Esempio n. 1
0
def sql_profile(request):
    """
    Returns the output of running the SQL and getting the profiling statistics.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        time: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = simplejson.loads(params)
        cursor = connection.cursor()
        cursor.execute("SET PROFILING=1") # Enable profiling
        cursor.execute(sql, params) # Execute SELECT
        cursor.execute("SET PROFILING=0") # Disable profiling
        # The Query ID should always be 1 here but I'll subselect to get the last one just in case...
        cursor.execute("SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)")
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'time': request.GET.get('time', 0.0),
            'headers': headers,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html', context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 2
0
def sql_select(request):
    """
    Returns the output of the SQL SELECT statement.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    alias = request.GET.get('alias', 'default')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = simplejson.loads(params)
        cursor = connections[alias].cursor()
        cursor.execute(sql, params)
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'duration': request.GET.get('duration', 0.0),
            'headers': headers,
            'alias': alias,
        }
        return render_to_response('debug_toolbar/panels/sql_select.html', context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 3
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        time: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert
    if sql.lower().startswith('select'):
        params = simplejson.loads(params)
        cursor = connection.cursor()
        cursor.execute("EXPLAIN %s" % (sql,), params)
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'time': request.GET.get('time', 0.0),
            'headers': headers,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html', context)
Esempio n. 4
0
def sql_profile(request):
    """
    Returns the output of running the SQL and getting the profiling statistics.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        time: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = simplejson.loads(params)
        cursor = connection.cursor()
        cursor.execute("SET PROFILING=1") # Enable profiling
        cursor.execute(sql, params) # Execute SELECT
        cursor.execute("SET PROFILING=0") # Disable profiling
        # The Query ID should always be 1 here but I'll subselect to get the last one just in case...
        cursor.execute("SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)")
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'time': request.GET.get('time', 0.0),
            'headers': headers,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html', context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
def sql_select(request):
    """
    Returns the output of the SQL SELECT statement.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    alias = request.GET.get('alias', 'default')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = simplejson.loads(params)
        cursor = connections[alias].cursor()
        cursor.execute(sql, params)
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'duration': request.GET.get('duration', 0.0),
            'headers': headers,
            'alias': alias,
        }
        return render_to_response('debug_toolbar/panels/sql_select.html', context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 6
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.
    
    Expected GET variables:
        sql: urlencoded sql with position arguments
        params: JSON encoded parameter values
        time: time for SQL to execute passed in from toolbar just for redisplay
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    if sql.lower().startswith('select'):
        params = simplejson.loads(request.GET.get('params', ''))
        cursor = connection.cursor()
        cursor.execute("EXPLAIN %s" % (sql, ), params)
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result':
            result,
            'sql':
            reformat_sql(cursor.db.ops.last_executed_query(
                cursor, sql, params)),
            'time':
            request.GET.get('time', 0.0),
            'headers':
            headers,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html',
                                  context)
Esempio n. 7
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.
    
    Expected GET variables:
        sql: urlencoded sql with position arguments
        params: JSON encoded parameter values
        time: time for SQL to execute passed in from toolbar just for redisplay
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    if sql.lower().startswith('select'):
        params = simplejson.loads(request.GET.get('params', ''))
        cursor = connection.cursor()
        cursor.execute("EXPLAIN %s" % (sql,), params)
        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            'time': request.GET.get('time', 0.0),
            'headers': headers,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html', context)
Esempio n. 8
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    alias = request.GET.get('alias', 'default')
    hash = sha1(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert')  # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = json.loads(params)
        cursor = connections[alias].cursor()

        conn = connections[alias].connection
        engine = conn.__class__.__module__.split('.', 1)[0]

        if engine == "sqlite3":
            # SQLite's EXPLAIN dumps the low-level opcodes generated for a query;
            # EXPLAIN QUERY PLAN dumps a more human-readable summary
            # See http://www.sqlite.org/lang_explain.html for details
            cursor.execute("EXPLAIN QUERY PLAN %s" % (sql, ), params)
        elif engine == "psycopg2":
            cursor.execute("EXPLAIN ANALYZE %s" % (sql, ), params)
        else:
            cursor.execute("EXPLAIN %s" % (sql, ), params)

        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result':
            result,
            'sql':
            reformat_sql(cursor.db.ops.last_executed_query(
                cursor, sql, params)),
            'duration':
            request.GET.get('duration', 0.0),
            'headers':
            headers,
            'alias':
            alias,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html',
                                  context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 9
0
def sql_profile(request):
    """
    Returns the output of running the SQL and getting the profiling statistics.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql

    sql = smart_str(request.GET.get("sql", ""))
    params = smart_str(request.GET.get("params", ""))
    alias = request.GET.get("alias", "default")
    secret_key = smart_str(settings.SECRET_KEY)
    hash = sha_constructor(secret_key + sql + params).hexdigest()
    if hash != request.GET.get("hash", ""):
        return HttpResponseBadRequest("Tamper alert")  # SQL Tampering alert
    if sql.lower().strip().startswith("select"):
        params = simplejson.loads(params)
        cursor = connections[alias].cursor()
        result = None
        headers = None
        result_error = None
        try:
            cursor.execute("SET PROFILING=1")  # Enable profiling
            cursor.execute(sql, params)  # Execute SELECT
            cursor.execute("SET PROFILING=0")  # Disable profiling
            # The Query ID should always be 1 here but I'll subselect to get the last one just in case...
            cursor.execute(
                "SELECT * FROM information_schema.profiling WHERE query_id=(SELECT query_id FROM information_schema.profiling ORDER BY query_id DESC LIMIT 1)"
            )
            headers = [d[0] for d in cursor.description]
            result = cursor.fetchall()
        except:
            result_error = "Profiling is either not available or not supported by your database."
        cursor.close()
        context = {
            "result": result,
            "result_error": result_error,
            "sql": reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            "duration": request.GET.get("duration", 0.0),
            "headers": headers,
            "alias": alias,
        }
        return render_to_response("debug_toolbar/panels/sql_profile.html", context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 10
0
    def title(self):
        sql_queries = connection.queries[self._offset:]
        queries = [(q['time'], q['raw_sql'], q['params']) for q in sql_queries]
        query_groups = {}
        for item in queries:
            time, raw_sql, params = item[0], item[1], item[2]
            group = query_groups.get(raw_sql, [0, 0, []])
            group[2].append(params)
            query_groups[raw_sql] = (group[0]+time, group[1]+1, group[2])

        query_groups = sorted([[k, v[0], v[1], v[2]] for k, v in query_groups.iteritems()], key=lambda x: x[1])[::-1]
        for query_group in query_groups:
            query_group[0] = reformat_sql(query_group[0])
        self.query_groups = query_groups
        self.unique_count = len(query_groups)
        return '%s Unique Queries' % self.unique_count
Esempio n. 11
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql
    sql = request.GET.get('sql', '')
    params = request.GET.get('params', '')
    alias = request.GET.get('alias', 'default')
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get('hash', ''):
        return HttpResponseBadRequest('Tamper alert') # SQL Tampering alert
    if sql.lower().strip().startswith('select'):
        params = simplejson.loads(params)
        cursor = connections[alias].cursor()

        conn = connections[alias].connection
        engine = conn.__class__.__module__.split('.', 1)[0]

        if engine == "sqlite3":
            # SQLite's EXPLAIN dumps the low-level opcodes generated for a query;
            # EXPLAIN QUERY PLAN dumps a more human-readable summary
            # See http://www.sqlite.org/lang_explain.html for details
            cursor.execute("EXPLAIN QUERY PLAN %s" % (sql,), params)
        else:
            cursor.execute("EXPLAIN %s" % (sql,), params)

        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            'result': result,
            'sql': reformat_sql(
                cursor.db.ops.last_executed_query(cursor, sql, params),
                expand=False,
            ),
            'duration': request.GET.get('duration', 0.0),
            'headers': headers,
            'alias': alias,
        }
        return render_to_response('debug_toolbar/panels/sql_explain.html', context)
    raise InvalidSQLError("Only 'select' queries are allowed.")
Esempio n. 12
0
 def process_response(self, request, response):
     if getattr(settings, 'DEBUG_LOGGING_CONFIG', {}).get('ENABLED', False):
         # Call the nav_subtitle method so that the query data is captured
         self.nav_subtitle()
         
         for alias, query in self._queries:
             query['alias'] = alias
             query['sql'] = reformat_sql(query['sql'])
         
         stats = {}
         
         queries = [q for a, q in self._queries]
         
         if settings.DEBUG_LOGGING_CONFIG.get('SQL_EXTRA', False):
             stats['sql_queries'] = queries
         
         stats['sql_time'] = self._sql_time
         stats['sql_num_queries'] = len(queries)
         request.debug_logging_stats.update(stats)
Esempio n. 13
0
def sql_explain(request):
    """
    Returns the output of the SQL EXPLAIN on the given query.

    Expected GET variables:
        sql: urlencoded sql with positional arguments
        params: JSON encoded parameter values
        duration: time for SQL to execute passed in from toolbar just for redisplay
        hash: the hash of (secret + sql + params) for tamper checking
    """
    from debug_toolbar.panels.sql import reformat_sql

    sql = request.GET.get("sql", "")
    params = request.GET.get("params", "")
    alias = request.GET.get("alias", "default")
    hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest()
    if hash != request.GET.get("hash", ""):
        return HttpResponseBadRequest("Tamper alert")  # SQL Tampering alert
    if sql.lower().strip().startswith("select"):
        params = simplejson.loads(params)
        cursor = connections[alias].cursor()

        if settings.DATABASE_ENGINE == "sqlite3":
            # SQLite's EXPLAIN dumps the low-level opcodes generated for a query;
            # EXPLAIN QUERY PLAN dumps a more human-readable summary
            # See http://www.sqlite.org/lang_explain.html for details
            cursor.execute("EXPLAIN QUERY PLAN %s" % (sql,), params)
        else:
            cursor.execute("EXPLAIN %s" % (sql,), params)

        headers = [d[0] for d in cursor.description]
        result = cursor.fetchall()
        cursor.close()
        context = {
            "result": result,
            "sql": reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)),
            "duration": request.GET.get("duration", 0.0),
            "headers": headers,
            "alias": alias,
        }
        return render_to_response("debug_toolbar/panels/sql_explain.html", context)
    raise InvalidSQLError("Only 'select' queries are allowed.")