def parseQueryString(query):
"""Return a dictionary of key value pairs given in the query string"""
qdict = {}
params = query.split('?')
"""Return if nothing or nothing after the '?'"""
if len(params) == 0 or len(params) == 1:
return qdict
if len(params[1]) == 0:
return qdict
if len(params) != 1:
params = params[1].split('&')
for p in params:
pair = p.split('=')
if len(pair) > 1:
pair[1] = urllib.unquote_plus(pair[1])
#qdict[pair[0]] = pair[1]
if pair[0].find(";") > 0:
qdict[pair[0].split(";")[1]] = pair[1]
else:
qdict[pair[0]] = pair[1]
else:
#qdict[pair[0]] = ''
if pair[0].find(";") > 0:
qdict[pair[0].split(";")[1]] = ''
else:
qdict[pair[0]] = ''
## string checking for key, value pair ##
proceed = bool(1)
for key in qdict:
keyok = checkString(key)
if not keyok in [0, 1]:
newkey = keyok
qdict[newkey] = qdict[key]
del qdict[key]
keyok = bool(1)
if keyok:
valok = checkString(qdict[key])
if not valok in [0, 1]:
qdict[key] = valok
valok = bool(1)
if not valok:
qdicttxt = self.cleanParamsUp(qdict[key])
increport = "Invalid parameter value: [%s] for key: [%s]" % (
qdicttxt, self.cleanParamsUp(key))
if key != 'errinfo':
recordIncident(increport, 'monsecurity')
pmstate().navmain += "\n%s" % increport
proceed = bool(0)
else:
if not str(qdict[key]) == '':
pmstate().navmain += "\nWarning: Invalid parameter key: %s" % (
self.cleanParamsUp(key))
proceed = bool(0)
if proceed:
return qdict
else:
return {}
def parseQueryString(query):
"""Return a dictionary of key value pairs given in the query string"""
qdict = {}
params = query.split('?')
"""Return if nothing or nothing after the '?'"""
if len(params) == 0 or len(params) == 1 :
return qdict
if len(params[1]) == 0 :
return qdict
if len(params) != 1:
params = params[1].split('&')
for p in params:
pair = p.split('=')
if len(pair) > 1:
pair[1] = urllib.unquote_plus(pair[1])
#qdict[pair[0]] = pair[1]
if pair[0].find(";")>0:
qdict[pair[0].split(";")[1]] = pair[1]
else:
qdict[pair[0]] = pair[1]
else:
#qdict[pair[0]] = ''
if pair[0].find(";")>0:
qdict[pair[0].split(";")[1]] = ''
else:
qdict[pair[0]] = ''
## string checking for key, value pair ##
proceed = bool(1)
for key in qdict:
keyok = checkString(key)
if not keyok in [0, 1]:
newkey = keyok
qdict[newkey] = qdict[key]
del qdict[key]
keyok = bool(1)
if keyok:
valok = checkString(qdict[key])
if not valok in [0, 1]:
qdict[key] = valok
valok = bool(1)
if not valok:
qdicttxt =self.cleanParamsUp(qdict[key])
increport = "Invalid parameter value: [%s] for key: [%s]" % (qdicttxt, self.cleanParamsUp(key))
if key != 'errinfo':
recordIncident(increport, 'monsecurity')
pmstate().navmain += "\n%s" % increport
proceed = bool(0)
else:
if not str(qdict[key]) == '':
pmstate().navmain += "\nWarning: Invalid parameter key: %s" % (self.cleanParamsUp(key))
proceed = bool(0)
if proceed:
return qdict
else:
return {}
def reportWarning(errstr):
""" Report a warning """
report = "WARNING: %s" % errstr
pmstate().errorReport = report
print report
#_logger.warning(report)
return report
def reportError(errstr):
""" Report an error with traceback """
excInfo = sys.exc_info()
(etype, value, tback) = excInfo
uname = os.uname() # (sysname, nodename, release, version, machine)
(sysname, nodename, release, version, machine) = uname
try:
_logger.error(" %s %s %s " % (errstr, etype, value))
terr = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
report = "ERROR: %s" % errstr
etype, value, tback = sys.exc_info()
if etype:
report += "\nnode: %s: at $s %s: %s" % (nodename, terr, etype,
value)
tblines = traceback.extract_tb(tback)
for l in tblines:
fname = l[0][l[0].rfind('/') + 1:]
