From db91ca82189417b42b342ad7fbca1d684810af69 Mon Sep 17 00:00:00 2001
From: Tobias Bengfort <bengfort@mpib-berlin.mpg.de>
Date: Tue, 18 Jan 2022 18:29:04 +0100
Subject: [PATCH] restrict ExceptionReporter

---
 castellum/settings/default/base.py |  2 ++
 castellum/utils/debug.py           | 37 ++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 castellum/utils/debug.py

diff --git a/castellum/settings/default/base.py b/castellum/settings/default/base.py
index d1ee8557d..c174fccc9 100644
--- a/castellum/settings/default/base.py
+++ b/castellum/settings/default/base.py
@@ -113,6 +113,8 @@ LOGIN_REDIRECT_URL = '/'
 LOGOUT_REDIRECT_URL = '/'
 LOGIN_URL = '/login/'
 
+DEFAULT_EXCEPTION_REPORTER = 'castellum.utils.debug.ExceptionReporter'
+
 # Internationalization
 USE_I18N = True
 USE_L10N = True
diff --git a/castellum/utils/debug.py b/castellum/utils/debug.py
new file mode 100644
index 000000000..c6935a451
--- /dev/null
+++ b/castellum/utils/debug.py
@@ -0,0 +1,37 @@
+# (c) 2018-2022 MPIB <https://www.mpib-berlin.mpg.de/>,
+#     2018-2019 MPI-CBS <https://www.cbs.mpg.de/>,
+#     2018-2019 MPIP <http://www.psych.mpg.de/>
+#
+# This file is part of Castellum.
+#
+# Castellum is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# Castellum is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public
+# License along with Castellum. If not, see
+# <http://www.gnu.org/licenses/>.
+
+from django.views import debug
+
+ALLOWED_KEYS = [
+    'is_email',
+    'unicode_hint',
+    'frames',
+    'request',
+    'exception_type',
+    'exception_value',
+    'lastframe',
+]
+
+
+class ExceptionReporter(debug.ExceptionReporter):
+    def get_traceback_data(self):
+        data = super().get_traceback_data()
+        return {key: data[key] for key in ALLOWED_KEYS if key in data}
-- 
GitLab