def test_password_in_batched_json(self):
        mock_request = Mock()
        mock_request.META = {
            DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'
        }
        d = [{
            'x': 'testunmasked',
            'username': '******',
            'password': '******'
        }, {
            'x': 'testunmasked',
            'username': '******',
            'password': '******'
        }]
        mock_request.body = json.dumps(d)
        mock_request.get = mock_request.META.get
        factory = RequestModelFactory(mock_request)
        body, raw_body = factory.body()
        self.assertIn('testunmasked', raw_body)
        self.assertNotIn('test_username', raw_body)
        self.assertNotIn('testpassword', raw_body)
        self.assertNotIn('test_username', body[0])
        self.assertNotIn('testpassword', body[0])
        self.assertNotIn('test_username', body[1])
        self.assertNotIn('testpassword', body[1])

        for data in [json.loads(body), json.loads(raw_body)]:
            for datum in data:
                self.assertEqual(datum['username'],
                                 RequestModelFactory.CLEANSED_SUBSTITUTE)
                self.assertEqual(datum['password'],
                                 RequestModelFactory.CLEANSED_SUBSTITUTE)
                self.assertEqual(datum['x'], 'testunmasked')
Beispiel #2
0
 def test_password_in_batched_json(self):
     mock_request = Mock()
     mock_request.META = {
         DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'
     }
     d = [{
         'x': 'testunmasked',
         'username': '******',
         'password': '******'
     }, {
         'x': 'testunmasked',
         'username': '******',
         'password': '******'
     }]
     mock_request.body = json.dumps(d)
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertIn('testunmasked', raw_body)
     self.assertNotIn('test_username', raw_body)
     self.assertNotIn('testpassword', raw_body)
     self.assertNotIn('test_username', body[0])
     self.assertNotIn('testpassword', body[0])
     self.assertNotIn('test_username', body[1])
     self.assertNotIn('testpassword', body[1])
Beispiel #3
0
 def test_plain(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
     mock_request.body = 'sdfsdf'
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertFalse(body)
     self.assertEqual(raw_body, mock_request.body)
Beispiel #4
0
 def test_plain(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
     mock_request.body = 'sdfsdf'
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertFalse(body)
     self.assertEqual(raw_body, mock_request.body)
Beispiel #5
0
 def test_utf_json_not_encoded(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'}
     d = {'x': u'语'}
     mock_request.body = json.dumps(d)
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertDictEqual(json.loads(body), d)
     self.assertEqual(raw_body, mock_request.body)
Beispiel #6
0
 def test_invalid_encoding_json(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'}
     d = {'x': u'语'}
     mock_request.body = json.dumps(d).encode('UTF-8')
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertDictEqual(json.loads(body, encoding='UTF-8'), d)
     self.assertEqual(raw_body, raw_body)
Beispiel #7
0
 def process_request(self, request):
     if _should_intercept(request):
         DataCollector().configure()
         with silk_meta_profiler():
             request.silk_is_intercepted = True
             self._apply_dynamic_mappings()
             wrap_cursor_execute()
             request_model = RequestModelFactory(request).construct_request_model()
             request_model.save()
             DataCollector().request = request_model
Beispiel #8
0
 def test_invalid_encoding_json(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'}
     d = {'x': u'语'}
     mock_request.body = json.dumps(d).encode('UTF-8')
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertDictEqual(json.loads(body), d)
     self.assertEqual(raw_body, raw_body)
Beispiel #9
0
 def test_utf_json_encoded_no_charset(self):
     """default to UTF-8"""
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json'}
     d = {'x': u'语'}
     mock_request.body = json.dumps(d).encode('UTF-8')
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertDictEqual(json.loads(body), d)
     self.assertEqual(raw_body, mock_request.body.decode('UTF-8'))
    def test_authorization_header(self):
        mock_request = Mock()
        mock_request.META = {'HTTP_AUTHORIZATION': 'secret'}
        mock_request.body = ''
        mock_request.get = mock_request.META.get
        factory = RequestModelFactory(mock_request)
        headers = factory.encoded_headers()
        json_headers = json.loads(headers)