report += "\n %s: %s: %s: %s" % (fname, l[1], l[2], l[3])
pmstate().errorReport = report
print report
#_logger.error(report)
except:
raise sys.exc_info()
raise ValueError(report)
return report
def reportWarning(errstr):
""" Report a warning """
report = "WARNING: %s" % errstr
pmstate().errorReport = report
print report
#_logger.warning(report)
return report
def addTimeConstraint(where, desc, tstart, tend, varname='TIME'):
""" Add time constraint to where clause """
if pmstate().jobarchive == 'SimpleDB':
t1 = "'%s'" % toSDBTime(tstart)
t2 = "'%s'" % toSDBTime(tend)
else:
t1 = "to_date('%s','yyyy-mm-dd hh24:mi:ss')" % tstart.strftime(
'%Y-%m-%d %H:%M:%S')
t2 = "to_date('%s','yyyy-mm-dd hh24:mi:ss')" % tend.strftime(
'%Y-%m-%d %H:%M:%S')
result = addToWhereClause(
where, "AND %s >= %s AND %s <= %s" % (varname, t1, varname, t2))
delt = tend - tstart
ndays = delt.days
nsecs = delt.seconds
interval = ''
if ndays > 0: interval = "%s days " % ndays
if nsecs > 0:
nhours = int(nsecs / 3600)
nmins = int((nsecs - nhours * 3600) / 60)
if nhours > 0: interval += "%s hours " % nhours
if nmins > 0: interval += "%s minutes " % nmins
desc += " From %s to %s (%s)" % (tstart.strftime(
'%Y-%m-%d %H:%M:%S'), tend.strftime('%Y-%m-%d %H:%M:%S'), interval)
return result, desc
def buildDashboards(self):
""" Return the list of dashboard links along the top of the monitor """
txt = ''
for m in config.modules:
try:
mh = pmstate().moduleHandle[m]
txt += "%s " % mh.topMenu
except:
pass
return txt
def foot(self,description='',stopwatch = None):
"""HTML page footer"""
if description == '':
version = "Code $Rev: 19982 $"
version = version.replace('$','')
description = version
htmlstr = "<div id='foot' style='font-size: 11px'>"
htmlstr += "<br> Module: %s/%s" % ( pmstate().context, pmstate().module )
htmlstr += "<br> %s" % pmstate().timer
if not stopwatch== None: htmlstr += "<br> Build time: %s" % stopwatch
htmlstr += "<br> Page created %s" % datetime.utcnow().strftime("%m-%d %H:%M:%S")
if description != '': htmlstr += "<br> %s" % description
pandaUsername = pwd.getpwuid(os.getuid())[0]
hostname = socket.gethostbyaddr(socket.gethostname())
if pandaUsername != 'root': htmlstr += "<br> Run by %s @ %s" % \
( pandaUsername, os.environ.get("HOSTNAME") )
if not stopwatch== None:
htmlstr += ". To produce this page our server spent: %s at %s. " % (stopwatch, datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S UTC") )
# if os.environ.has_key('HOSTNAME'): htmlstr += "<br> Host: %s" % os.environ.get("HOSTNAME")
htmlstr += """
<br> <a href='https://savannah.XXXXX.ch/bugs/?func=additem&group=panda'>Report a problem</a>
<a href='mailto:[email protected]'>Email list for help</a>
<br> <a href='mailto:[email protected]'>Webmaster</a></div>
"""
analytics = """
<!-- Google analytics take it out. It slows down the JQuery !!! [[ and you consider that an analytics problem rather than jQuery problem?? - TW ]]
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
var pageTracker = _gat._getTracker("UA-4802332-1");
pageTracker._initData();
pageTracker._trackPageview();
</script>
-->
"""
# htmlstr += analytics
htmlstr += "</body></html>"
return htmlstr
def buildMain(self,title, menuinfo, navtxt, maintxt,mode="html"):
""" Build main page """
print " 203 ---- ", mode
leftbox = None
topbar = None
menu = None
if mode == "html":
sc = pmstate().script
if sc != '': sc = "<br><small>(%s's version)</small>" % sc[2:]
leftbox = " PanDA Monitor %s<br><div style='font-size: 12px; font-weight: normal'>Times are in UTC</div>" % sc
topbar = self.buildDashboards()
menu = self.buildMenu()
return self.buildMainFull(title, menuinfo, navtxt, menu, maintxt,
