From d94767a05a085e2a5408f1c1471a326b16af4019 Mon Sep 17 00:00:00 2001
From: mpeltriaux <michel.peltriaux@sgdnord.rlp.de>
Date: Mon, 11 Dec 2023 09:40:17 +0100
Subject: [PATCH] Custom exception reporter

* adds custom exception_reporter.py
---
 konova/settings.py                      |  1 +
 konova/sub_settings/logging_settings.py |  8 ++++
 konova/utils/exception_reporter.py      | 62 +++++++++++++++++++++++++
 3 files changed, 71 insertions(+)
 create mode 100644 konova/sub_settings/logging_settings.py
 create mode 100644 konova/utils/exception_reporter.py

diff --git a/konova/settings.py b/konova/settings.py
index 5a5da1c..e1c2fb4 100644
--- a/konova/settings.py
+++ b/konova/settings.py
@@ -19,6 +19,7 @@ from konova.sub_settings.sso_settings import *
 from konova.sub_settings.table_settings import *
 from konova.sub_settings.lanis_settings import *
 from konova.sub_settings.wfs_parcel_settings import *
+from konova.sub_settings.logging_settings import *
 
 # Max upload size for POST forms
 DATA_UPLOAD_MAX_MEMORY_SIZE = 5242880
diff --git a/konova/sub_settings/logging_settings.py b/konova/sub_settings/logging_settings.py
new file mode 100644
index 0000000..28993ab
--- /dev/null
+++ b/konova/sub_settings/logging_settings.py
@@ -0,0 +1,8 @@
+"""
+Author: Michel Peltriaux
+Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
+Contact: ksp-servicestelle@sgdnord.rlp.de
+Created on: 11.12.23
+
+"""
+DEFAULT_EXCEPTION_REPORTER = "konova.utils.exception_reporter.KonovaExceptionReporter"
diff --git a/konova/utils/exception_reporter.py b/konova/utils/exception_reporter.py
new file mode 100644
index 0000000..46d26e4
--- /dev/null
+++ b/konova/utils/exception_reporter.py
@@ -0,0 +1,62 @@
+"""
+Author: Michel Peltriaux
+Organization: Struktur- und Genehmigungsdirektion Nord, Rhineland-Palatinate, Germany
+Contact: ksp-servicestelle@sgdnord.rlp.de
+Created on: 11.12.23
+
+"""
+from django.views.debug import ExceptionReporter
+
+
+class KonovaExceptionReporter(ExceptionReporter):
+    """ Custom exception reporter class
+
+    Adapts the base functionality of ExceptionReporter but adds whitelist filtering to prevent sensitive data
+    to be exploitable via mail delivery.
+
+    References:
+    https://docs.djangoproject.com/en/4.2/ref/logging/#handlers
+
+    """
+
+    def _filter_traceback_data(self, tb_data: dict):
+        """ Filters given traceback data according to whitelist
+
+        Args:
+            tb_data (dict): Aggregates traceback data
+
+        Returns:
+            clean_data (dict): Whitelist based filtered traceback data
+        """
+        whitelist = [
+            "is_email",
+            "unicdoe_hint",
+            "frames",
+            "request",
+            "user_str",
+            "sys_executable",
+            "sys_version_info",
+            "raising_view_name",
+            "exception_type",
+            "exception_value",
+        ]
+        clean_data = dict()
+        for entry in whitelist:
+            try:
+                clean_data[entry] = tb_data[entry]
+            except KeyError:
+                continue
+        return clean_data
+
+    def get_traceback_data(self):
+        """ Custom traceback data aggregation
+
+        Returns:
+            tb_data (dict): The traceback data
+        """
+        tb_data = super().get_traceback_data()
+
+        if self.is_email:
+            tb_data = self._filter_traceback_data(tb_data)
+
+        return tb_data