def test_password_in_batched_json(self): mock_request = Mock() mock_request.META = { DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8' } d = [{ 'x': 'testunmasked', 'username': '******', 'password': '******' }, { 'x': 'testunmasked', 'username': '******', 'password': '******' }] mock_request.body = json.dumps(d) mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertIn('testunmasked', raw_body) self.assertNotIn('test_username', raw_body) self.assertNotIn('testpassword', raw_body) self.assertNotIn('test_username', body[0]) self.assertNotIn('testpassword', body[0]) self.assertNotIn('test_username', body[1]) self.assertNotIn('testpassword', body[1]) for data in [json.loads(body), json.loads(raw_body)]: for datum in data: self.assertEqual(datum['username'], RequestModelFactory.CLEANSED_SUBSTITUTE) self.assertEqual(datum['password'], RequestModelFactory.CLEANSED_SUBSTITUTE) self.assertEqual(datum['x'], 'testunmasked')
def test_password_in_batched_json(self): mock_request = Mock() mock_request.META = { DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8' } d = [{ 'x': 'testunmasked', 'username': '******', 'password': '******' }, { 'x': 'testunmasked', 'username': '******', 'password': '******' }] mock_request.body = json.dumps(d) mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertIn('testunmasked', raw_body) self.assertNotIn('test_username', raw_body) self.assertNotIn('testpassword', raw_body) self.assertNotIn('test_username', body[0]) self.assertNotIn('testpassword', body[0]) self.assertNotIn('test_username', body[1]) self.assertNotIn('testpassword', body[1])
def test_plain(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'} mock_request.body = 'sdfsdf' mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertFalse(body) self.assertEqual(raw_body, mock_request.body)
def test_utf_json_not_encoded(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'} d = {'x': u'语'} mock_request.body = json.dumps(d) mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertDictEqual(json.loads(body), d) self.assertEqual(raw_body, mock_request.body)
def test_invalid_encoding_json(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'} d = {'x': u'语'} mock_request.body = json.dumps(d).encode('UTF-8') mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertDictEqual(json.loads(body, encoding='UTF-8'), d) self.assertEqual(raw_body, raw_body)
def process_request(self, request): if _should_intercept(request): DataCollector().configure() with silk_meta_profiler(): request.silk_is_intercepted = True self._apply_dynamic_mappings() wrap_cursor_execute() request_model = RequestModelFactory(request).construct_request_model() request_model.save() DataCollector().request = request_model
def test_invalid_encoding_json(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'} d = {'x': u'语'} mock_request.body = json.dumps(d).encode('UTF-8') mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertDictEqual(json.loads(body), d) self.assertEqual(raw_body, raw_body)
def test_utf_json_encoded_no_charset(self): """default to UTF-8""" mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json'} d = {'x': u'语'} mock_request.body = json.dumps(d).encode('UTF-8') mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertDictEqual(json.loads(body), d) self.assertEqual(raw_body, mock_request.body.decode('UTF-8'))
def test_authorization_header(self): mock_request = Mock() mock_request.META = {'HTTP_AUTHORIZATION': 'secret'} mock_request.body = '' mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) headers = factory.encoded_headers() json_headers = json.loads(headers) self.assertIn('AUTHORIZATION', json_headers) self.assertEqual(json_headers['AUTHORIZATION'], RequestModelFactory.CLEANSED_SUBSTITUTE)
def process_request(self, request): if _should_intercept(request): DataCollector().configure() with silk_meta_profiler(): request.silk_is_intercepted = True self._apply_dynamic_mappings() wrap_cursor_execute() request_model = RequestModelFactory( request).construct_request_model() request_model.save() DataCollector().request = request_model
