def test_password_in_batched_json(self):
mock_request = Mock()
mock_request.META = {
DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'
}
d = [{
'x': 'testunmasked',
'username': '******',
'password': '******'
}, {
'x': 'testunmasked',
'username': '******',
'password': '******'
}]
mock_request.body = json.dumps(d)
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertIn('testunmasked', raw_body)
self.assertNotIn('test_username', raw_body)
self.assertNotIn('testpassword', raw_body)
self.assertNotIn('test_username', body[0])
self.assertNotIn('testpassword', body[0])
self.assertNotIn('test_username', body[1])
self.assertNotIn('testpassword', body[1])
for data in [json.loads(body), json.loads(raw_body)]:
for datum in data:
self.assertEqual(datum['username'],
RequestModelFactory.CLEANSED_SUBSTITUTE)
self.assertEqual(datum['password'],
RequestModelFactory.CLEANSED_SUBSTITUTE)
self.assertEqual(datum['x'], 'testunmasked')
def test_password_in_batched_json(self):
mock_request = Mock()
mock_request.META = {
DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'
}
d = [{
'x': 'testunmasked',
'username': '******',
'password': '******'
}, {
'x': 'testunmasked',
'username': '******',
'password': '******'
}]
mock_request.body = json.dumps(d)
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertIn('testunmasked', raw_body)
self.assertNotIn('test_username', raw_body)
self.assertNotIn('testpassword', raw_body)
self.assertNotIn('test_username', body[0])
self.assertNotIn('testpassword', body[0])
self.assertNotIn('test_username', body[1])
self.assertNotIn('testpassword', body[1])
def test_plain(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
mock_request.body = 'sdfsdf'
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertFalse(body)
self.assertEqual(raw_body, mock_request.body)
def test_plain(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
mock_request.body = 'sdfsdf'
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertFalse(body)
self.assertEqual(raw_body, mock_request.body)
def test_utf_json_not_encoded(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'}
d = {'x': u'语'}
mock_request.body = json.dumps(d)
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertDictEqual(json.loads(body), d)
self.assertEqual(raw_body, mock_request.body)
def test_invalid_encoding_json(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'}
d = {'x': u'语'}
mock_request.body = json.dumps(d).encode('UTF-8')
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertDictEqual(json.loads(body, encoding='UTF-8'), d)
self.assertEqual(raw_body, raw_body)
def process_request(self, request):
if _should_intercept(request):
DataCollector().configure()
with silk_meta_profiler():
request.silk_is_intercepted = True
self._apply_dynamic_mappings()
wrap_cursor_execute()
request_model = RequestModelFactory(request).construct_request_model()
request_model.save()
DataCollector().request = request_model
def test_invalid_encoding_json(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=asdas-8'}
d = {'x': u'语'}
mock_request.body = json.dumps(d).encode('UTF-8')
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertDictEqual(json.loads(body), d)
self.assertEqual(raw_body, raw_body)
def test_utf_json_encoded_no_charset(self):
"""default to UTF-8"""
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json'}
d = {'x': u'语'}
mock_request.body = json.dumps(d).encode('UTF-8')
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertDictEqual(json.loads(body), d)
self.assertEqual(raw_body, mock_request.body.decode('UTF-8'))
def test_authorization_header(self):
mock_request = Mock()
mock_request.META = {'HTTP_AUTHORIZATION': 'secret'}
mock_request.body = ''
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
headers = factory.encoded_headers()
json_headers = json.loads(headers)
self.assertIn('AUTHORIZATION', json_headers)
self.assertEqual(json_headers['AUTHORIZATION'], RequestModelFactory.CLEANSED_SUBSTITUTE)
def process_request(self, request):
if _should_intercept(request):
DataCollector().configure()
with silk_meta_profiler():
request.silk_is_intercepted = True
self._apply_dynamic_mappings()
wrap_cursor_execute()
request_model = RequestModelFactory(
request).construct_request_model()
request_model.save()
DataCollector().request = request_model
def test_utf_json_encoded_no_charset(self):
"""default to UTF-8"""
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json'}
d = {'x': u'语'}
mock_request.body = json.dumps(d).encode('UTF-8')
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertDictEqual(json.loads(body), d)
self.assertEqual(raw_body, mock_request.body.decode('UTF-8'))
def test_password_in_body(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
mock_request.body = 'username=test_username&unmasked=testunmasked&password=testpassword'
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertIn('testunmasked', raw_body)
self.assertNotIn('test_username', raw_body)
self.assertNotIn('testpassword', raw_body)
self.assertNotIn('test_username', body)
self.assertNotIn('testpassword', body)
def test_password_in_body(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'text/plain'}
mock_request.body = 'username=test_username&unmasked=testunmasked&password=testpassword'
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertIn('testunmasked', raw_body)
self.assertNotIn('test_username', raw_body)
self.assertNotIn('testpassword', raw_body)
self.assertNotIn('test_username', body)
self.assertNotIn('testpassword', body)
def test_password_in_json(self):
mock_request = Mock()
mock_request.META = {DJANGO_META_CONTENT_TYPE: 'application/json; charset=UTF-8'}
d = {'x': 'testunmasked', 'username': '******', 'password': '******'}
mock_request.body = json.dumps(d)
mock_request.get = mock_request.META.get
factory = RequestModelFactory(mock_request)
body, raw_body = factory.body()
self.assertIn('testunmasked', raw_body)
self.assertNotIn('test_username', raw_body)
self.assertNotIn('testpassword', raw_body)
self.assertNotIn('test_username', body)
self.assertNotIn('testpassword', body)
def test_no_max_request(self):
SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1
mock_request = Mock()
mock_request.META = {'CONTENT_TYPE': 'text/plain'}
mock_request.GET = {}
mock_request.body = 'a'.encode('ascii') * 1000 # 1000 bytes?
