def MakeSecrets():
"""Make a new Secrets model with random values for keys."""
secrets = Secrets(id=GLOBAL_KEY)
secrets.xsrf_key = framework_helpers.MakeRandomKey()
secrets.email_key = framework_helpers.MakeRandomKey()
# Note that recaptcha keys are not generated. An admin
# will need to set them via the Google Cloud Console.
return secrets
def get(self, **kwargs):
"""Collect page-specific and generic info, then render the page.
Args:
Any path components parsed by webapp2 will be in kwargs, but we do
our own parsing later anyway, so igore them for now.
"""
page_data = {}
nonce = framework_helpers.MakeRandomKey(length=NONCE_LENGTH)
try:
csp_header = 'Content-Security-Policy'
csp_scheme = 'https:'
if settings.local_mode:
csp_header = 'Content-Security-Policy-Report-Only'
csp_scheme = 'http:'
user_agent_str = self.mr.request.headers.get('User-Agent', '')
ua = httpagentparser.detect(user_agent_str)
browser, browser_major_version = 'Unknown browser', 0
if ua.has_key('browser'):
browser = ua['browser']['name']
try:
browser_major_version = int(
ua['browser']['version'].split('.')[0])
except ValueError:
logging.warn('Could not parse version: %r',
ua['browser']['version'])
csp_supports_report_sample = (
(browser == 'Chrome' and browser_major_version >= 59)
or (browser == 'Opera' and browser_major_version >= 46))
version_base = _VersionBaseURL(self.mr.request)
self.response.headers.add(
csp_header,
(
"default-src %(scheme)s ; "
"script-src"
" %(rep_samp)s" # Report 40 chars of any inline violation.
" 'unsafe-inline'" # Only counts in browsers that lack CSP2.
" 'strict-dynamic'" # Allows <script nonce> to load more.
" %(version_base)s/static/dist/"
" 'self' 'nonce-%(nonce)s'; "
"child-src 'none'; "
"frame-src accounts.google.com" # Both used by gapi.js auth.
" content-issuetracker.corp.googleapis.com; "
"img-src %(scheme)s data: blob: ; "
"style-src %(scheme)s 'unsafe-inline'; "
"object-src 'none'; "
"base-uri 'none'; "
"report-uri /csp.do" % {
'nonce':
nonce,
'scheme':
csp_scheme,
'rep_samp':
"'report-sample'"
if csp_supports_report_sample else '',
'version_base':
version_base,
}))
page_data.update(self._GatherFlagData(self.mr))
# Page-specific work happens in this call.
page_data.update(self._DoPageProcessing(self.mr, nonce))
self._AddHelpDebugPageData(page_data)
with self.mr.profiler.Phase('rendering template'):
self._RenderResponse(page_data)
except (MethodNotSupportedError, NotImplementedError) as e:
# Instead of these pages throwing 500s display the 404 message and log.
# The motivation of this is to minimize 500s on the site to keep alerts
# meaningful during fuzzing. For more context see
# https://bugs.chromium.org/p/monorail/issues/detail?id=659
logging.warning('Trapped NotImplementedError %s', e)
self.abort(404, 'invalid page')
except query2ast.InvalidQueryError as e:
logging.warning('Trapped InvalidQueryError: %s', e)
logging.exception(e)
msg = e.message if e.message else 'invalid query'
self.abort(400, msg)
except permissions.PermissionException as e:
logging.warning('Trapped PermissionException %s', e)
logging.warning('mr.auth.user_id is %s', self.mr.auth.user_id)
logging.warning('mr.auth.effective_ids is %s',
self.mr.auth.effective_ids)
logging.warning('mr.perms is %s', self.mr.perms)
if not self.mr.auth.user_id:
# If not logged in, let them log in
url = _SafeCreateLoginURL(self.mr)
self.redirect(url, abort=True)
else:
# Display the missing permissions template.
page_data = {
'reason': e.message,
'http_response_code': httplib.FORBIDDEN,
}
with self.mr.profiler.Phase('gather base data'):
page_data.update(self.GatherBaseData(self.mr, nonce))
self._AddHelpDebugPageData(page_data)
self._missing_permissions_template.WriteResponse(
self.response, page_data, content_type=self.content_type)
def testMakeRandomKey_Length(self): key = framework_helpers.MakeRandomKey() self.assertEqual(128, len(key)) key16 = framework_helpers.MakeRandomKey(length=16) self.assertEqual(16, len(key16))
def testMakeRandomKey_Chars(self):
key = framework_helpers.MakeRandomKey(chars='a', length=4)
self.assertEqual('aaaa', key)
def testMakeRandomKey_Normal(self): key1 = framework_helpers.MakeRandomKey() key2 = framework_helpers.MakeRandomKey() self.assertEqual(128, len(key1)) self.assertEqual(128, len(key2)) self.assertNotEqual(key1, key2)