def check_request_data(self, request): """ Inspect session data and warn if it was tampered with. """ data = self._get_session() stash = data.get(DATA_PREFIX, None) if stash is None and (self.modified or settings.SESSION_SAVE_EVERY_REQUEST): # If a subclass overrides save(), this should catch it. # We only check this when we know save() was called. # During automated testing, save() is not typically called. raise ValueError('Cannot check data because it was not stashed. ' 'This typically happens in save()') if not stash: stash = {} for k in META_KEYS: saved = stash.get('meta:%s' % k, '') current = request.META.get(k, '') if saved and saved != current: values = [saved, current] msg = (u'%s: %s' % (trans[SESSION_CHANGED], values)) warning.send(sender=self, flag=SESSION_CHANGED, message=msg, values=values)
def detect_low(self, data): if not isinstance(data, basestring): return if low_chars.search(data): warning.send(sender=self.__class__, flag=UNEXPECTED_CHARACTER, message='Unexpected characters')
def inner(request, *args, **kwargs): if request.method not in request_method_list: # Raise our warning. warning.send(sender=require_http_methods, flag=WRONG_METHOD, message=u'%s not allowed' % request.method, values=[request_method_list]) logger.warning('Method Not Allowed (%s): %s', request.method, request.path, extra={ 'status_code': 405, 'request': request }) return HttpResponseNotAllowed(request_method_list) return func(request, *args, **kwargs)
def check_request_data(self, request): """ Inspect session data and warn if it was tampered with. """ data = self._get_session() stash = data.get(DATA_PREFIX, None) if stash is None and (self.modified or settings.SESSION_SAVE_EVERY_REQUEST): # If a subclass overrides save(), this should catch it. # We only check this when we know save() was called. # During automated testing, save() is not typically called. raise ValueError("Cannot check data because it was not stashed. " "This typically happens in save()") if not stash: stash = {} for k in META_KEYS: saved = stash.get("meta:%s" % k, "") current = request.META.get(k, "") if saved and saved != current: values = [saved, current] msg = u"%s: %s" % (trans[SESSION_CHANGED], values) warning.send(sender=self, flag=SESSION_CHANGED, message=msg, values=values)
def warn(self, flag, data): klass = self.__class__ msg = (u'%s: %s in %s' % (trans[flag], data, klass.__name__)) warning.send(sender=klass, flag=flag, message=msg, values=data)