Skip to content

Sanitize sensitive variables in RequestPanel #2105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Mar 20, 2025
Merged

Sanitize sensitive variables in RequestPanel #2105

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c81daef
Working version of sanitization helper
dr-rompecabezas Mar 13, 2025
d155fc4
Sanitize data in RequestPanel
dr-rompecabezas Mar 13, 2025
12ef38f
Add tests for sanitizing sensitive data
dr-rompecabezas Mar 13, 2025
d82fe4b
Add RequestPanel sanitization to changes
dr-rompecabezas Mar 13, 2025
0100833
Refactor sanitize_and_sort_request_vars
dr-rompecabezas Mar 13, 2025
5afe3b3
Replace 'cleanse' with 'sanitize' in changes
dr-rompecabezas Mar 13, 2025
b79487d
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Mar 13, 2025
ca19dc2
Refactor sanitize_and_sort_request_vars function
dr-rompecabezas Mar 17, 2025
18404c4
Merge branch 'main' into sensitive-vars-sanitization
matthiask Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Refactor sanitize_and_sort_request_vars 
- Use helper functions to refactor ugly-looking code
  • Loading branch information
@dr-rompecabezas
dr-rompecabezas committed Mar 13, 2025
commit 0100833bc4bf2501ac0d2ecc64024e904c90d853
48 changes: 34 additions & 14 deletions debug_toolbar/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,27 +228,47 @@ def sanitize_and_sort_request_vars(
return {"raw": variable}

try:
try:
keys = sorted(variable)
except TypeError:
keys = list(variable)

# Get sorted keys if possible, otherwise just list them
keys = _get_sorted_keys(variable)

# Process the variable based on its type
if isinstance(variable, QueryDict):
result = []
for k in keys:
values = variable.getlist(k)
# Return single value if there's only one, otherwise keep as list
value = values[0] if len(values) == 1 else values
result.append((k, safe_filter.cleanse_setting(k, value)))
result = _process_query_dict(variable, keys)
else:
result = [
(k, safe_filter.cleanse_setting(k, variable.get(k))) for k in keys
]
result = _process_dict(variable, keys)

return {"list": result}
except TypeError:
# If any processing fails, return raw variable
return {"raw": variable}


def _get_sorted_keys(variable):
"""Helper function to get sorted keys if possible."""
try:
return sorted(variable)
except TypeError:
return list(variable)


def _process_query_dict(query_dict, keys):
"""Process a QueryDict into a list of (key, sanitized_value) tuples."""
result = []
for k in keys:
values = query_dict.getlist(k)
# Return single value if there's only one, otherwise keep as list
value = values[0] if len(values) == 1 else values
result.append((k, safe_filter.cleanse_setting(k, value)))
return result


def _process_dict(dictionary, keys):
"""Process a dictionary into a list of (key, sanitized_value) tuples."""
return [
(k, safe_filter.cleanse_setting(k, dictionary.get(k))) for k in keys
]


def get_stack(context=1) -> list[stubs.InspectStack]:
"""
Get a list of records for a frame and all higher (calling) frames.
Expand Down