Opened 4 years ago

Closed 4 years ago

#31942 closed Cleanup/optimization (fixed)

SafeExceptionReporterFilter does not recurse into dictionaries with non-string keys

Reported by: Jeremy Lainé Owned by: Jeremy Lainé
Component: Error reporting Version: 3.1
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

SafeExceptionReporterFilter has provisions for recursively cleaning settings by descending into lists / tuples / dictionaries - which is great! However, recursing on dictionaries only works if the keys of the dictionary are strings.

For instance it will fail to sanitize the following example:

SOME_SETTING = {1: {'login': 'cooper', 'password': 'secret'}}

The reason for this is that cleanse_setting starts by trying to apply a the hidden_settings regex to the key before attempting to recurse into the value:

https://github.com/django/django/blob/0b0658111cba538b91072b9a133fd5545f3f46d1/django/views/debug.py#L94

Change History (5)

comment:1 by Jeremy Lainé, 4 years ago

Has patch: set
Owner: set to Jeremy Lainé
Status: newassigned

comment:2 by Mariusz Felisiak, 4 years ago

Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization
Version 0, edited 4 years ago by Mariusz Felisiak (next)

comment:3 by Mariusz Felisiak, 4 years ago

Patch needs improvement: set

comment:4 by Mariusz Felisiak, 4 years ago

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 4 years ago

Resolution: fixed
Status: assignedclosed

In 9c92924c:

Fixed #31942 -- Made settings cleansing work with dictionary settings with non-string keys.

Note: See TracTickets for help on using tickets.
Back to Top