request_model = RequestModelFactory(
mock_request).construct_request_model()
self.assertTrue(request_model.raw_body)
def test_no_long_url(self):
url = '1234567890' * 19 # 190-character URL
mock_request = Mock()
mock_request.META = {'CONTENT_TYPE': 'text/plain'}
mock_request.GET = {}
mock_request.path = url
mock_request.method = 'get'
request_model = RequestModelFactory(
mock_request).construct_request_model()
self.assertEqual(request_model.path, url)
def test_max_request(self):
SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = 10 # 10kb
mock_request = Mock()
mock_request.META = {'CONTENT_TYPE': 'text/plain'}
mock_request.GET = {}
mock_request.method = 'get'
mock_request.body = 'a'.encode('ascii') * 1024 * 100 # 100kb
mock_request.path = reverse('silk:requests')
request_model = RequestModelFactory(mock_request).construct_request_model()
self.assertFalse(request_model.raw_body)
def process_request(self, request):
request_model = None
if _should_intercept(request):
self._apply_dynamic_mappings()
if not hasattr(SQLCompiler, '_execute_sql'):
SQLCompiler._execute_sql = SQLCompiler.execute_sql
SQLCompiler.execute_sql = execute_sql
request_model = RequestModelFactory(
request).construct_request_model()
DataCollector().configure(request_model)
def test_no_max_request(self):
SilkyConfig().SILKY_MAX_REQUEST_BODY_SIZE = -1
mock_request = Mock()
mock_request.META = {'CONTENT_TYPE': 'text/plain'}
mock_request.GET = {}
mock_request.path = reverse('silk:requests')
mock_request.method = 'get'
mock_request.body = b'a' * 1000 # 1000 bytes?
request_model = RequestModelFactory(
mock_request).construct_request_model()
self.assertTrue(request_model.raw_body)
def test_long_url(self):
url = '1234567890' * 200 # 2000-character URL
mock_request = Mock()
mock_request.META = {'CONTENT_TYPE': 'text/plain'}
mock_request.GET = {}
mock_request.method = 'get'
mock_request.path = url
request_model = RequestModelFactory(
mock_request).construct_request_model()
self.assertEqual(request_model.path, f'{url[:94]}...{url[1907:]}')
self.assertEqual(len(request_model.path), 190)
def process_request(self, request):
DataCollector().clear()
if not _should_intercept(request):
return
Logger.debug('process_request')
request.silk_is_intercepted = True
self._apply_dynamic_mappings()
if not hasattr(SQLCompiler, '_execute_sql'):
SQLCompiler._execute_sql = SQLCompiler.execute_sql
SQLCompiler.execute_sql = execute_sql
request_model = RequestModelFactory(request).construct_request_model()
DataCollector().configure(request_model)
def process_request(self, request):
DataCollector().clear()
if not _should_intercept(request):
return
Logger.debug('process_request')
request.silk_is_intercepted = True
self._apply_dynamic_mappings()
if not hasattr(SQLCompiler, '_execute_sql'):
SQLCompiler._execute_sql = SQLCompiler.execute_sql
SQLCompiler.execute_sql = execute_sql
silky_config = SilkyConfig()
should_profile = silky_config.SILKY_PYTHON_PROFILER
if silky_config.SILKY_PYTHON_PROFILER_FUNC:
should_profile = silky_config.SILKY_PYTHON_PROFILER_FUNC(request)
request_model = RequestModelFactory(request).construct_request_model()
DataCollector().configure(request_model, should_profile=should_profile)
def _mask(self, value):
return RequestModelFactory(None)._mask_credentials(json.dumps(value))