leftbox=leftbox, topbar=topbar)
else:
return self.buildMainFullJson(title, menuinfo, navtxt, menu, maintxt,
leftbox=leftbox, topbar=topbar)
def addTimeConstraint(where, desc, tstart, tend, varname='TIME'):
""" Add time constraint to where clause """
if pmstate().jobarchive == 'SimpleDB':
t1 = "'%s'" % toSDBTime(tstart)
t2 = "'%s'" % toSDBTime(tend)
else:
t1 = "to_date('%s','yyyy-mm-dd hh24:mi:ss')" % tstart.strftime('%Y-%m-%d %H:%M:%S')
t2 = "to_date('%s','yyyy-mm-dd hh24:mi:ss')" % tend.strftime('%Y-%m-%d %H:%M:%S')
result = addToWhereClause(where, "AND %s >= %s AND %s <= %s" % ( varname, t1, varname, t2 ) )
delt = tend - tstart
ndays = delt.days
nsecs = delt.seconds
interval = ''
if ndays > 0: interval = "%s days " % ndays
if nsecs > 0:
nhours = int(nsecs/3600)
nmins = int((nsecs-nhours*3600)/60)
if nhours > 0: interval += "%s hours " % nhours
if nmins > 0: interval += "%s minutes " % nmins
desc += " From %s to %s (%s)" % ( tstart.strftime('%Y-%m-%d %H:%M:%S'), tend.strftime('%Y-%m-%d %H:%M:%S'), interval )
return result, desc
def buildMenu(self,logged='no'):
""" Build left menu bar of monitor """
txt = ''
style = " style='padding:0;' "
if self._menu!=None:
txt += self._menu.leftMenu()
else: txt+= "<div id='menu' class='ui-widget ui-widget-content ui-cornel-all' style='margin:0px;padding:0px'></div>"
# txt += self.buildClassicMenu()
txt += """
<script>
$(document).ready(function() {
var active = $.cookie('#pandaLeftMenuId');
if ( active == undefined ) { active = 0; }
function bindCookiEvent(event, ui) {
$.cookie('#pandaLeftMenuId',ui.options.active,{ expires: 7, path: '/' });
}
var opt = { header: 'h3'
,"active" : parseInt(active, 10)
, change: bindCookiEvent
//, clearStyle: true
};
$("#pandaLeftMenuId").accordion(opt);
});
</script>
"""
return txt
for m in config.modules:
try:
mh = pmstate().moduleHandle[m]
txt += "<p>%s" % mh.leftMenu()
except:
pass
return txt
def reportError(errstr):
""" Report an error with traceback """
excInfo = sys.exc_info()
(etype, value, tback) = excInfo
uname = os.uname() # (sysname, nodename, release, version, machine)
(sysname, nodename, release, version, machine) = uname
try:
_logger.error(" %s %s %s " % (errstr, etype, value) )
terr = datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
report = "ERROR: %s" % errstr
etype, value, tback = sys.exc_info()
if etype:
report += "\nnode: %s: at $s %s: %s" % ( nodename, terr, etype, value )
tblines = traceback.extract_tb(tback)
for l in tblines:
fname = l[0][l[0].rfind('/')+1:]
report += "\n %s: %s: %s: %s" % ( fname, l[1], l[2], l[3] )
pmstate().errorReport = report
print report
#_logger.error(report)
except:
raise sys.exc_info()
raise ValueError(report)
return report
def checkString(mystring):
""" Alphanumeric checking to weed out hacker chaff """
isAlphaNumeric = True
# explicitly accept harmless value occurring in logging
if mystring == '()': return True
watchList = "HREF IMG XSS SCRIPT BODY URL JAVASCRIPT SCRIPTLET OBJECT EMBED HTML XML META HEAD CONTENT-TYPE STYLE FRAME IFRAME LINK LAYER ALERT ONLOAD BACKGROUND SRC".split()
## checks for uneven quotes ##
tstring = mystring
ismodified = False
quotationCheckList = ['"', "'", '`']
for xq in quotationCheckList:
if tstring and (not tstring.count(xq)%2 == 0):
tstring = tstring.replace(xq,'')
ismodified = True
mystring = tstring
if ismodified: return mystring
## new HTML default checks ##
# Can be passed ints, so cast into str()
tmpstring = urllib.unquote_plus(str(mystring))
for item in watchList:
itemStr1 = r'<+\s*[\/]*\s*'
for xchar in item:
itemStr1 += r'%s\s*' % xchar
itemStr1 += r'=?'
