def handle_slow_request(self, environ, dt):
headers = dict(get_headers(environ))
if 'Authorization' in headers:
headers['Authorization'] = 'redacted'
if 'Cookie' in headers:
headers['Cookie'] = 'redacted'
cak = environ.get('controller_action_key', None) or environ.get('PATH_INFO', "NOPATH").strip('/').replace('/', '.')
event_id = self.client.captureMessage(
"SLOREQ: %s" % cak,
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
'headers': headers,
'env': dict(get_environ(environ)),
}
},
extra={
'request_id': environ.get('request_id', 'Unknown'),
'request_duration_millis': dt * 1000
},
level="warning",
tags={
'type': 'sloreq',
'action_key': cak
}
)
# Galaxy: store event_id in environment so we can show it to the user
environ['sentry_event_id'] = event_id
return event_id
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
data = {
'sentry.interfaces.Http': {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
try:
user_data = get_user_info(request)
except Exception as e:
logger.exception(e)
else:
if user_data:
data['sentry.interfaces.User'] = user_data
return data
def __call__(self, request, response, obj, error_info,
short_message, full_traceback, extra):
raven_data = {
'message': "".join(short_message),
'sentry.interfaces.Http': {
'url': request.get('URL', 'n/a'),
'method': request.environ.get('REQUEST_METHOD', 'n/a'),
'query_string': request.environ.get('QUERY_STRING', 'n/a'),
'headers': dict(wsgi_utils.get_headers(request.environ)),
'env': dict(wsgi_utils.get_environ(request.environ))
}}
raven_extra = {
'User': request.get('AUTHENTICATED_USER', 'n/a') or 'n/a'}
if obj is not None:
raven_extra.update({
'Object Class': object_name(obj),
'Object Name': object_path(obj),
})
if extra is not None:
raven_extra.update({
'Extra Information': extra
})
self.client.captureException(
exc_info=error_info, data=raven_data, extra=raven_extra)
def get_data_from_request(self, request):
if request.method == 'POST':
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = '<unavailable>'
else:
data = dict(request.REQUEST.items())
environ = request.META
result = {
'sentry.interfaces.Http': {
'method': request.method,
'url': request.build_absolute_uri(),
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
}
if hasattr(request, 'user'):
result['sentry.interfaces.User'] = self.get_user_info(request)
return result
def get_data_from_request(self, request):
from django.contrib.auth.models import User, AnonymousUser
if request.method != "GET":
if hasattr(request, "body"):
data = request.body
else:
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = "<unavailable>"
else:
data = None
environ = request.META
result = {
"sentry.interfaces.Http": {
"method": request.method,
"url": request.build_absolute_uri(),
"query_string": request.META.get("QUERY_STRING"),
"data": data,
"cookies": dict(request.COOKIES),
"headers": dict(get_headers(environ)),
"env": dict(get_environ(environ)),
}
}
if hasattr(request, "user") and isinstance(request.user, (User, AnonymousUser)):
result["sentry.interfaces.User"] = self.get_user_info(request)
return result
def get_data_from_request(self, request):
from django.contrib.auth.models import User, AnonymousUser
if request.method != 'GET':
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = '<unavailable>'
else:
data = None
environ = request.META
result = {
'sentry.interfaces.Http': {
'method': request.method,
'url': request.build_absolute_uri(),
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
}
if hasattr(request, 'user') and isinstance(request.user, (User, AnonymousUser)):
result['sentry.interfaces.User'] = self.get_user_info(request)
return result
def get_data_from_request(self, request):
try:
from django.contrib.auth.models import AbstractBaseUser as BaseUser
except ImportError:
from django.contrib.auth.models import User as BaseUser # NOQA
except RuntimeError:
# If the contenttype / user applications are not installed trying to
# import the user models will fail for django >= 1.9.
BaseUser = None
result = {}
if BaseUser and hasattr(request, 'user') and isinstance(request.user, BaseUser):
result['user'] = self.get_user_info(request.user)
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
if request.method not in ('GET', 'HEAD'):
try:
data = request.body
except Exception:
try:
data = request.raw_post_data
except Exception:
# assume we had a partial read.
try:
data = request.POST or '<unavailable>'
except Exception:
data = '<unavailable>'
else:
data = None
environ = request.META
result.update({
'request': {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
})
return result
def get_data_from_request(self, request):
result = {}
user = getattr(request, 'user', None)
if user is not None:
user_info = self.get_user_info(user)
if user_info:
result['user'] = user_info
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
if request.method not in ('GET', 'HEAD'):
try:
data = request.body
except Exception:
try:
data = request.raw_post_data
except Exception:
# assume we had a partial read.
try:
data = request.POST or '<unavailable>'
except Exception:
data = '<unavailable>'
else:
if isinstance(data, MultiValueDict):
data = dict(
(k, v[0] if len(v) == 1 else v)
for k, v in iterlists(data))
else:
data = None
environ = request.META
result.update({
'request': {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
})
return result
def _get_http_context(self, record, request):
urlparts = _urlparse.urlsplit(request.url)
return {
"url": "%s://%s%s" % (urlparts.scheme, urlparts.netloc, urlparts.path),
"query_string": urlparts.query,
"method": request.method,
"data": self._get_http_request_data(request),
"headers": dict(get_headers(request.environ)),
"env": dict(get_environ(request.environ)),
}
def get_http_context(self, environ):
return {
"method": environ.get("REQUEST_METHOD"),
"url": get_current_url(environ, strip_querystring=True),
"query_string": environ.get("QUERY_STRING"),
# TODO
# 'data': environ.get('wsgi.input'),
"headers": dict(get_headers(environ)),
"env": dict(get_environ(environ)),
}
def get_http_context(self, environ):
return {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
def http_context_data(request):
return {
'url': request.url,
'method': request.method,
'data': request.body,
'query_string': request.query_string,
'cookies': dict(request.cookies),
'headers': dict(request.headers),
'env': dict(get_environ(request.environ)),
}
def get_data_from_request(self, request):
try:
from django.contrib.auth.models import AbstractBaseUser as BaseUser
except ImportError:
from django.contrib.auth.models import User as BaseUser # NOQA
result = {}
if hasattr(request, "user") and isinstance(request.user, BaseUser):
result["user"] = self.get_user_info(request.user)
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = "https"
else:
scheme = "http"
host = get_host(request)
uri = "%s://%s%s" % (scheme, host, request.path)
if request.method != "GET":
try:
data = request.body
except Exception:
try:
data = request.raw_post_data
except Exception:
# assume we had a partial read.
try:
data = request.POST or "<unavailable>"
except Exception:
data = "<unavailable>"
else:
data = None
environ = request.META
result.update(
{
"request": {
"method": request.method,
"url": uri,
"query_string": request.META.get("QUERY_STRING"),
"data": data,
"cookies": dict(request.COOKIES),
"headers": dict(get_headers(environ)),
"env": dict(get_environ(environ)),
}
}
)
return result
def get_data_from_request():
"""Returns request data extracted from web.ctx."""
return {
'sentry.interfaces.Http': {
'url': '%s://%s%s' % (web.ctx['protocol'], web.ctx['host'], web.ctx['path']),
'query_string': web.ctx.query,
'method': web.ctx.method,
'data': web.data(),
'headers': dict(get_headers(web.ctx.environ)),
'env': dict(get_environ(web.ctx.environ)),
}
}
def handle_exception(self, environ):
event_id = self.client.captureException(
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
'headers': self.cleanup_headers(dict(get_headers(environ))),
'env': dict(get_environ(environ)),
}
},
)
return event_id
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
return {
"sentry.interfaces.Http": {
"url": "%s://%s%s" % (urlparts.scheme, urlparts.netloc, urlparts.path),
"query_string": urlparts.query,
"method": request.method,
"data": request.form or request.args,
"headers": dict(get_headers(request.environ)),
"env": dict(get_environ(request.environ)),
}
}
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
return {
'sentry.interfaces.Http': {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': request.form,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
def get_request_info(request):
'''
Returns context data extracted from :param:`request`.
