ def send_log(request, exc_info):
        ][0]
    orig_filters = admin_email_handler.filters
    admin_email_handler.filters = []
+    admin_email_handler.include_html = True
    logger.error('Internal Server Error: %s', request.path,
        exc_info=exc_info,
        extra={
@@ -184,6 +185,38 @@ def paranoid_view(request):
        send_log(request, exc_info)
        return technical_500_response(request, *exc_info)

+def sensitive_args_function_caller(request):
+    try:
+        sensitive_args_function(''.join(['w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 's', 'h', 'i', 'r', 'e']))
+    except Exception:
+        exc_info = sys.exc_info()
+        send_log(request, exc_info)
+        return technical_500_response(request, *exc_info)
+
+@sensitive_variables('sauce')
+def sensitive_args_function(sauce):
+    # Do not just use plain strings for the variables' values in the code
+    # so that the tests don't return false positives when the function's source
+    # is displayed in the exception report.
+    cooked_eggs = ''.join(['s', 'c', 'r', 'a', 'm', 'b', 'l', 'e', 'd'])
+    raise Exception
+
+def sensitive_kwargs_function_caller(request):
+    try:
+        sensitive_kwargs_function(''.join(['w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 's', 'h', 'i', 'r', 'e']))
+    except Exception:
+        exc_info = sys.exc_info()
+        send_log(request, exc_info)
+        return technical_500_response(request, *exc_info)
+
+@sensitive_variables('sauce')
+def sensitive_kwargs_function(sauce=None):
+    # Do not just use plain strings for the variables' values in the code
+    # so that the tests don't return false positives when the function's source
+    # is displayed in the exception report.
+    cooked_eggs = ''.join(['s', 'c', 'r', 'a', 'm', 'b', 'l', 'e', 'd'])
+    raise Exception
+
 class UnsafeExceptionReporterFilter(SafeExceptionReporterFilter):
    """
    Ignores all the filtering done by its parent class.