patHtmlWatch1 = re.compile(itemStr1 , re.I)
try:
matchHtml1 = patHtmlWatch1.search(tmpstring)
if not matchHtml1 == None:
isAlphaNumeric = False
return isAlphaNumeric
except:
pass
for item in watchList:
itemStr1 = r'<+\s*[\/]*\s*'
for xchar in item:
itemStr1 += r'%s\s*' % xchar
itemStr1 += r'=?'
patHtmlWatch1 = re.compile(itemStr1 , re.I)
try:
matchHtml1 = patHtmlWatch1.search(mystring)
if not matchHtml1 == None:
isAlphaNumeric = False
return isAlphaNumeric
except:
pass
pat = re.compile('[\w\s\.-]')
patOthers = re.compile('[~|#|$|^|(|)|{|}|;|?]+')
if not pmstate().bypass:
## check for alphanumeric ##
try:
match = pat.match(mystring)
## matches pat (is string) ##
if match != None:
## level 2 matching: check for other special characters ##
matchOthers = patOthers.search(mystring)
## matches patOthers (not string) ##
if matchOthers != None:
isAlphaNumeric = False
return isAlphaNumeric
## not pat (not string) ##
else:
## this section handles url escape chars ##
try:
tmpstring = urllib.unquote_plus(mystring)
matchOthers = patOthers.search(tmpstring)
## matches patOthers (not string) ##
if not matchOthers == None:
isAlphaNumeric = False
return isAlphaNumeric
except:
pass
return isAlphaNumeric
except:
print "\nexception 2"
return isAlphaNumeric
def buildMainFull(self,title='PanDA Monitor', menuinfo=None, nav=None, menu=None,
main=None, topleft=None,leftbox=None,upleft=None,
upright=None,titleleft='',navright=None,topbar=None):
""" Build main page """
"""
Main page layout
-------------------------------------------------------------------------
| 3px | tophome.topleft | topheader. topbar |
-------------------------------------------------------------------------
| 12px | hometop.titleleft | topright.upleft | topright.upright |
-------------------------------------------------------------------------
| 40px | homeup | titleheader.title |
-------------------------------------------------------------------------
| 20px | homedown (menuifo) | nav | nav.navright | nav.navhelp |
-------------------------------------------------------------------------
| | topmenu | main |
| | classic menu | main |
| | menu | main |
-------------------------------------------------------------------------
| foot |
-------------------------------------------------------------------------
"""
# def buildMainFull(title='PanDA Monitor', menuinfo=None, nav=None, menu=None,
# main=None, topleft=None,leftbox=None,upleft=None,
# upright=None,titleleft='',navright=None,topbar=None):
def dflt(a) :
if a==None: a = " "
return a
title = dflt(title)
menuinfo = dflt(menuinfo)
nav = dflt(nav)
menu = dflt(menu)
main = dflt(main)
topleft = dflt(topleft)
leftbox = dflt(leftbox)
upleft = dflt(upleft)
upright = dflt(upright)
titleleft= dflt(titleleft)
navright = dflt(navright)
topbar = dflt(topbar)
htmlstr = ''
upleft += "" # " "
if pmstate().navmain != '': pmstate().navmain = "<br>" + pmstate().navmain
if pmstate().navmain != '': nav += '<br>%s' % pmstate().navmain
if pmstate().navright != '':
navright = pmstate().navright
pmstate().navright = ' '
if pmstate().titleleft != '':
titleleft = pmstate().titleleft
pmstate().titleleft = ''
htmlstr += """
<body marginwidth=0 marginheight=0>
<table border=0 width="100%%" cellspacing=0 cellpadding=5>
<tr height="10px" style="font-family: sans-serif; font-size: 8px;">
<td width="3px" class="topheader"></td>
<td id="tophome" class="menubartop nomargin" nowrap>
<b> <span id='topleft'>%(topleft)s</span> </b>
</td>
<td id="topheader_row" class="topheader nomargin" width="100%%" colspan=2 nowrap>
<table class="nomargin" border="0" >
<tr class="nomargin">
<td class="nomargin" >
<span title="The URL of this page" id="urlIconId" style="cursor:pointer;" class="ui-icon ui-widget-header ui-icon-link nomargin"></span>
