Merge pull request 'Custom exception reporter' (#369) from custom_exception_reporter into master

Reviewed-on: SGD-Nord/konova#369
2023-12-11 11:22:12 +01:00 · 2023-12-11 11:22:12 +01:00 · 0a6918942a
commit 0a6918942a
parent 75ab281799 15029cb93f
3 changed files with 71 additions and 0 deletions
--- a/konova/settings.py
+++ b/konova/settings.py
@ -19,6 +19,7 @@ from konova.sub_settings.sso_settings import *
 from konova.sub_settings.table_settings import *
 from konova.sub_settings.lanis_settings import *
 from konova.sub_settings.wfs_parcel_settings import *
+from konova.sub_settings.logging_settings import *

 # Max upload size for POST forms
 DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880
--- a/konova/sub_settings/logging_settings.py
+++ b/konova/sub_settings/logging_settings.py
@ -0,0 +1,8 @@
+"""
+Author: Michel Peltriaux
+Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
+Contact: ksp-servicestelle@sgdnord.rlp.de
+Created on: 11.12.23
+
+"""
+DEFAULT_EXCEPTION_REPORTER = "konova.utils.exception_reporter.KonovaExceptionReporter"
--- a/konova/utils/exception_reporter.py
+++ b/konova/utils/exception_reporter.py
@ -0,0 +1,62 @@
+"""
+Author: Michel Peltriaux
+Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
+Contact: ksp-servicestelle@sgdnord.rlp.de
+Created on: 11.12.23
+
+"""
+from django.views.debug import ExceptionReporter
+
+
+class KonovaExceptionReporter(ExceptionReporter):
+    """ Custom exception reporter class
+
+    Adapts the base functionality of ExceptionReporter but adds whitelist filtering to prevent sensitive data
+    to be exploitable via mail delivery.
+
+    References:
+    https://docs.djangoproject.com/en/4.2/ref/logging/#handlers
+
+    """
+
+    def _filter_traceback_data(self, tb_data: dict):
+        """ Filters given traceback data according to whitelist
+
+        Args:
+            tb_data (dict): Aggregates traceback data
+
+        Returns:
+            clean_data (dict): Whitelist based filtered traceback data
+        """
+        whitelist = [
+            "is_email",
+            "unicdoe_hint",
+            "frames",
+            "request",
+            "user_str",
+            "sys_executable",
+            "sys_version_info",
+            "raising_view_name",
+            "exception_type",
+            "exception_value",
+        ]
+        clean_data = dict()
+        for entry in whitelist:
+            try:
+                clean_data[entry] = tb_data[entry]
+            except KeyError:
+                continue
+        return clean_data
+
+    def get_traceback_data(self):
+        """ Custom traceback data aggregation
+
+        Returns:
+            tb_data (dict): The traceback data
+        """
+        tb_data = super().get_traceback_data()
+
+        if self.is_email:
+            tb_data = self._filter_traceback_data(tb_data)
+
+        return tb_data