From f2aec528686db568c26a3e34d9c657236ab47ad7 Mon Sep 17 00:00:00 2001
From: Dhruv Aggarwal <dhruvaggarwal043@gmail.com>
Date: Tue, 13 Feb 2018 23:07:24 +0530
Subject: [PATCH] Mask Complete dictionary instead of just the leaves (#1198)

* Mask even if value is a dictionary

* Update varmap to mask entire dict based on key

* Add test case for complete dict masking
---
 raven/utils/__init__.py   |  8 ++++----
 tests/processors/tests.py | 27 +++++++++++++++++++++------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/raven/utils/__init__.py b/raven/utils/__init__.py
index c56d376e2..fd8a95384 100644
--- a/raven/utils/__init__.py
+++ b/raven/utils/__init__.py
@@ -43,13 +43,13 @@ def varmap(func, var, context=None, name=None):
     if objid in context:
         return func(name, '<...>')
     context[objid] = 1
-    if isinstance(var, dict):
-        ret = dict((k, varmap(func, v, context, k))
-                   for k, v in iteritems(var))
-    elif isinstance(var, (list, tuple)):
+    if isinstance(var, (list, tuple)):
         ret = [varmap(func, f, context, name) for f in var]
     else:
         ret = func(name, var)
+        if isinstance(ret, dict):
+            ret = dict((k, varmap(func, v, context, k))
+                       for k, v in iteritems(var))
     del context[objid]
     return ret
 
diff --git a/tests/processors/tests.py b/tests/processors/tests.py
index 1daabf242..dca07e44d 100644
--- a/tests/processors/tests.py
+++ b/tests/processors/tests.py
@@ -23,6 +23,7 @@
     'access_token': 'oauth2 access token',
     'custom_key1': 'you should not see this',
     'custom_key2': 'you should not see this',
+    'custom_key3': {'mask': 'This entire dict'}
 }
 
 
@@ -37,6 +38,7 @@ def _will_throw_type_error(foo, **kwargs):
         access_token = "secret stuff!"          # NOQA F841
         custom_key1 = "you shouldn't see this"  # NOQA F841
         custom_key2 = "you shouldn't see this"  # NOQA F841
+        custom_key3 = "you shouldn't see this"  # NOQA F841
 
         # TypeError: unsupported operand type(s) for /: 'str' and 'str'
         raise exception_class()
@@ -84,7 +86,9 @@ def get_extra_data():
 class SanitizeKeysProcessorTest(TestCase):
 
     def setUp(self):
-        client = Mock(sanitize_keys=['custom_key1', 'custom_key2'])
+        client = Mock(
+            sanitize_keys=['custom_key1', 'custom_key2', 'custom_key3']
+        )
         self.proc = SanitizeKeysProcessor(client)
 
     def _check_vars_sanitized(self, vars, MASK):
@@ -95,6 +99,8 @@ def _check_vars_sanitized(self, vars, MASK):
         self.assertEquals(vars['custom_key1'], MASK)
         self.assertTrue('custom_key2' in vars)
         self.assertEquals(vars['custom_key2'], MASK)
+        self.assertTrue('custom_key3' in vars)
+        self.assertEquals(vars['custom_key3'], MASK)
 
     def test_stacktrace(self, *args, **kwargs):
         data = get_stack_trace_data_real()
@@ -131,14 +137,15 @@ def test_extra(self):
 
     def test_querystring_as_string(self):
         data = get_http_data()
-        data['request']['query_string'] = 'foo=bar&custom_key1=nope&custom_key2=nope'
+        data['request']['query_string'] = 'foo=bar&custom_key1=nope&custom_key2=nope&custom_key3=%7B%27key2%27%3A+%27nope%27%2C+%27key1%27%3A+%27nope%27%7D'
         result = self.proc.process(data)
 
         self.assertTrue('request' in result)
         http = result['request']
         self.assertEquals(
             http['query_string'],
-            'foo=bar&custom_key1=%(m)s&custom_key2=%(m)s' % {'m': self.proc.MASK})
+            "foo=bar&custom_key1=%(m)s&custom_key2=%(m)s&custom_key3=%(m)s" % {'m': self.proc.MASK}
+        )
 
     def test_querystring_as_string_with_partials(self):
         data = get_http_data()
@@ -147,11 +154,16 @@ def test_querystring_as_string_with_partials(self):
 
         self.assertTrue('request' in result)
         http = result['request']
-        self.assertEquals(http['query_string'], 'foo=bar&custom_key1&baz=bar' % {'m': self.proc.MASK})
+        self.assertEquals(
+            http['query_string'],
+            'foo=bar&custom_key1&baz=bar' % {'m': self.proc.MASK}
+        )
 
     def test_cookie_as_string(self):
         data = get_http_data()
-        data['request']['cookies'] = 'foo=bar;custom_key1=nope;custom_key2=nope;'
+
+        data['request']['cookies'] = \
+            'foo=bar;custom_key1=nope;custom_key2=nope;'
         result = self.proc.process(data)
 
         self.assertTrue('request' in result)
@@ -167,7 +179,10 @@ def test_cookie_as_string_with_partials(self):
 
         self.assertTrue('request' in result)
         http = result['request']
-        self.assertEquals(http['cookies'], 'foo=bar;custom_key1;baz=bar' % dict(m=self.proc.MASK))
+        self.assertEquals(
+            http['cookies'],
+            'foo=bar;custom_key1;baz=bar' % dict(m=self.proc.MASK)
+        )
 
     def test_cookie_header(self):
         data = get_http_data()