def test_password_hiding(self):
"""errorlib - hide password in frame analysis"""
try:
password = '******'
int('foo')
except:
output = get_pretty_traceback(exc_info=sys.exc_info(), force_stack=True)
self.failIf(password in output, output)
self.failUnless('<*****>' in output, output)
def test_nested_password_hiding(self):
"""errorlib - hide password nested in dictionary in frame analysis"""
try:
foo = {'bar': 'baz', 'qoox': {'blibpwdblob': '1234'}}
int(foo)
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf('1234' in output, output)
self.failUnless('<*****>' in output, output)
def test_password_hiding(self):
"""errorlib - hide password in frame analysis"""
try:
password = '******'
int('foo')
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf(password in output, output)
self.failUnless('<*****>' in output, output)
def test_password_hiding(self):
"""errorlib - hide password in frame analysis"""
try:
password = "******"
int("foo")
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf(password in output, output)
self.failUnless("<*****>" in output, output)
def test_nested_password_hiding(self):
"""errorlib - hide password nested in dictionary in frame analysis"""
try:
foo = {"bar": "baz", "qoox": {"blibpwdblob": "1234"}}
int(foo)
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf("1234" in output, output)
self.failUnless("<*****>" in output, output)
def application(environ, start_response):
"""
Entry point for wsgi.
"""
## Needed for mod_wsgi, see: <http://code.google.com/p/modwsgi/wiki/ApplicationIssues>
req = SimulatedModPythonRequest(environ, start_response)
#print 'Starting mod_python simulation'
try:
try:
possible_module, possible_handler = is_mp_legacy_publisher_path(
environ['PATH_INFO'])
if possible_module is not None:
mp_legacy_publisher(req, possible_module, possible_handler)
elif CFG_WSGI_SERVE_STATIC_FILES:
possible_static_path = is_static_path(environ['PATH_INFO'])
if possible_static_path is not None:
from invenio.bibdocfile import stream_file
stream_file(req, possible_static_path)
else:
ret = invenio_handler(req)
else:
ret = invenio_handler(req)
req.flush()
except SERVER_RETURN, status:
status = int(str(status))
if status not in (OK, DONE):
req.status = status
req.headers_out['content-type'] = 'text/html'
admin_to_be_alerted = alert_admin_for_server_status_p(
status, req.headers_in.get('referer'))
if admin_to_be_alerted:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
start_response(req.get_wsgi_status(),
req.get_low_level_headers(), sys.exc_info())
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(),
req.get_low_level_headers(), sys.exc_info())
if CFG_DEVEL_SITE:
return [
"<pre>%s</pre>" % cgi.escape(
get_pretty_traceback(req=req,
exc_info=sys.exc_info()))
]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
def test_dbquery_password_hiding(self):
"""errorlib - hide dbquery password in frame analysis"""
from invenio.dbquery import connect
kwargs = {'host': 'foo', 'port': 999, 'db': 'baz', 'user': '******', 'passwd': '123', 'use_unicode': False, 'charset': 'utf8'}
try:
connect(**kwargs)
except:
output = get_pretty_traceback(exc_info=sys.exc_info(), force_stack=True)
self.failIf('123' in output, output)
self.failUnless('<*****>' in output, output)
def test_nested_password_hiding(self):
"""errorlib - hide password nested in dictionary in frame analysis"""
try:
foo = {'bar': 'baz', 'qoox': {'blibpwdblob': '1234'}}
int(foo)
except:
output = get_pretty_traceback(
exc_info=sys.exc_info(), force_stack=True)
self.failIf('1234' in output, output)
self.failUnless('<*****>' in output, output)
def application(environ, start_response):
"""
Entry point for wsgi.
"""
## Needed for mod_wsgi, see: <http://code.google.com/p/modwsgi/wiki/ApplicationIssues>
req = SimulatedModPythonRequest(environ, start_response)
#print 'Starting mod_python simulation'
try:
try:
possible_module, possible_handler = is_mp_legacy_publisher_path(environ['PATH_INFO'])
if possible_module is not None:
mp_legacy_publisher(req, possible_module, possible_handler)
elif CFG_WSGI_SERVE_STATIC_FILES:
possible_static_path = is_static_path(environ['PATH_INFO'])
if possible_static_path is not None:
from invenio.bibdocfile import stream_file
stream_file(req, possible_static_path)
else:
ret = invenio_handler(req)
else:
ret = invenio_handler(req)
req.flush()
except SERVER_RETURN, status:
status = int(str(status))
if status not in (OK, DONE):
req.status = status
req.headers_out['content-type'] = 'text/html'
admin_to_be_alerted = alert_admin_for_server_status_p(status,
req.headers_in.get('referer'))
if admin_to_be_alerted:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
if CFG_DEVEL_SITE:
return ["<pre>%s</pre>" % cgi.escape(get_pretty_traceback(req=req, exc_info=sys.exc_info()))]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
def test_dbquery_password_hiding(self):
"""errorlib - hide dbquery password in frame analysis"""
from invenio.dbquery import connect
kwargs = {
'host': 'foo',
'port': 999,
'db': 'baz',
'user': '******',
'passwd': '123',
'use_unicode': False,
'charset': 'utf8'
}
try:
connect(**kwargs)
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf('123' in output, output)
self.failUnless('<*****>' in output, output)
def test_dbquery_password_hiding(self):
"""errorlib - hide dbquery password in frame analysis"""
from invenio.dbquery import connect
kwargs = {
"host": "foo",
"port": 999,
"db": "baz",
"user": "******",
"passwd": "123",
"use_unicode": False,
"charset": "utf8",
}
try:
connect(**kwargs)
except:
output = get_pretty_traceback(exc_info=sys.exc_info())
self.failIf("123" in output, output)
self.failUnless("<*****>" in output, output)
def application(environ, start_response):
"""
Entry point for wsgi.