<span id="urlID" style="display:none; cursor:pointer;" class="ui-state-highlight ui-corner-all;">
<span id="url_qr_id"></span><span id="url_text_id"></span>
</span>
</td>
<td id="topheader"></td>
<td width="90%%"><span id='topbar'>%(topbar)s</span></td>
<td>
<span id='navright'>%(navright)s</span>
<div align="left" style="float:right; width:550px;" class="ui-widget">
<div id="navhelp" style="display:none" class="ui-state-highlight ui-corner-all">
Help
</div>
</div>
</td>
<td><span id="savejsonID" style="cursor:pointer; display:inline-block; " title="Save the data in json format" class="ui-icon ui-widget-header ui-icon-disk"> </span></td>
<td><span id="navhelpbuttonId" style="cursor:help; display:inline-block;" title="Click to see the help" class="ui-icon ui-widget-header ui-icon-help"> </span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td height="6px" class="headerbar"></td>
<td id="hometop" class="overlap" nowrap><span id='titleleft'>%(titleleft)s</span></td>
<td id="topright" class="headerbar" align="left" width="75%%">
<span id='upleft'>%(upleft)s</span></td>
<td id="topright" class="headerbar" align="right" style="vertical-align:top">
<span id='upright'>%(upright)s</span></td>
</tr>
<tr>
<td height="40px" class="headerbar"></td>
<td id="homeup" class="overlap" nowrap>%(leftbox)s</td>
<td id="titleheader" class="headerbar" colspan=2><span id ='title'>%(title)s</span></td>
</tr>
<tr>
<td height="10px" class="headerbar" rowspan="2"></td>
<td id="homedown" class="overlap" nowrap rowspan="2"> %(menuinfo)s</td>
<td id="nav" class="headerbar" align="left"> %(nav)s</td>
<td id="nav" class="headerbar" align="right" style="vertical-align:bottom">
<div style="display:inline-box;" id='navright'>%(navright)s</div>
</td>
</tr>
<tr>
<td colspan="2" class="bigpandamonbanner">
<br/><br/><br/><br/>
<div class="jedititle"><span class="jedititle">JEDI is the default analysis backend since August 12 2014!</span></div>
<br/><br/>
JEDI tasks/jobs can be monitored on
<a href="http://bigpanda.XXXXX.ch/" target="_blank">http://bigpanda.XXXXX.ch/</a>. <br/>
Submission to JEDI is the default setup using Panda/Ganga tools from CVMFS since August 12, 2014!<br/>
<br/>
JEDI instruction are available on TWiki
<a href="https://twiki.XXXXX.ch/twiki/bin/view/PanDA/PandaJediAnalysis"
target="_blank">PandaJediAnalysis</a>.
<br/><br/><br/><br/>
</td>
</tr>
<tr>
<td></td>
<td id="topmenu" class="ui-widget menubar" style="vertical-align:text-top;padding:1px;">
%(menu)s
</td>
<td id="main" class="mainpage" colspan=2> %(main)s</td>
</tr></table>
""" %{'topleft': topleft, 'topbar': topbar, 'titleleft': titleleft, 'upleft': upleft, 'upright':upright,'leftbox': leftbox,'title':title,'menuinfo': menuinfo,'nav': nav,'navright': navright,'menu':menu,'main': main}
return htmlstr
def getModule(modname): """ Find, load, return the requested module """ return pmstate().getModule(modname)
def head(self,toptxt='Panda monitor and browser'):
""" Build page header """
tmpdatestring = datetime.utcnow().strftime("%a, %d %b %Y %H:%M:%S GMT")
if pmstate().windowTitle != '': toptxt = pmstate().windowTitle
## If the active module has custom header material, include it
try:
mh = pmstate().moduleHandle[pmstate().module]
modheader = mh.header()
except:
modheader = ''
htmlstr ="""<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html><head id='head'><title>%s</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" >
<meta name="robots" content="noindex,nofollow" />
<meta name="description" content="Panda monitor" />
<meta name="date" content="%s">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<link rel=start href="%s" title="Panda monitor home page">
<style type="text/css">