Heavily based on flask integration for Sentry: https://git.io/vP4i9.
'''
urlparts = _urlparse.urlsplit(request.url)
return {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
def get_data_from_request(self, request):
try:
from django.contrib.auth.models import AbstractBaseUser as BaseUser
except ImportError:
from django.contrib.auth.models import User as BaseUser # NOQA
result = {}
if hasattr(request, 'user') and isinstance(request.user, BaseUser):
result['sentry.interfaces.User'] = self.get_user_info(request.user)
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
if request.method != 'GET':
try:
data = request.body
except:
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = '<unavailable>'
else:
data = None
environ = request.META
result.update({
'sentry.interfaces.Http': {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
})
return result
def request2crashreporting(request):
"""
Transform django/wsgi request object to a dict the crash reporting
can understand.
"""
data = {}
# Pieces grabbed from raven.contrib.django.client
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
rdata = None
if request.method not in ('GET', 'HEAD'):
try:
rdata = request.body
except Exception:
try:
rdata = request.raw_post_data
except Exception:
# assume we had a partial read.
try:
rdata = request.POST or '<unavailable>'
except Exception:
rdata = '<unavailable>'
else:
if isinstance(rdata, MultiValueDict):
rdata = dict(
(k, v[0] if len(v) == 1 else v)
for k, v in iter(rdata.lists()))
data['request'] = {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': rdata,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(request.META)),
'env': dict(get_environ(request.META)),
}
return data
def handle_exception(self, environ):
event_id = self.client.captureException(
data={
"sentry.interfaces.Http": {
"method": environ.get("REQUEST_METHOD"),
"url": get_current_url(environ, strip_querystring=True),
"query_string": environ.get("QUERY_STRING"),
# TODO
# 'data': environ.get('wsgi.input'),
"headers": dict(get_headers(environ)),
"env": dict(get_environ(environ)),
}
}
)
return event_id
def get_http_info(self, request):
urlparts = _urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
return {
"url": "%s://%s%s" % (urlparts.scheme, urlparts.netloc, urlparts.path),
"query_string": urlparts.query,
"method": request.method,
"data": formdata,
"headers": dict(get_headers(request.environ)),
"env": dict(get_environ(request.environ)),
}
def get_http_info(self, request):
urlparts = _urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
return {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
def get_http_info(self, request):
urlparts = _urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
return {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
def handle_exception(self, exc_info, environ):
event_id = self.client.capture('Exception',
exc_info=exc_info,
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
},
)
return event_id
def request2crashreporting(request):
"""
Transform django/wsgi request object to a dict the crash reporting
can understand.
"""
data = {}
# Pieces grabbed from raven.contrib.django.client
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
rdata = None
if request.method not in ('GET', 'HEAD'):
try:
rdata = request.body
except Exception:
try:
rdata = request.raw_post_data
except Exception:
# assume we had a partial read.
try:
rdata = request.POST or '<unavailable>'
except Exception:
rdata = '<unavailable>'
else:
if isinstance(rdata, MultiValueDict):
rdata = dict((k, v[0] if len(v) == 1 else v)
for k, v in iter(rdata.lists()))
data['request'] = {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': rdata,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(request.META)),
'env': dict(get_environ(request.META)),
}
return data
def get_raven_client(request):
"""Return the Raven client for reporting crashes to Sentry."""
client = request.registry["raven.client"]
client.http_context({
'url': request.url,
'method': request.method,
'data': request.body,
'query_string': request.query_string,
'cookies': dict(request.cookies),
'headers': dict(request.headers),
'env': dict(get_environ(request.environ)),
})
client.user_context({
'ip_address': request.client_addr,
})
request.add_finished_callback(lambda request: client.context.clear())
return client
def get_data_from_request(self, request):
result = {}
if hasattr(request, 'user'):
result['sentry.interfaces.User'] = self.get_user_info(request.user)
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# attempt to build a URL for reporting as Django won't allow us to
# use get_host()
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
if request.method != 'GET':
try:
data = request.body
except:
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = '<unavailable>'
else:
data = None
environ = request.META
result.update({
'sentry.interfaces.Http': {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
})
return result
def get_data_from_request():
return {
'request': {
'url':
'%s://%s%s' %
(web.ctx['protocol'], web.ctx['host'], web.ctx['path']),
'query_string':
web.ctx.query,
'method':
web.ctx.method,
'data':
web.data(),
'headers':
dict(get_headers(web.ctx.environ)),
'env':
dict(get_environ(web.ctx.environ))
}
}
def get_data_from_request():
"""Returns request data extracted from web.ctx."""
