def post(self): """Add new isolate information. Args: builder_name: The name of the builder that produced the isolate. change: The Change the isolate is for, as a JSON string. isolate_server: The hostname of the server where the isolates are stored. isolate_map: A JSON dict mapping the target names to the isolate hashes. """ # Check permissions. if self.request.remote_addr not in utils.GetIpWhitelist(): self.response.set_status(403) self.response.write('Permission denied') return # Get parameters. parameters = ( ('builder_name', str), ('change', lambda x: change_module.Change.FromDict(json.loads(x))), ('isolate_server', str), ('isolate_map', json.loads), ) try: # pylint: disable=unbalanced-tuple-unpacking builder_name, change, isolate_server, isolate_map = ( self._ValidateParameters(parameters)) except (KeyError, TypeError, ValueError) as e: self.response.set_status(400) self.response.write(e) return # Put information into the datastore. isolate_infos = {(builder_name, change, target, isolate_hash) for target, isolate_hash in isolate_map.iteritems()} isolate.Put(isolate_server, isolate_infos)
def post(self): """Add new isolated information. Args: builder_name: The name of the builder that produced the isolated. git_hash: The git hash of the commit the isolated is for. If the isolated is for a DEPS roll, it's the git hash of the commit inside the roll. isolated_map: A JSON dict mapping the target names to the isolated hashes. """ # Check permissions. if self.request.remote_addr not in utils.GetIpWhitelist(): self.response.set_status(403) self.response.write('Permission denied') return # Get parameters. required_parameters = ('builder_name', 'git_hash', 'isolated_map') for given_parameter in self.request.POST: if given_parameter not in required_parameters: self.response.set_status(400) self.response.write('Unknown parameter: %s' % given_parameter) return for required_parameter in required_parameters: if required_parameter not in self.request.POST: self.response.set_status(400) self.response.write('Missing parameter: %s' % required_parameter) return if not self.request.get(required_parameter): self.response.set_status(400) self.response.write('Empty parameter: %s' % required_parameter) return builder_name = self.request.get('builder_name') git_hash = self.request.get('git_hash') isolated_map = self.request.get('isolated_map') # Validate parameters. try: isolated_map = json.loads(isolated_map) except ValueError: self.response.set_status(400) self.response.write('isolated_map is not valid JSON: %s' % isolated_map) return # Put information into the datastore. isolated_infos = { (builder_name, git_hash, target, isolated_hash) for target, isolated_hash in isolated_map.iteritems() } isolated.Put(isolated_infos)
def _CheckIpAgainstWhitelist(self): """Checks the remote address of the request against the IP whitelist. Returns: True if whitelisted, False otherwise. """ whitelist = utils.GetIpWhitelist() if not whitelist or self.request.remote_addr in whitelist: return True # Try to log some info about the post data that is not whitelisted. # This could be totally bogus data, so ignore huge postdata and swallow # exceptions. try: data_param = self.request.get('data') if data_param and len(data_param) < 10000: # Log the start of the data; it may give clues about who is sending # the data and who to contact. logging.warn('Received data: %s...', data_param[:200]) except Exception: # pylint: disable=broad-except pass return False
def _IsServicingPrivilegedRequest(): """Checks whether the request is considered privileged.""" try: request = webapp2.get_request() except AssertionError: # This happens in unit tests, when code gets called outside of a request. return False path = getattr(request, 'path', '') if path.startswith('/mapreduce'): return True if path.startswith('/_ah/queue/deferred'): return True if path.startswith('/_ah/pipeline/'): return True if request.registry.get('privileged', False): return True if request.registry.get('single_privileged', False): request.registry['single_privileged'] = False return True whitelist = utils.GetIpWhitelist() if whitelist and hasattr(request, 'remote_addr'): return request.remote_addr in whitelist return False
def _CheckUser(self): # TODO: Remove when all Pinpoint builders are migrated to LUCI. if self.request.remote_addr in utils.GetIpWhitelist(): return self._CheckIsInternalUser()
def UnprivilegedPost(self): # Fall back to ip whitelisting if self.request.remote_addr not in utils.GetIpWhitelist(): raise api_request_handler.ForbiddenError() self.PrivilegedPost()