"""
## Needed for mod_wsgi, see: <http://code.google.com/p/modwsgi/wiki/ApplicationIssues>
req = SimulatedModPythonRequest(environ, start_response)
#print 'Starting mod_python simulation'
try:
try:
if (CFG_FULL_HTTPS or (CFG_HAS_HTTPS_SUPPORT and get_session(req).need_https)) and not req.is_https():
# We need to isolate the part of the URI that is after
# CFG_SITE_URL, and append that to our CFG_SITE_SECURE_URL.
original_parts = urlparse(req.unparsed_uri)
plain_prefix_parts = urlparse(CFG_SITE_URL)
secure_prefix_parts = urlparse(CFG_SITE_SECURE_URL)
# Compute the new path
plain_path = original_parts[2]
plain_path = secure_prefix_parts[2] + \
plain_path[len(plain_prefix_parts[2]):]
# ...and recompose the complete URL
final_parts = list(secure_prefix_parts)
final_parts[2] = plain_path
final_parts[-3:] = original_parts[-3:]
target = urlunparse(final_parts)
redirect_to_url(req, target)
possible_module, possible_handler = is_mp_legacy_publisher_path(environ['PATH_INFO'])
if possible_module is not None:
mp_legacy_publisher(req, possible_module, possible_handler)
elif CFG_WSGI_SERVE_STATIC_FILES:
possible_static_path = is_static_path(environ['PATH_INFO'])
if possible_static_path is not None:
from invenio.bibdocfile import stream_file
stream_file(req, possible_static_path)
else:
ret = invenio_handler(req)
else:
ret = invenio_handler(req)
req.flush()
except SERVER_RETURN, status:
status = int(str(status))
if status not in (OK, DONE):
req.status = status
req.headers_out['content-type'] = 'text/html'
admin_to_be_alerted = alert_admin_for_server_status_p(status,
req.headers_in.get('referer'))
if admin_to_be_alerted:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
if CFG_DEVEL_SITE:
return ["<pre>%s</pre>" % cgi.escape(get_pretty_traceback(req=req, exc_info=sys.exc_info()))]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
def application(environ, start_response):
"""
Entry point for wsgi.
"""
## Needed for mod_wsgi, see: <http://code.google.com/p/modwsgi/wiki/ApplicationIssues>
req = SimulatedModPythonRequest(environ, start_response)
#print 'Starting mod_python simulation'
try:
try:
if (CFG_FULL_HTTPS or (CFG_HAS_HTTPS_SUPPORT and get_session(req).need_https)) and not req.is_https():
# We need to isolate the part of the URI that is after
# CFG_SITE_URL, and append that to our CFG_SITE_SECURE_URL.
original_parts = urlparse(req.unparsed_uri)
plain_prefix_parts = urlparse(CFG_SITE_URL)
secure_prefix_parts = urlparse(CFG_SITE_SECURE_URL)
# Compute the new path
plain_path = original_parts[2]
plain_path = secure_prefix_parts[2] + \
plain_path[len(plain_prefix_parts[2]):]
# ...and recompose the complete URL
final_parts = list(secure_prefix_parts)
final_parts[2] = plain_path
final_parts[-3:] = original_parts[-3:]
target = urlunparse(final_parts)
redirect_to_url(req, target)
possible_module, possible_handler = is_mp_legacy_publisher_path(environ['PATH_INFO'])
if possible_module is not None:
mp_legacy_publisher(req, possible_module, possible_handler)
elif CFG_WSGI_SERVE_STATIC_FILES:
possible_static_path = is_static_path(environ['PATH_INFO'])
if possible_static_path is not None:
from invenio.bibdocfile import stream_file
stream_file(req, possible_static_path)
else:
ret = invenio_handler(req)
else:
ret = invenio_handler(req)
req.flush()
except SERVER_RETURN, status:
status = int(str(status))
if status not in (OK, DONE):
req.status = status
req.headers_out['content-type'] = 'text/html'
admin_to_be_alerted = alert_admin_for_server_status_p(status,
req.headers_in.get('referer'))
if admin_to_be_alerted:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
if CFG_DEVEL_SITE:
return ["<pre>%s</pre>" % cgi.escape(get_pretty_traceback(req=req, exc_info=sys.exc_info()))]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except ClientDisconnected:
pass
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(), req.get_low_level_headers(),
sys.exc_info())
if CFG_DEVEL_SITE:
return [
"<pre>%s</pre>" % cgi.escape(
get_pretty_traceback(req=req, exc_info=sys.exc_info()))
]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
finally:
try:
## Let's save the session.
session = get_session(req)
try:
if req.is_https() or not session.need_https:
## We save the session only if it's safe to do it, i.e.
## if we well had a valid session.
session.dirty = True
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
return generate_error_page(req, admin_to_be_alerted)
else:
req.flush()
except ClientDisconnected:
pass
except:
register_exception(req=req, alert_admin=True)
if not req.response_sent_p:
req.status = HTTP_INTERNAL_SERVER_ERROR
req.headers_out['content-type'] = 'text/html'
start_response(req.get_wsgi_status(), req.get_low_level_headers(), sys.exc_info())
if CFG_DEVEL_SITE:
return ["<pre>%s</pre>" % cgi.escape(get_pretty_traceback(req=req, exc_info=sys.exc_info()))]
from cgitb import html
return [html(sys.exc_info())]
return generate_error_page(req)
else:
return generate_error_page(req, page_already_started=True)
finally:
try:
## Let's save the session.
session = get_session(req)
try:
if req.is_https() or not session.need_https:
## We save the session only if it's safe to do it, i.e.
## if we well had a valid session.
session.dirty = True
session.save()