return {
'sentry.interfaces.Http': {
'url':
'%s://%s%s' %
(web.ctx['protocol'], web.ctx['host'], web.ctx['path']),
'query_string':
web.ctx.query,
'method':
web.ctx.method,
'data':
web.data(),
'headers':
dict(get_headers(web.ctx.environ)),
'env':
dict(get_environ(web.ctx.environ)),
}
}
def handle_exception(self, environ):
event_id = self.client.captureException(
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
},
# Galaxy: add request id from environment if available
extra={'request_id': environ.get('request_id', 'Unknown')})
# Galaxy: store event_id in environment so we can show it to the user
environ['sentry_event_id'] = event_id[0]
return event_id
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
return {
'sentry.interfaces.Http': {
'url':
'%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
def get_http_info_with_retriever(self, request, retriever=None):
"""
Exact method for getting http_info but with form data work around.
"""
urlparts = _urlparse.urlsplit(request.url)
try:
data = retriever(request)
except (ClientDisconnected, TypeError):
data = {}
return {
"url": "%s://%s%s" % (urlparts.scheme, urlparts.netloc, urlparts.path),
"query_string": urlparts.query,
"method": request.method,
"data": data,
"headers": dict(get_headers(request.environ)),
"env": dict(get_environ(request.environ)),
}
def get_data_from_request(self, request):
from django.contrib.auth.models import User, AnonymousUser
result = {}
if hasattr(request, 'user') and isinstance(request.user,
(User, AnonymousUser)):
result['sentry.interfaces.User'] = self.get_user_info(request)
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
# Bail early if the URL has an invalid host
return result
if request.method != 'GET':
if hasattr(request, 'body'):
data = request.body
else:
try:
data = request.raw_post_data and request.raw_post_data or request.POST
except Exception:
# assume we had a partial read:
data = '<unavailable>'
else:
data = None
environ = request.META
result.update({
'sentry.interfaces.Http': {
'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
})
return result
def get_http_context(self, environ):
from raven.utils.wsgi import get_current_url, get_headers, get_environ
data = {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
for k in environ.keys():
try:
if k not in data['env'] and environ.get(k):
data['env'][k.upper()] = str(environ.get(k))
except:
pass
return data
def get_http_context(self, environ):
from raven.utils.wsgi import get_current_url, get_headers, get_environ
data = {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
for k in environ.keys():
try:
if k not in data['env'] and environ.get(k):
data['env'][k.upper()] = str(environ.get(k))
except:
pass
return data
def handle_exception(self, environ):
headers = dict(get_headers(environ))
# Authorization header for REMOTE_USER sites consists of a base64() of
# their plaintext password. It is a security issue for this password to
# be exposed to a third party system which may or may not be under
# control of the same administrators as the local Authentication
# system. E.g. university LDAP systems.
if 'Authorization' in headers:
# Redact so the administrator knows that a value is indeed present.
headers['Authorization'] = 'redacted'
# Passing cookies allows for impersonation of users (depending on
# remote service) and can be considered a security risk as well. For
# multiple services running alongside Galaxy on the same host, this
# could allow a sentry user with access to logs to impersonate a user
# on another service. In the case of services like Jupyter, this can be
# a serious concern as that would allow for terminal access. Furthermore,
# very little debugging information can be gained as a result of having
# access to all of the users cookies (including Galaxy cookies)
if 'Cookie' in headers:
headers['Cookie'] = 'redacted'
event_id = self.client.captureException(
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': headers,
'env': dict(get_environ(environ)),
}
},
# Galaxy: add request id from environment if available
extra={
'request_id': environ.get('request_id', 'Unknown')
}
)
# Galaxy: store event_id in environment so we can show it to the user
environ['sentry_event_id'] = event_id
return event_id
def handle_exception(self, environ):
headers = dict(get_headers(environ))
# Authorization header for REMOTE_USER sites consists of a base64() of
# their plaintext password. It is a security issue for this password to
# be exposed to a third party system which may or may not be under
# control of the same administrators as the local Authentication
# system. E.g. university LDAP systems.
if 'Authorization' in headers:
# Redact so the administrator knows that a value is indeed present.
headers['Authorization'] = 'redacted'
# Passing cookies allows for impersonation of users (depending on
# remote service) and can be considered a security risk as well. For
# multiple services running alongside Galaxy on the same host, this
# could allow a sentry user with access to logs to impersonate a user
# on another service. In the case of services like IPython, this can be
# a serious concern as that would allow for terminal access. Furthermore,
# very little debugging information can be gained as a result of having
# access to all of the users cookies (including Galaxy cookies)
if 'Cookie' in headers:
headers['Cookie'] = 'redacted'
event_id = self.client.captureException(
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': headers,
'env': dict(get_environ(environ)),
}
},
# Galaxy: add request id from environment if available
extra={
'request_id': environ.get( 'request_id', 'Unknown' )
}
)
# Galaxy: store event_id in environment so we can show it to the user
environ['sentry_event_id'] = event_id[0]
return event_id
def send_sentry(self, metadata, msg=None, data=None, **kwargs):
from raven.utils.wsgi import get_current_url, get_environ, get_headers
if data is None:
data = {}
if 'SENTRY_ID' in self.environ:
data['event_id'] = self.environ['SENTRY_ID']
# sentry displays these specific fields in a different way
http_context = {
'url': get_current_url(self.environ),
# we don't use the sanitized version from metadata, we want the
# real query string
'query_string': self.environ.get('QUERY_STRING'),
'method': metadata['method'],
'headers': dict(get_headers(self.environ)),
'env': dict(get_environ(self.environ)),
}
talisker.sentry.report_wsgi(http_context,
exc_info=self.exc_info,
msg=msg,
data=data,
**kwargs)
def get_data_from_request(self, request):
result = {}
user = getattr(request, 'user', None)
if user is not None:
user_info = self.get_user_info(user)
if user_info:
result['user'] = user_info
try:
uri = request.build_absolute_uri()
except SuspiciousOperation:
if request.is_secure():
scheme = 'https'
else:
scheme = 'http'
host = get_host(request)
uri = '%s://%s%s' % (scheme, host, request.path)
if request.method not in ('GET', 'HEAD'):
try:
data = request.body
except Exception:
try:
data = request.raw_post_data
except Exception:
try:
data = request.POST or '<unavailable>'
except Exception:
data = '<unavailable>'
else:
data = None
environ = request.META
result.update({'request': {'method': request.method,
'url': uri,
'query_string': request.META.get('QUERY_STRING'),
'data': data,
'cookies': dict(request.COOKIES),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ))}})
return result
def __call__(self, environ, start_response):
try:
return self._handle_request(environ, start_response)
except (KeyboardInterrupt, SystemExit):
raise
except:
if self.error_reporter:
self.error_reporter.http_context({
'method':
environ.get('REQUEST_METHOD'),
'url':
get_current_url(environ, strip_querystring=True),
'query_string':
environ.get('QUERY_STRING'),
'headers':
dict(get_headers(environ)),
'env':
dict(get_environ(environ)),
})
self.error_reporter.captureException()
self.error_reporter.context.clear()
raise
def get_http_info_with_retriever(self, request, retriever=None):
"""
Exact method for getting http_info but with form data work around.
