From a72f84f17d0593460998b1e77fd9efdfe54862ca Mon Sep 17 00:00:00 2001 From: Manu Date: Thu, 22 Nov 2018 00:36:35 +0800 Subject: [PATCH] Add client-side scrubbing of passwords. Fixes #34 --- README.md | 2 +- src/vorta/__main__.py | 7 ++----- src/vorta/borg/borg_thread.py | 2 ++ src/vorta/sentry.py | 29 +++++++++++++++++++++++++++++ 4 files changed, 34 insertions(+), 6 deletions(-) create mode 100644 src/vorta/sentry.py diff --git a/README.md b/README.md index a7be06ac..48cd492d 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ $ pytest ## Privacy Policy - No personal data is ever stored or transmitted by this application. -- During beta, crash reports are sent to [Sentry](https://sentry.io) to quickly find bugs. You can disable this by setting the env variable `NO_SENTRY=1`. Your repo password will be scrubbed before the test report is transmitted, as detailed [here](https://docs.sentry.io/data-management/sensitive-data/#server-side-scrubbing) +- During beta, crash reports are sent to [Sentry](https://sentry.io) to quickly find bugs. You can disable this by setting the env variable `NO_SENTRY=1`. Your repo password will be scrubbed *before* the test report is transmitted. ## Author (C) 2018 Manuel Riel for [BorgBase.com](https://www.borgbase.com) diff --git a/src/vorta/__main__.py b/src/vorta/__main__.py index 3d5466d2..ec037d4c 100644 --- a/src/vorta/__main__.py +++ b/src/vorta/__main__.py @@ -6,15 +6,12 @@ import vorta.models from vorta.application import VortaApp from vorta.config import SETTINGS_DIR import vorta.updater -from vorta._version import __version__ def main(): - # Send crashes to Sentry + # Send crashes to Sentry. if not os.environ.get('NO_SENTRY', False): - import sentry_sdk - sentry_sdk.init("https://a4a23df3e44743d5b5c5f06417a9a809@sentry.io/1311799", - release=__version__) + import vorta.sentry # Init database sqlite_db = peewee.SqliteDatabase(os.path.join(SETTINGS_DIR, 'settings.db')) diff --git a/src/vorta/borg/borg_thread.py b/src/vorta/borg/borg_thread.py index b1e38e00..608f4bdb 100644 --- a/src/vorta/borg/borg_thread.py +++ b/src/vorta/borg/borg_thread.py @@ -47,6 +47,8 @@ class BorgThread(QtCore.QThread, BackupProfileMixin): if params.get('ssh_key') and params['ssh_key'] is not None: env['BORG_RSH'] += f' -i ~/.ssh/{params["ssh_key"]}' + raise Exception + self.env = env self.cmd = cmd self.params = params diff --git a/src/vorta/sentry.py b/src/vorta/sentry.py new file mode 100644 index 00000000..63947f22 --- /dev/null +++ b/src/vorta/sentry.py @@ -0,0 +1,29 @@ +import sentry_sdk +from vorta._version import __version__ + + +def scrub_sensitive_data(event, hint): + """Adapted from https://stackoverflow.com/questions/9807634/ + find-all-occurrences-of-a-key-in-nested-python-dictionaries-and-lists/29652561""" + def gen_dict_extract(key, var): + if hasattr(var, 'items'): + for k, v in var.items(): + if k == key: + var[k] = 'FILTERED' + yield v + if isinstance(v, dict): + for result in gen_dict_extract(key, v): + yield result + elif isinstance(v, list): + for d in v: + for result in gen_dict_extract(key, d): + yield result + + list(gen_dict_extract('BORG_PASSPHRASE', event)) + list(gen_dict_extract('password', event)) + return event + + +sentry_sdk.init("https://a4a23df3e44743d5b5c5f06417a9a809@sentry.io/1311799", + release=__version__, + before_send=scrub_sensitive_data)