def test_password_in_body(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'} mock_request.body = 'username=test_username&unmasked=testunmasked&password=testpassword' mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertIn('testunmasked', raw_body) self.assertNotIn('test_username', raw_body) self.assertNotIn('testpassword', raw_body) self.assertNotIn('test_username', body) self.assertNotIn('testpassword', body)
def test_password_in_json(self): mock_request = Mock() mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'} d = {'x': 'testunmasked', 'username': '******', 'password': '******'} mock_request.body = json.dumps(d) mock_request.get = mock_request.META.get factory = RequestModelFactory(mock_request) body, raw_body = factory.body() self.assertIn('testunmasked', raw_body) self.assertNotIn('test_username', raw_body) self.assertNotIn('testpassword', raw_body) self.assertNotIn('test_username', body) self.assertNotIn('testpassword', body)
def test_no_max_request(self): SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1 mock_request = Mock() mock_request.META = {'CONTENT_TYPE': 'text/plain'} mock_request.GET = {} mock_request.body = 'a'.encode('ascii') * 1000 # 1000 bytes? request_model = RequestModelFactory( mock_request).construct_request_model() self.assertTrue(request_model.raw_body)
def test_no_long_url(self): url = '1234567890' * 19 # 190-character URL mock_request = Mock() mock_request.META = {'CONTENT_TYPE': 'text/plain'} mock_request.GET = {} mock_request.path = url mock_request.method = 'get' request_model = RequestModelFactory( mock_request).construct_request_model() self.assertEqual(request_model.path, url)
def test_max_request(self): SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = 10 # 10kb mock_request = Mock() mock_request.META = {'CONTENT_TYPE': 'text/plain'} mock_request.GET = {} mock_request.method = 'get' mock_request.body = 'a'.encode('ascii') * 1024 * 100 # 100kb mock_request.path = reverse('silk:requests') request_model = RequestModelFactory(mock_request).construct_request_model() self.assertFalse(request_model.raw_body)
def process_request(self, request): request_model = None if _should_intercept(request): self._apply_dynamic_mappings() if not hasattr(SQLCompiler, '_execute_sql'): SQLCompiler._execute_sql = SQLCompiler.execute_sql SQLCompiler.execute_sql = execute_sql request_model = RequestModelFactory( request).construct_request_model() DataCollector().configure(request_model)
def test_no_max_request(self): SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1 mock_request = Mock() mock_request.META = {'CONTENT_TYPE': 'text/plain'} mock_request.GET = {} mock_request.path = reverse('silk:requests') mock_request.method = 'get' mock_request.body = b'a' * 1000 # 1000 bytes? request_model = RequestModelFactory( mock_request).construct_request_model() self.assertTrue(request_model.raw_body)
def test_long_url(self): url = '1234567890' * 200 # 2000-character URL mock_request = Mock() mock_request.META = {'CONTENT_TYPE': 'text/plain'} mock_request.GET = {} mock_request.method = 'get' mock_request.path = url request_model = RequestModelFactory( mock_request).construct_request_model() self.assertEqual(request_model.path, f'{url[:94]}...{url[1907:]}') self.assertEqual(len(request_model.path), 190)
def process_request(self, request): DataCollector().clear() if not _should_intercept(request): return Logger.debug('process_request') request.silk_is_intercepted = True self._apply_dynamic_mappings() if not hasattr(SQLCompiler, '_execute_sql'): SQLCompiler._execute_sql = SQLCompiler.execute_sql SQLCompiler.execute_sql = execute_sql request_model = RequestModelFactory(request).construct_request_model() DataCollector().configure(request_model)
def process_request(self, request): DataCollector().clear() if not _should_intercept(request): return Logger.debug('process_request') request.silk_is_intercepted = True self._apply_dynamic_mappings() if not hasattr(SQLCompiler, '_execute_sql'): SQLCompiler._execute_sql = SQLCompiler.execute_sql SQLCompiler.execute_sql = execute_sql silky_config = SilkyConfig() should_profile = silky_config.SILKY_PYTHON_PROFILER if silky_config.SILKY_PYTHON_PROFILER_FUNC: should_profile = silky_config.SILKY_PYTHON_PROFILER_FUNC(request) request_model = RequestModelFactory(request).construct_request_model() DataCollector().configure(request_model, should_profile=should_profile)
def _mask(self, value): return RequestModelFactory(None)._mask_credentials(json.dumps(value))