"""
if retriever is None:
retriever = self.get_form_data
urlparts = _urlparse.urlsplit(request.url)
try:
data = retriever(request)
except ClientDisconnected:
data = {}
return {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': data,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
def report(self, traceback):
environ = traceback.context.get('environ', {})
data = {
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
}
is_backlash_event = getattr(traceback.exc_value, 'backlash_event', False)
if is_backlash_event:
# Just a Stack Dump request from backlash
self.client.captureMessage(traceback.exception, data=data,
stack=traceback.frames)
else:
# This is a real crash
self.client.captureException(exc_info=traceback.exc_info, data=data)
def handle_exception(self, environ):
event_id = self.client.captureException(
data={
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': dict(get_headers(environ)),
'env': dict(get_environ(environ)),
}
},
# Galaxy: add request id from environment if available
extra={
'request_id': environ.get( 'request_id', 'Unknown' )
}
)
# Galaxy: store event_id in environment so we can show it to the user
environ['sentry_event_id'] = event_id[0]
return event_id
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
try:
form_dict = request.forms.dict
# we only are about the most recent one
formdata = dict([(k, form_dict[k][-1]) for k in form_dict])
except Exception:
formdata = {}
data = {
'request': {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
return data
def get_data_from_request(request):
urlparts = urlparse.urlsplit(request.url)
try:
form_dict = request.forms.dict
# we only are about the most recent one
formdata = dict([(k, form_dict[k][-1]) for k in form_dict])
except Exception:
formdata = {}
data = {
'sentry.interfaces.Http': {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
return data
def get_data(self, data, **kwargs):
if 'sentry.interfaces.Http' in data or not has_request_context():
return
environ = request.environ
headers = dict(request.headers)
guru_key = getattr(request, 'guru_id_header', None)
if guru_key and guru_key not in headers:
headers[guru_key] = getattr(request, 'guru_id', None)
request_data = {
'sentry.interfaces.Http': {
'method': environ.get('REQUEST_METHOD'),
'url': get_current_url(environ, strip_querystring=True),
'query_string': environ.get('QUERY_STRING'),
# TODO
# 'data': environ.get('wsgi.input'),
'headers': headers,
'env': dict(get_environ(environ)),
'form': dict(request.form),
}
}
data.update(request_data)
def get_http_info_with_retriever(self, request, retriever=None):
"""
Exact method for getting http_info but with form data work around.
"""
if retriever is None:
retriever = self.get_form_data
urlparts = urlparse.urlsplit(request.url)
try:
data = retriever(request)
except ClientDisconnected:
data = {}
return {
'url': '%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': data,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
def get_data_from_request(request):
try:
from flask.globals import _request_ctx_stack
except ImportError:
pass
else:
if not _request_ctx_stack.top:
return {}
urlparts = _urlparse.urlsplit(request.url)
try:
formdata = request.form
except ClientDisconnected:
formdata = {}
data = {
'sentry.interfaces.Http': {
'url':
'%s://%s%s' % (urlparts.scheme, urlparts.netloc, urlparts.path),
'query_string': urlparts.query,
'method': request.method,
'data': formdata,
'headers': dict(get_headers(request.environ)),
'env': dict(get_environ(request.environ)),
}
}
try:
user_data = get_user_info(request)
except Exception as e:
logger.exception(e)
else:
if user_data:
data['sentry.interfaces.User'] = user_data
return data
def test_hides_wsgi_input(self):
result = list(get_environ({'wsgi.input': 'foo'}))
self.assertNotIn('wsgi.input', result)
def test_has_server_port(self):
result = dict(get_environ({'SERVER_PORT': 80}))
self.assertIn('SERVER_PORT', result)
self.assertEquals(result['SERVER_PORT'], 80)
def test_has_server_name(self):
result = dict(get_environ({'SERVER_NAME': '127.0.0.1'}))
self.assertIn('SERVER_NAME', result)
self.assertEquals(result['SERVER_NAME'], '127.0.0.1')
def test_has_remote_addr(self):
result = dict(get_environ({'REMOTE_ADDR': '127.0.0.1'}))
self.assertIn('REMOTE_ADDR', result)
self.assertEquals(result['REMOTE_ADDR'], '127.0.0.1')
