def MakeSecrets(): """Make a new Secrets model with random values for keys.""" secrets = Secrets(id=GLOBAL_KEY) secrets.xsrf_key = framework_helpers.MakeRandomKey() secrets.email_key = framework_helpers.MakeRandomKey() # Note that recaptcha keys are not generated. An admin # will need to set them via the Google Cloud Console. return secrets
def get(self, **kwargs): """Collect page-specific and generic info, then render the page. Args: Any path components parsed by webapp2 will be in kwargs, but we do our own parsing later anyway, so igore them for now. """ page_data = {} nonce = framework_helpers.MakeRandomKey(length=NONCE_LENGTH) try: csp_header = 'Content-Security-Policy' csp_scheme = 'https:' if settings.local_mode: csp_header = 'Content-Security-Policy-Report-Only' csp_scheme = 'http:' user_agent_str = self.mr.request.headers.get('User-Agent', '') ua = httpagentparser.detect(user_agent_str) browser, browser_major_version = 'Unknown browser', 0 if ua.has_key('browser'): browser = ua['browser']['name'] try: browser_major_version = int( ua['browser']['version'].split('.')[0]) except ValueError: logging.warn('Could not parse version: %r', ua['browser']['version']) csp_supports_report_sample = ( (browser == 'Chrome' and browser_major_version >= 59) or (browser == 'Opera' and browser_major_version >= 46)) version_base = _VersionBaseURL(self.mr.request) self.response.headers.add( csp_header, ( "default-src %(scheme)s ; " "script-src" " %(rep_samp)s" # Report 40 chars of any inline violation. " 'unsafe-inline'" # Only counts in browsers that lack CSP2. " 'strict-dynamic'" # Allows <script nonce> to load more. " %(version_base)s/static/dist/" " 'self' 'nonce-%(nonce)s'; " "child-src 'none'; " "frame-src accounts.google.com" # Both used by gapi.js auth. " content-issuetracker.corp.googleapis.com; " "img-src %(scheme)s data: blob: ; " "style-src %(scheme)s 'unsafe-inline'; " "object-src 'none'; " "base-uri 'none'; " "report-uri /csp.do" % { 'nonce': nonce, 'scheme': csp_scheme, 'rep_samp': "'report-sample'" if csp_supports_report_sample else '', 'version_base': version_base, })) page_data.update(self._GatherFlagData(self.mr)) # Page-specific work happens in this call. page_data.update(self._DoPageProcessing(self.mr, nonce)) self._AddHelpDebugPageData(page_data) with self.mr.profiler.Phase('rendering template'): self._RenderResponse(page_data) except (MethodNotSupportedError, NotImplementedError) as e: # Instead of these pages throwing 500s display the 404 message and log. # The motivation of this is to minimize 500s on the site to keep alerts # meaningful during fuzzing. For more context see # https://bugs.chromium.org/p/monorail/issues/detail?id=659 logging.warning('Trapped NotImplementedError %s', e) self.abort(404, 'invalid page') except query2ast.InvalidQueryError as e: logging.warning('Trapped InvalidQueryError: %s', e) logging.exception(e) msg = e.message if e.message else 'invalid query' self.abort(400, msg) except permissions.PermissionException as e: logging.warning('Trapped PermissionException %s', e) logging.warning('mr.auth.user_id is %s', self.mr.auth.user_id) logging.warning('mr.auth.effective_ids is %s', self.mr.auth.effective_ids) logging.warning('mr.perms is %s', self.mr.perms) if not self.mr.auth.user_id: # If not logged in, let them log in url = _SafeCreateLoginURL(self.mr) self.redirect(url, abort=True) else: # Display the missing permissions template. page_data = { 'reason': e.message, 'http_response_code': httplib.FORBIDDEN, } with self.mr.profiler.Phase('gather base data'): page_data.update(self.GatherBaseData(self.mr, nonce)) self._AddHelpDebugPageData(page_data) self._missing_permissions_template.WriteResponse( self.response, page_data, content_type=self.content_type)
def testMakeRandomKey_Length(self): key = framework_helpers.MakeRandomKey() self.assertEqual(128, len(key)) key16 = framework_helpers.MakeRandomKey(length=16) self.assertEqual(16, len(key16))
def testMakeRandomKey_Chars(self): key = framework_helpers.MakeRandomKey(chars='a', length=4) self.assertEqual('aaaa', key)
def testMakeRandomKey_Normal(self): key1 = framework_helpers.MakeRandomKey() key2 = framework_helpers.MakeRandomKey() self.assertEqual(128, len(key1)) self.assertEqual(128, len(key2)) self.assertNotEqual(key1, key2)