def __init__(self, codecs=None): """ Instantiates a new DefaultEncoder. @param codecs: : a list of codec instances to use for canonicalization """ Encoder.__init__(self) self.html_codec = HTMLEntityCodec() self.percent_codec = PercentCodec() self.javascript_codec = JavascriptCodec() self.vbscript_codec = VBScriptCodec() self.css_codec = CSSCodec() self.ldap_codec = LDAPCodec() self.ldap_dn_codec = LDAPDNCodec() self.logger = ESAPI.logger("Encoder") # Used for canonicalization self.codecs = [] if codecs is None: self.codecs.append(self.html_codec) self.codecs.append(self.percent_codec) self.codecs.append(self.javascript_codec) # Leaving out css_codec because it eats / characters # Leaving out vbscript_codec because it eats " characters else: for codec in codecs: if not isinstance(codec, Codec): raise TypeError( _("Codecs in list must be instances of children of Codec" )) self.codecs.append(codec)
def __init__(self): Encryptor.__init__(self) self.logger = ESAPI.logger("DefaultEncryptor") # Hashing self.hash_algorithm = ESAPI.security_configuration().get_hash_algorithm() self.hash_iterations = ESAPI.security_configuration().get_hash_iterations() # Encryption self.encrypt_algorithm = ESAPI.security_configuration().get_encryption_algorithm() if self.encrypt_algorithm not in self.VALID_ENCRYPTION_ALGOS: raise EncryptionException( _("Encryption Failure - Unknown algorithm for encryption: %(algorithm)s") % {'algorithm' : self.encrypt_algorithm} ) self.encryption_key_length = ESAPI.security_configuration().get_encryption_key_length() self.master_salt = ESAPI.security_configuration().get_master_salt() # Public key crypto self.signing_algorithm = ESAPI.security_configuration().get_digital_signature_algorithm() if self.signing_algorithm not in self.VALID_SIGNING_ALGOS: raise EncryptionException( _("Failure to encrypt"), _("Encryption Failure - Unknown algorithm for signing: %(algorithm)s") % {'algorithm' : self.signing_algorithm} ) self.signing_key_length = ESAPI.security_configuration().get_digital_signature_key_length() # Key locations self.keys_location = os.path.realpath(ESAPI.security_configuration().get_encryption_keys_location()) + '/' self.keys_symmetric_location = self.keys_location + "symmetric" self.keys_asymmetric_private_location = self.keys_location + "asymmetric-private" self.keys_asymmetric_public_location = self.keys_location + "asymmetric-public"
def __init__(self): self.url_map = {} self.function_map = {} self.data_map = {} self.file_map = {} self.service_map = {} self.deny = Rule() self.logger = ESAPI.logger("AccessController")
def __init__(self): self.logger = ESAPI.logger("Executor") self.working_dir = ESAPI.security_configuration().get_working_directory() self.max_running_time = ESAPI.security_configuration().get_max_running_time() if os.name == "nt": self.logger.warning( Logger.SECURITY_SUCCESS, _("Using WindowsCodec for Executor. If this is not running on Windows, this could allow for injection"), ) self.codec = WindowsCodec() else: self.logger.warning( Logger.SECURITY_SUCCESS, _("Using UnixCodec for Executor. If this is not running on Unix, this could allow injection"), ) self.codec = UnixCodec()
def __init__(self, user_message, log_message, cause=None): """ Creates a new instance of IntrusionException. @param user_message: the message displayed to the user @param log_message: the message logged @param cause: the Exception that caused this one """ Exception.__init__(self, user_message) self.user_message = user_message self.log_message = log_message self.cause = cause self.logger = ESAPI.logger("IntrusionException") self.logger.error(Logger.SECURITY_FAILURE, _("INTRUSION") + " - " + self.log_message) ESAPI.intrusion_detector().add_exception(self)
def __init__(self): self.logger = ESAPI.logger("Executor") self.working_dir = ESAPI.security_configuration( ).get_working_directory() self.max_running_time = ESAPI.security_configuration( ).get_max_running_time() if os.name == 'nt': self.logger.warning( Logger.SECURITY_SUCCESS, _("Using WindowsCodec for Executor. If this is not running on Windows, this could allow for injection" )) self.codec = WindowsCodec() else: self.logger.warning( Logger.SECURITY_SUCCESS, _("Using UnixCodec for Executor. If this is not running on Unix, this could allow injection" )) self.codec = UnixCodec()
def __init__(self, user_message, log_message, cause=None): """ Creates a new instance of EnterpriseSecurityException. This exception is automatically logged, so that simply by using this API, applications will generate an extensive security log. In addition, this exception is automatically registered with the IntrusionDetector, so that quotas can be checked. @param user_message: the message displayed to the user @param log_message: the message logged @param cause: the Exception that caused this one """ Exception.__init__(self, user_message) self.user_message = user_message self.log_message = log_message self.cause = cause self.logger = ESAPI.logger("EnterpriseSecurityException") # Logging is done in add_exception() ESAPI.intrusion_detector().add_exception(self)