td {font-family: sans-serif; font-size: 12px;}
#tophome #topleft{text-align: center; vertical-align: middle;}
#topheader #topbar{text-align: left; vertical-align: middle;}
#browsertitle{visibility: hidden;}
#homeup{text-align: center; vertical-align: middle; font-family: sans-serif; font-size: 18px; font-weight: bold;}
#hometop{text-align: center; vertical-align: middle; }
#homedown #menuinfo{text-align: center; vertical-align: middle;}
#titleheader{text-align: left; vertical-align: middle; font-family: sans-serif; font-size: 20px; font-weight: bold;}
#nav #navright{vertical-align: middle; font-family: sans-serif;}
#menu{vertical-align: top; font-family: sans-serif;}
#foot{font-size: 12px; font-family: sans-serif;}
.top { font-family: sans-serif; font-size: 12px; }
.headerbar {background: #e3e3e3; font-family: sans-serif;}
.topheader {background: #376797; font-family: sans-serif; font-size: 12px;}
.menubartop {background: #4A7FB4; font-family: sans-serif; font-size: 12px; opacity:0.99; }
.menubar {background: #e3e3e3; font-family: sans-serif; font-size: 12px;}
.overlap {background: #d3d3d3; font-family: sans-serif; font-size: 12px; opacity:0.99; }
.mainpage {text-align: left; vertical-align: top; background: white; font-family: sans-serif; font-size: 12px;}
body.wait *, body.wait {cursor:progress !important; }
.bigpandamonbanner {
border: 5px red solid;
text-align: center;
text-valign: middle;
font-weight:bold;
}
.jedititle{
font-size: large;
color: red;
color: red;
}
</style>
<style media="all" type="text/css">
.alignRight { text-align: right; }
.nomargin {margin: 0px; }
</style>
<!-- Module-specific header insertion -->
%s
%s
</head>
<noscript>
JavaScript must be enabled in order for you to use this browser.
</noscript>
""" % ( toptxt, tmpdatestring, self.server().branchUrl(), modheader,self.scripts() )
# htmlstr += scripts()
return htmlstr
def scripts(self):
""" Javascript used in monitor page """
google =''
if config.google:
google = """
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-%(account)s']);
_gaq.push(['_setDomainName', '%(domain)s']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
""" % { 'account' : config.google['property'], 'domain' : config.google['domain'] }
htmlstr = """
<!--Load the JQUERY/FLOT -->
<link type="text/css" href='%(css)s/%(ui_css)s' rel='stylesheet' />
<link type="text/css" href='%(css)s/%(dt_css)s' rel='stylesheet' />
<link id="favicon" type='image/x-icon' href='%(images)s/favicon.ico' rel='shortcut icon' />
<!--[if IE]><script language="javascript" src="%(script)s/%(excanvas)s"></script><![endif]-->
<script src='%(script)s/%(dateformat)s'></script>
<script src='%(cdn)s/%(jquery)s'></script>
<script src='%(script)s/%(jquery-url)s'></script>
<script src='%(script)s/%(cookie)s'></script>
<script src='%(cdn)s/%(datapicker)s'></script>
<script src='%(script)s/%(flot)s'></script>
<script src='%(script)s/%(crosshair)s'></script>
<script src='%(script)s/%(stack)s'></script>
<script src='%(script)s/%(timers)s'></script>
<script src='%(msn)s/%(datatable)s'></script>
<script src='%(script)s/%(qrcode)s'></script>
<script src='%(script)s/%(uid)s'></script>
<!-- <script src='%(script)s/%(encoder)s'></script> -->
<!--Load the PANDA API-->
<script src='%(script)s/%(pmMonitor)s'> </script>
<script src='%(script)s/%(utils)s'> </script>
<script src='%(script)s/%(views)s'> </script>
<script src='%(script)s/%(plot)s'> </script>
<script src='%(script)s/%(sm)s'> </script>
<script src='%(script)s/%(ajaxrender)s'> </script>
<style>
.ui-widget {
font-size: 9pt;
}
</style>
<script>
// JQuery init
jQuery.fn.log = function (msg) {
console.log("%%s: %%o", msg, this);
return this;
};
document.pandaURL = '%(url)s';
// JQuery init
$(document).ready(function() {
