The `headers` local in codeplain_REST_api.post_request holds the API key (X-API-Key); the whole variable must be filtered from stack traces.
(transport)
| 144 | |
| 145 | |
| 146 | def test_request_headers_local_is_scrubbed(transport): |
| 147 | """The `headers` local in codeplain_REST_api.post_request holds the API key |
| 148 | (X-API-Key); the whole variable must be filtered from stack traces.""" |
| 149 | init_with_transport(transport) |
| 150 | |
| 151 | # Built at runtime so the secret never appears in the source-context lines |
| 152 | # that Sentry attaches to stack frames. |
| 153 | secret = "".join(["super", "-secret-", "key"]) |
| 154 | |
| 155 | def crash_with_headers_local(): |
| 156 | headers = {"X-API-Key": secret, "Content-Type": "application/json"} # noqa: F841 |
| 157 | raise KeyError("boom") |
| 158 | |
| 159 | try: |
| 160 | crash_with_headers_local() |
| 161 | except KeyError: |
| 162 | exc_info = sys.exc_info() |
| 163 | |
| 164 | assert capture_crash(exc_info, None, make_args()) |
| 165 | sentry_sdk.flush(timeout=2) |
| 166 | |
| 167 | frames = transport.events[0]["exception"]["values"][0]["stacktrace"]["frames"] |
| 168 | crash_frame_vars = frames[-1]["vars"] |
| 169 | assert crash_frame_vars["headers"] == "[Filtered]" |
| 170 | assert secret not in json.dumps(transport.events[0], default=str) |
| 171 | |
| 172 | |
| 173 | def test_nested_sensitive_keys_are_scrubbed(transport): |
nothing calls this directly
no test coverage detected