Skip to main content

strip local variables in tracebacks

Project description

sensitive_variables - strip local variables in tracebacks

Build Status PyPi page link -- version

sensitive_variables is a decorator you can apply to your functions to prevent certain local variables from being read by debugging tools, such as the Django crash reporter or Sentry.

Unlike Django's sensitive_variables it is independent of the web framework you use and also does not rely on debugging tools to know about the decorator for things to work.

from sentry_sdk import init

from sensitive_variables import sensitive_variables

init()

@sensitive_variables('password')
def login_user(username, password):
    print("Logging in " + username + " with " + password)

# TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
login_user(None, "secret123")

results in:

Picture of Sentry's traceback view where each frame contains local variables. The password variable contains a placeholder instead of the actual value.

How does it work?

When the decorated function throws an exception, sensitive_variables walks through the traceback, removes sensitive data from frame.f_locals and reraises the exception.

This is usually not problematic because a function that just threw an exception is unlikely to still use its local variables.

Why would I use this over Django's decorator?

Django has a decorator also called sensitive_variables, which this package is inspired by. It adds an attribute to the function that contains the variable names.

Debugging tools have to know about this attribute and respect it. For anything outside of the Django world, this is unlikely to be the case.

This decorator will always work because it actually modifies your locals.

Why would I use this over Sentry's datascrubbing options?

  • This decorator does not couple your configuration for what is sensitive data to a specific crash reporting tool.

  • Behavior of the decorator is easily unit-testable (see tests/ folder).

Why would I not use this?

This decorator inherently requires custom code for each Python implementation. Currently this is only tested against CPython 2.7, CPython 3.7 and PyPy 2.7.

License

Licensed under the MIT, see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sensitive-variables, version 0.1.2
Filename, size File type Python version Upload date Hashes
Filename, size sensitive_variables-0.1.2-py3-none-any.whl (4.5 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size sensitive-variables-0.1.2.tar.gz (4.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page