        self.assertIn('AUTHORIZATION', json_headers)
        self.assertEqual(json_headers['AUTHORIZATION'], RequestModelFactory.CLEANSED_SUBSTITUTE)
Beispiel #11
0
 def process_request(self, request):
     if _should_intercept(request):
         DataCollector().configure()
         with silk_meta_profiler():
             request.silk_is_intercepted = True
             self._apply_dynamic_mappings()
             wrap_cursor_execute()
             request_model = RequestModelFactory(
                 request).construct_request_model()
             request_model.save()
             DataCollector().request = request_model
Beispiel #12
0
 def test_utf_json_encoded_no_charset(self):
     """default to UTF-8"""
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json'}
     d = {'x': u'语'}
     mock_request.body = json.dumps(d).encode('UTF-8')
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertDictEqual(json.loads(body), d)
     self.assertEqual(raw_body, mock_request.body.decode('UTF-8'))
 def test_password_in_body(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
     mock_request.body = 'username=test_username&unmasked=testunmasked&password=testpassword'
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertIn('testunmasked', raw_body)
     self.assertNotIn('test_username', raw_body)
     self.assertNotIn('testpassword', raw_body)
     self.assertNotIn('test_username', body)
     self.assertNotIn('testpassword', body)
 def test_password_in_body(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
     mock_request.body = 'username=test_username&unmasked=testunmasked&password=testpassword'
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertIn('testunmasked', raw_body)
     self.assertNotIn('test_username', raw_body)
     self.assertNotIn('testpassword', raw_body)
     self.assertNotIn('test_username', body)
     self.assertNotIn('testpassword', body)
 def test_password_in_json(self):
     mock_request = Mock()
     mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'}
     d = {'x': 'testunmasked', 'username': '******', 'password': '******'}
     mock_request.body = json.dumps(d)
     mock_request.get = mock_request.META.get
     factory = RequestModelFactory(mock_request)
     body, raw_body = factory.body()
     self.assertIn('testunmasked', raw_body)
     self.assertNotIn('test_username', raw_body)
     self.assertNotIn('testpassword', raw_body)
     self.assertNotIn('test_username', body)
     self.assertNotIn('testpassword', body)
Beispiel #16
0
 def test_no_max_request(self):
     SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1
     mock_request = Mock()
     mock_request.META = {'CONTENT_TYPE': 'text/plain'}
     mock_request.GET = {}
     mock_request.body = 'a'.encode('ascii') * 1000  # 1000 bytes?
     request_model = RequestModelFactory(
         mock_request).construct_request_model()
     self.assertTrue(request_model.raw_body)
Beispiel #17
0
 def test_no_long_url(self):
     url = '1234567890' * 19  # 190-character URL
     mock_request = Mock()
     mock_request.META = {'CONTENT_TYPE': 'text/plain'}
     mock_request.GET = {}
     mock_request.path = url
     mock_request.method = 'get'
     request_model = RequestModelFactory(
         mock_request).construct_request_model()
     self.assertEqual(request_model.path, url)
Beispiel #18
0
 def test_max_request(self):
     SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = 10  # 10kb
     mock_request = Mock()
     mock_request.META = {'CONTENT_TYPE': 'text/plain'}
     mock_request.GET = {}
     mock_request.method = 'get'
     mock_request.body = 'a'.encode('ascii') * 1024 * 100  # 100kb
     mock_request.path = reverse('silk:requests')
     request_model = RequestModelFactory(mock_request).construct_request_model()
     self.assertFalse(request_model.raw_body)
Beispiel #19
0
 def process_request(self, request):
     request_model = None
     if _should_intercept(request):
         self._apply_dynamic_mappings()
         if not hasattr(SQLCompiler, '_execute_sql'):
             SQLCompiler._execute_sql = SQLCompiler.execute_sql
             SQLCompiler.execute_sql = execute_sql
         request_model = RequestModelFactory(
             request).construct_request_model()
     DataCollector().configure(request_model)
 def test_no_max_request(self):
     SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1
     mock_request = Mock()
     mock_request.META = {'CONTENT_TYPE': 'text/plain'}
     mock_request.GET = {}
     mock_request.path = reverse('silk:requests')
     mock_request.method = 'get'
     mock_request.body = b'a' * 1000  # 1000 bytes?
     request_model = RequestModelFactory(
         mock_request).construct_request_model()
     self.assertTrue(request_model.raw_body)
 def test_long_url(self):
     url = '1234567890' * 200  # 2000-character URL
     mock_request = Mock()
     mock_request.META = {'CONTENT_TYPE': 'text/plain'}
     mock_request.GET = {}
     mock_request.method = 'get'
     mock_request.path = url
     request_model = RequestModelFactory(
         mock_request).construct_request_model()
     self.assertEqual(request_model.path, f'{url[:94]}...{url[1907:]}')
     self.assertEqual(len(request_model.path), 190)
Beispiel #22
0
    def process_request(self, request):
        DataCollector().clear()

        if not _should_intercept(request):
            return

        Logger.debug('process_request')
        request.silk_is_intercepted = True
        self._apply_dynamic_mappings()
        if not hasattr(SQLCompiler, '_execute_sql'):
            SQLCompiler._execute_sql = SQLCompiler.execute_sql
            SQLCompiler.execute_sql = execute_sql
        request_model = RequestModelFactory(request).construct_request_model()
        DataCollector().configure(request_model)
Beispiel #23
0
    def process_request(self, request):
        DataCollector().clear()

        if not _should_intercept(request):
            return

        Logger.debug('process_request')
        request.silk_is_intercepted = True
        self._apply_dynamic_mappings()
        if not hasattr(SQLCompiler, '_execute_sql'):
            SQLCompiler._execute_sql = SQLCompiler.execute_sql
            SQLCompiler.execute_sql = execute_sql

        silky_config = SilkyConfig()

        should_profile = silky_config.SILKY_PYTHON_PROFILER
        if silky_config.SILKY_PYTHON_PROFILER_FUNC:
            should_profile = silky_config.SILKY_PYTHON_PROFILER_FUNC(request)

        request_model = RequestModelFactory(request).construct_request_model()
        DataCollector().configure(request_model, should_profile=should_profile)
 def _mask(self, value):
     return RequestModelFactory(None)._mask_credentials(json.dumps(value))