$(this).log('Activate JQuery');
utils();
var pm = new Pm('%(wscript)s');
pm._topElement.ChangeStatus('modified');
});
<!--Load the Google / Analytics-->
%(google)s
</script>
""" % { 'url' : self.server().fileURL()
,'script' : self.server().fileScriptURL()
,'images' : self.server().fileImageURL()
,'cdn' : 'https://ajax.googleapis.com/ajax/libs'
,'msn' : 'http://ajax.aspnetcdn.com/ajax'
,'jqcdn' : 'http://code.jquery.com'
,'utils' : 'PandaMonitorUtils.js'
,'views' : 'PandaMonitorViews.js'
,'plot' : 'pmPlot.js'
,'pmMonitor': 'pmMonitor.js'
,'jquery' : 'jquery/1.7.2/jquery.min.js'
,'jquery-url' : 'jquery/jquery.ba-bbq.min.js'
,'flot' : 'flot/jquery.flot.js'
,'crosshair': 'flot/jquery.flot.crosshair.js'
,'stack' : 'flot/jquery.flot.stack.js'
,'excanvas' : 'jquery/excanvas.min.js'
,'timers' : 'jquery/jquery.timers.js'
,'datapicker': 'jqueryui/1.8.18/jquery-ui.min.js'
,'datatable': 'jquery.dataTables/1.9.1/jquery.dataTables.min.js'
,'css' : self.server().fileScriptCSS()
,'ui_css' : 'ui-lightness/jquery-ui.css'
,'dt_css' : 'demo_table_jui.css'
,'dateformat': 'date.format.js'
,'encoder' : 'jquery/jquery.encoder.js'
,'qrcode' : 'jquery/jquery.qrcode.min.js'
,'uid' : 'jquery/jquery.unique-element-id.js'
,'wscript' : pmstate().script
,'google' : google
,'cookie' : 'jquery/jquery.cookie.js'
,'sm' : '3dparty/state-machine/state-machine.js'
,'ajaxrender': 'core/ajaxrender.js'
}
## If the active module has any custom scripts, add that too.
try:
mh = pmstate().moduleHandle[pmstate().module]
htmlstr += mh.scripts()
except:
pass
return htmlstr
def checkString(mystring):
""" Alphanumeric checking to weed out hacker chaff """
isAlphaNumeric = bool(1)
watchList = "HREF IMG XSS SCRIPT BODY URL JAVASCRIPT SCRIPTLET OBJECT EMBED HTML XML META HEAD CONTENT-TYPE STYLE FRAME IFRAME LINK LAYER ALERT ONLOAD BACKGROUND SRC".split(
)
## checks for uneven quotes ##
tstring = mystring
ismodified = bool(0)
quotationCheckList = ['"', "'", '`']
for xq in quotationCheckList:
if tstring and (not tstring.count(xq) % 2 == 0):
tstring = tstring.replace(xq, '')
ismodified = bool(1)
mystring = tstring
if ismodified == bool(1):
return mystring
## new HTML default checks ##
# Can be passed ints, so cast into str()
tmpstring = urllib.unquote_plus(str(mystring))
for item in watchList:
itemStr1 = r'<+\s*[\/]*\s*'
for xchar in item:
itemStr1 += r'%s\s*' % xchar
itemStr1 += r'=?'
patHtmlWatch1 = re.compile(itemStr1, re.I)
try:
matchHtml1 = patHtmlWatch1.search(tmpstring)
if not matchHtml1 == None:
isAlphaNumeric = bool(0)
return isAlphaNumeric
except:
pass
for item in watchList:
itemStr1 = r'<+\s*[\/]*\s*'
for xchar in item:
itemStr1 += r'%s\s*' % xchar
itemStr1 += r'=?'
patHtmlWatch1 = re.compile(itemStr1, re.I)
try:
matchHtml1 = patHtmlWatch1.search(mystring)
if not matchHtml1 == None:
isAlphaNumeric = bool(0)
return isAlphaNumeric
except:
pass
pat = re.compile('[\w\s\.-]')
patOthers = re.compile('[~|#|$|^|(|)|{|}|;|?]+')
if pmstate().bypass == False:
## check for alphanumeric ##
try:
match = pat.match(mystring)
## matches pat (is string) ##
if match != None:
## level 2 matching: check for other special characters ##
matchOthers = patOthers.search(mystring)
## matches patOthers (not string) ##
if matchOthers != None:
isAlphaNumeric = bool(0)
return isAlphaNumeric
## not pat (not string) ##
else:
## this section handles url escape chars ##
try:
tmpstring = urllib.unquote_plus(mystring)
matchOthers = patOthers.search(tmpstring)
## matches patOthers (not string) ##
if not matchOthers == None:
isAlphaNumeric = bool(0)
return isAlphaNumeric
except:
pass
return isAlphaNumeric
except:
print "\nexception 2"
return isAlphaNumeric
def getModule(modname):
""" Find, load, return the requested module """
return pmstate().getModule(modname)