Sanitize SSNs from outgoing Sentry payloads

app.py

import raven

sentry_client = raven.Client(
    ...,
    processors=(
        ...,
        'processors.SanitizeSSNProcessor',
    ),
)

processors.py

import re

from raven.processors import Processor
from raven.utils import varmap, string_types


class SanitizeSSNProcessor(Processor):
    """Mask any value that looks like a social security number."""

    MASK = '*' * 8
    VALUES_RE = re.compile(
        r'^(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$'
    )

    def sanitize(self, key, value):
        if value is None:
            return

        if not isinstance(value, string_types):
            return value

        if self.VALUES_RE.match(value):
            return self.MASK

        # For some reason the keys and values you send with the json kwarg in a
        # requests operation end up in the stacktrace frames wrapped with
        # single quotes so lets remove those before we determine if the value
        # here looks like a social security number.
        if value.startswith("'") and value.endswith("'"):
            if self.VALUES_RE.match(value[1:-1]):
                return "'{}'".format(self.MASK)

        return value

    def filter_stacktrace(self, data):
        for frame in data.get('frames', []):
            if 'vars' not in frame:
                continue
            frame['vars'] = varmap(self.sanitize, frame['vars'])