def __init__(self): Encryptor.__init__(self) self.logger = ESAPI.logger("DefaultEncryptor") # Hashing self.hash_algorithm = ESAPI.security_configuration( ).get_hash_algorithm() self.hash_iterations = ESAPI.security_configuration( ).get_hash_iterations() # Encryption self.encrypt_algorithm = ESAPI.security_configuration( ).get_encryption_algorithm() if self.encrypt_algorithm not in self.VALID_ENCRYPTION_ALGOS: raise EncryptionException( _("Encryption Failure - Unknown algorithm for encryption: %(algorithm)s" ) % {'algorithm': self.encrypt_algorithm}) self.encryption_key_length = ESAPI.security_configuration( ).get_encryption_key_length() self.master_salt = ESAPI.security_configuration().get_master_salt() # Public key crypto self.signing_algorithm = ESAPI.security_configuration( ).get_digital_signature_algorithm() if self.signing_algorithm not in self.VALID_SIGNING_ALGOS: raise EncryptionException( _("Failure to encrypt"), _("Encryption Failure - Unknown algorithm for signing: %(algorithm)s" ) % {'algorithm': self.signing_algorithm}) self.signing_key_length = ESAPI.security_configuration( ).get_digital_signature_key_length() # Key locations self.keys_location = os.path.realpath(ESAPI.security_configuration( ).get_encryption_keys_location()) + '/' self.keys_symmetric_location = self.keys_location + "symmetric" self.keys_asymmetric_private_location = self.keys_location + "asymmetric-private" self.keys_asymmetric_public_location = self.keys_location + "asymmetric-public"
def __init__(self, account_name): """ Instantiates a new user. @param account_name: The name of this user's account. """ User.__init__(self) self._account_name = None self._set_account_name(account_name) # Get random numbers until we find an unused account number # WARNING: This could cause in infinite loop if the number of users equals the keyspace of uids. while True: id = ESAPI.randomizer().get_random_integer(1) if id != 0 and not ESAPI.authenticator().exists(account_id=id): self._account_id = id break self.logger = ESAPI.logger("DefaultUser") self._screen_name = None self._csrf_token = self.reset_csrf_token() self._roles = [] self._locked = False self._logged_in = False self._enabled = False self._last_host_address = None self._last_password_change_time = None self._last_login_time = datetime.min self._last_failed_login_time = datetime.min self._expiration_time = datetime.max self._sessions = [] # Security event dictionary, used by the IntrusionDetector self.event_map = {} self._failed_login_count = 0 self._locale = None
def setUp(self): self.test_logger = ESAPI.logger("test" + str(LoggerTest.test_count)) LoggerTest.test_count += 1 print "Test Logger: " + str(self.test_logger)
def __init__(self): self.logger = ESAPI.logger("IntrusionDetector")
def __setstate__(self, state): """ Restore unpickleable instance attributes like logger. """ self.__dict__.update(state) self.logger = ESAPI.logger("DefaultUser")
def __init__(self): self.logger = ESAPI.logger("HTTPUtilities") self.current_request = None self.current_response = None
def __init__(self): Randomizer.__init__(self) self.secure_random = SystemRandom() self.logger = ESAPI.logger("Randomizer")
def test_set_level(self): """ Test of set_level method of the inner class esapi.reference.PythonLogger that is defined in esapi.reference.PythonLogFactory. """ # First, test all the different logging levels self.test_logger.set_level(Logger.ALL) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertTrue(self.test_logger.is_warning_enabled()) self.assertTrue(self.test_logger.is_info_enabled()) self.assertTrue(self.test_logger.is_debug_enabled()) self.assertTrue(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.TRACE) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertTrue(self.test_logger.is_warning_enabled()) self.assertTrue(self.test_logger.is_info_enabled()) self.assertTrue(self.test_logger.is_debug_enabled()) self.assertTrue(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.DEBUG) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertTrue(self.test_logger.is_warning_enabled()) self.assertTrue(self.test_logger.is_info_enabled()) self.assertTrue(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.INFO) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertTrue(self.test_logger.is_warning_enabled()) self.assertTrue(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.WARNING) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertTrue(self.test_logger.is_warning_enabled()) self.assertFalse(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.ERROR) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertTrue(self.test_logger.is_error_enabled()) self.assertFalse(self.test_logger.is_warning_enabled()) self.assertFalse(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.FATAL) self.assertTrue(self.test_logger.is_fatal_enabled()) self.assertFalse(self.test_logger.is_error_enabled()) self.assertFalse(self.test_logger.is_warning_enabled()) self.assertFalse(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.test_logger.set_level(Logger.OFF) self.assertFalse(self.test_logger.is_fatal_enabled()) self.assertFalse(self.test_logger.is_error_enabled()) self.assertFalse(self.test_logger.is_warning_enabled()) self.assertFalse(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) # Now test to see if a change to the logging level in one log affects other logs new_logger = ESAPI.logger("test_num2") self.test_logger.set_level(Logger.OFF) new_logger.set_level(Logger.INFO) self.assertFalse(self.test_logger.is_fatal_enabled()) self.assertFalse(self.test_logger.is_error_enabled()) self.assertFalse(self.test_logger.is_warning_enabled()) self.assertFalse(self.test_logger.is_info_enabled()) self.assertFalse(self.test_logger.is_debug_enabled()) self.assertFalse(self.test_logger.is_trace_enabled()) self.assertTrue(new_logger.is_fatal_enabled()) self.assertTrue(new_logger.is_error_enabled()) self.assertTrue(new_logger.is_warning_enabled()) self.assertTrue(new_logger.is_info_enabled()) self.assertFalse(new_logger.is_debug_enabled()) self.assertFalse(new_logger.is_trace_enabled())