From 3bd2faca354850b326c4137b1e274ff55e840719 Mon Sep 17 00:00:00 2001
From: Hong Quach <hong.t.quach@gmail.com>
Date: Mon, 3 Nov 2014 17:51:17 -0800
Subject: [PATCH 1/2] Improve the Processor base class and
 SanitizePasswordsProcessor class

Improve Processor to also check for stacktrace at the 'data' level.  A stacktrace can exist in the data
even without an 'exception' key.
Also added 'pw' and 'cred' to the list of FIELDS to screen for in SanitizePasswordProcessor.  These
two fields being used in the standard python LDAP module
---
 raven/processors.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/raven/processors.py b/raven/processors.py
index b097bc1a8..d200bcea7 100644
--- a/raven/processors.py
+++ b/raven/processors.py
@@ -25,6 +25,9 @@ def process(self, data, **kwargs):
         if resp:
             data = resp
 
+        if 'stacktrace' in data:
+            self.filter_stacktrace(data['stacktrace'])
+
         if 'exception' in data:
             if 'values' in data['exception']:
                 for value in data['exception'].get('values', []):
@@ -67,7 +70,8 @@ class SanitizePasswordsProcessor(Processor):
     """
     MASK = '*' * 8
     FIELDS = frozenset([
-        'password', 'secret', 'passwd', 'authorization', 'api_key', 'apikey'
+        'password', 'secret', 'passwd', 'authorization', 'api_key', 'apikey',
+        'pw', 'cred'
     ])
     VALUES_RE = re.compile(r'^(?:\d[ -]*?){13,16}$')
 

From 3565e23992ef70f1bb6ff601264e9adb334b07e9 Mon Sep 17 00:00:00 2001
From: Hong Quach <hong.t.quach@gmail.com>
Date: Fri, 12 Dec 2014 17:19:48 -0800
Subject: [PATCH 2/2] Updated processor test to check for sanitized of the
 added fields: 'pw' and 'cred'

---
 tests/processors/tests.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tests/processors/tests.py b/tests/processors/tests.py
index 041aa7216..d6f395f71 100644
--- a/tests/processors/tests.py
+++ b/tests/processors/tests.py
@@ -15,6 +15,8 @@
     'a_password_here': 'hello',
     'api_key': 'secret_key',
     'apiKey': 'secret_key',
+    'pw': 'hello',
+    'cred': 'hello',
 }
 
 
@@ -25,6 +27,8 @@ def _will_throw_type_error(foo, **kwargs):
         a_password_here = "Don't look at me!"   # NOQA F841
         api_key = "I'm hideous!"                # NOQA F841
         apiKey = "4567000012345678"             # NOQA F841
+        pw = "this is my pw"                    # NOQA F841
+        cred = "my credential"                  # NOQA F841
 
         # TypeError: unsupported operand type(s) for /: 'str' and 'str'
         raise exception_class()
@@ -83,6 +87,10 @@ def _check_vars_sanitized(self, vars, proc):
         self.assertEquals(vars['api_key'], proc.MASK)
         self.assertTrue('apiKey' in vars)
         self.assertEquals(vars['apiKey'], proc.MASK)
+        self.assertTrue('pw' in vars)
+        self.assertEquals(vars['pw'], proc.MASK)
+        self.assertTrue('cred' in vars)
+        self.assertEquals(vars['cred'], proc.MASK)
 
     def test_stacktrace(self, *args, **kwargs):
         """