Django Pre-flight

Merge lp://staging/~bloodearnest/django-preflight/optional-settings into lp://staging/django-preflight

  1. optional-settings
  2. Merge into trunk
Proposed by Simon Davy
Status: Merged
Approved by: Simon Davy
Approved revision: 31
Merged at revision: 28
Proposed branch: lp://staging/~bloodearnest/django-preflight/optional-settings
Merge into: lp://staging/django-preflight
Diff against target: 179 lines (+65/-5)
4 files modified
preflight/conf.py (+1/-0)
preflight/models.py (+28/-5)
preflight/templates/preflight/overview.html (+4/-0)
preflight/tests.py (+32/-0)
To merge this branch: bzr merge lp://staging/~bloodearnest/django-preflight/optional-settings
Reviewer Review Type Date Requested Status
Natalia Bidart (community) Approve
Łukasz Czyżykowski (community) Approve
Ricardo Kirkner (community) Approve
Review via email: mp+169842@code.staging.launchpad.net

Commit message

- Allow disabling setting dump on overview page.
- Default PREFLIGHT_ENABLE_SETTINGS to False, and improve secret cleansing.

Description of the change

Make settings optional via config

To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM

review: Approve
Revision history for this message
Natalia Bidart (nataliabidart) wrote :

Branch looks good, but can we please make the default be False?

Revision history for this message
Natalia Bidart (nataliabidart) wrote :

Expanding a bit on my former comment: having settings enabled by default makes much easier to expose sensitive data through the preflight overview page, because the gather_settings function is not smart about hidding settings inside a dict.

So, if we will leave the "show settings" defaulting to True, I would please request that preflight will copy/reuse the logic in django/views/debug.py:26:

def cleanse_setting(key, value):
    """Cleanse an individual setting key/value of sensitive content.

    If the value is a dictionary, recursively cleanse the keys in
    that dictionary.
    """
    try:
        if HIDDEN_SETTINGS.search(key):
            cleansed = '********************'
        else:
            if isinstance(value, dict):
                cleansed = dict((k, cleanse_setting(k, v)) for k,v in value.items())
            else:
                cleansed = value
    except TypeError:
        # If the key isn't regex-able, just return as-is.
        cleansed = value
    return cleansed

review: Needs Fixing
lp://staging/~bloodearnest/django-preflight/optional-settings updated
29. By Simon Davy

Default PREFLIGHT_ENABLE_SETTINGS to False, and improve secret cleansing

Revision history for this message
Łukasz Czyżykowski (lukasz-czyzykowski) :
review: Approve
Revision history for this message
Natalia Bidart (nataliabidart) wrote :

09:35 < nessita> bloodearnest, branch looks great, I'm approving. Any chance you can add a test where a setting inside a dict is expected to be masked?
09:35 < nessita> such as the database setting
09:39 < bloodearnest> nessita, good idea, will do
09:39 < nessita> bloodearnest, thanks, will leave my vote in there

review: Approve
lp://staging/~bloodearnest/django-preflight/optional-settings updated
30. By Simon Davy

added test for new cleansing code

31. By Simon Davy

minor tweak for django 1.1/1.2 support

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches