from django.conf.urls import url from corehq.apps.data_dictionary.views import ( DataDictionaryView, ExportDataDictionaryView, UploadDataDictionaryView, data_dictionary_json, generate_data_dictionary, update_case_property, update_case_property_description, ) from corehq.apps.hqwebapp.decorators import waf_allow urlpatterns = [ url(r"^generate/$", generate_data_dictionary, name='generate_data_dictionary'), url(r"^json/$", data_dictionary_json, name='data_dictionary_json'), url(r"^json/?(?P<case_type_name>\w+)/?$", data_dictionary_json, name='case_type_dictionary_json'), url(r"^update_case_property/$", update_case_property, name='update_case_property'), url(r"^update_case_property_description/$", update_case_property_description, name='update_property_description'), url(r"^export/$", ExportDataDictionaryView.as_view(), name=ExportDataDictionaryView.urlname), url(r"^$", DataDictionaryView.as_view(), name=DataDictionaryView.urlname), url(r"^import$", waf_allow('XSS_BODY')(UploadDataDictionaryView.as_view()), name=UploadDataDictionaryView.urlname), ]
DataDictionaryView, ExportDataDictionaryView, UploadDataDictionaryView, data_dictionary_json, generate_data_dictionary, update_case_property, update_case_property_description, ) from corehq.apps.hqwebapp.decorators import waf_allow urlpatterns = [ url(r"^generate/$", generate_data_dictionary), url(r"^json/$", data_dictionary_json, name='data_dictionary_json'), url(r"^json/?(?P<case_type_name>\w+)/?$", data_dictionary_json, name='case_type_dictionary_json'), url(r"^update_case_property/$", update_case_property, name='update_case_property'), url(r"^update_case_property_description/$", update_case_property_description, name='update_property_description'), url(r"^export/$", ExportDataDictionaryView.as_view(), name=ExportDataDictionaryView.urlname), url(r"^$", DataDictionaryView.as_view(), name=DataDictionaryView.urlname), url(r"^import$", waf_allow('XSS_BODY')(UploadDataDictionaryView.as_view()), name=UploadDataDictionaryView.urlname), ]
from django.conf.urls import url from corehq.apps.hqwebapp.decorators import waf_allow from corehq.messaging.smsbackends.trumpia.views import TrumpiaIncomingView urlpatterns = [ url(r'^sms/(?P<api_key>[\w-]+)/?$', waf_allow('XSS_QUERYSTRING')(TrumpiaIncomingView.as_view()), name=TrumpiaIncomingView.urlname), ]
url(r'^view/(?P<app_id>[\w-]+)/modules-(?P<module_id>[\w-]+)/forms-(?P<form_id>[\w-]+)/context/$', form_context, name='cloudcare_form_context'), url(r'^v2/$', FormplayerMain.as_view(), name=FormplayerMain.urlname), url(r'^v2/preview/$', FormplayerMainPreview.as_view(), name=FormplayerMainPreview.urlname), url( r'^v2/preview/(?P<app_id>[\w-]+)/$', FormplayerPreviewSingleApp.as_view(), name=FormplayerPreviewSingleApp.urlname, ), url(r'^preview_app/(?P<app_id>[\w-]+)/$', PreviewAppView.as_view(), name=PreviewAppView.urlname), url(r'^report_formplayer_error', report_formplayer_error, name='report_formplayer_error'), ] api_urls = [ url(r'^login_as/users/$', LoginAsUsers.as_view(), name=LoginAsUsers.urlname), url(r'^readable_questions/$', waf_allow('XSS_BODY')(ReadableQuestions.as_view()), name=ReadableQuestions.urlname), ] # used in settings urls settings_urls = [ url(r'^app/', EditCloudcareUserPermissionsView.as_view(), name=EditCloudcareUserPermissionsView.urlname), ] urlpatterns = [ url(r'^$', default, name='cloudcare_default'), url(r'^apps/', include(app_urls)), url(r'^api/', include(api_urls)), ] # This isn't strictly the appropriate place to put this,
download_file, download_item_lists, fixture_api_upload_status, fixture_metadata, fixture_upload_job_poll, update_tables, upload_fixture_api, ) from corehq.apps.hqwebapp.decorators import waf_allow urlpatterns = [ url(r'^fixapi/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', fixture_api_upload_status, name='fixture_api_status'), url(r'^fixapi/', upload_fixture_api), url(r'^metadata/$', fixture_metadata, name='fixture_metadata'), url(r'^$', RedirectView.as_view(url='edit_lookup_tables', permanent=True), name='edit_lookup_tables'), FixtureInterfaceDispatcher.url_pattern(), url(r'^edit_lookup_tables/download/$', download_item_lists, name="download_fixtures"), url(r'^edit_lookup_tables/upload/$', waf_allow('XSS_BODY')(UploadItemLists.as_view()), name='upload_fixtures'), url(r'^edit_lookup_tables/file/$', download_file, name="download_fixture_file"), url(r'^edit_lookup_tables/update-tables/(?P<data_type_id>[\w-]+)?$', update_tables, name='update_lookup_tables'), # upload status url(r'^upload/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', FixtureUploadStatusView.as_view(), name=FixtureUploadStatusView.urlname), url(r'^upload/status/poll/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', fixture_upload_job_poll, name='fixture_upload_job_poll'), ]
url(r'^send_test_scheduled_report/(?P<scheduled_report_id>[\w-]+)/$', send_test_scheduled_report, name='send_test_scheduled_report'), url(r'^view_scheduled_report/(?P<scheduled_report_id>[\w_]+)/$', view_scheduled_report, name='view_scheduled_report'), # V2 Reports url(r'^v2/', include('corehq.apps.reports.v2.urls')), url(r'^tableau/(?P<viz_id>[\d]+)/$', TableauView.as_view(), name=TableauView.urlname), # Internal Use url(r'^reprocess_error_form/$', ReprocessXFormErrorView.as_view(), name=ReprocessXFormErrorView.urlname), url(r'^custom/', include(custom_report_urls)), url(r'^filters/', include(filter_urls)), ProjectReportDispatcher.url_pattern(), url(r'^user_management/', include(user_management_urls)), url(r'^release_management/', include(release_management_urls)), ] # Exporting Case List Explorer reports with the word " on*" at the end of the search query # get filtered by the WAF waf_allow( "XSS_BODY", hard_code_pattern= r'^/a/([\w\.:-]+)/reports/export/(case_list_explorer|duplicate_cases)/$')
accounting.BillingAccountResource, accounting.SubscriptionResource, accounting.InvoiceResource, accounting.CustomerInvoiceResource, accounting.LineItemResource, accounting.PaymentMethodResource, accounting.BillingContactInfoResource, accounting.PaymentRecordResource, accounting.CreditLineResource, accounting.CreditAdjustmentResource, accounting.SubscriptionAndAdjustmentResource, accounting.BillingRecordResource, MaltResource, GIRResource, ) USER_API_LIST = (UserDomainsResource, ) def api_url_patterns(): api = CommCareHqApi(api_name='global') for resource in ADMIN_API_LIST + USER_API_LIST: api.register(resource()) yield url(r'^', include(api.urls)) admin_urlpatterns = list(api_url_patterns()) waf_allow('XSS_BODY', hard_code_pattern=r'^/a/([\w\.:-]+)/api/v([\d\.]+)/form/$')
from corehq.apps.hqwebapp.decorators import waf_allow urlpatterns = [ url(r'^fixapi/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', fixture_api_upload_status, name='fixture_api_status'), url(r'^fixapi/', upload_fixture_api), url(r'^metadata/$', fixture_metadata, name='fixture_metadata'), url(r'^$', RedirectView.as_view(url='edit_lookup_tables', permanent=True), name='edit_lookup_tables'), FixtureInterfaceDispatcher.url_pattern(), url(r'^edit_lookup_tables/download/$', download_item_lists, name="download_fixtures"), url(r'^edit_lookup_tables/upload/$', waf_allow('XSS_BODY')(UploadItemLists.as_view()), name='upload_fixtures'), url(r'^edit_lookup_tables/update-tables/(?P<data_type_id>[\w-]+)?$', update_tables, name='update_lookup_tables'), # upload status url(r'^upload/status/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', FixtureUploadStatusView.as_view(), name=FixtureUploadStatusView.urlname), url(r'^upload/status/poll/(?P<download_id>(?:dl-)?[0-9a-fA-Z]{25,32})/$', fixture_upload_job_poll, name='fixture_upload_job_poll'), ]
DeIdDashboardFeedListView.as_view(), name=DeIdDashboardFeedListView.urlname), url(r"^custom/case/$", CaseExportListView.as_view(), name=CaseExportListView.urlname), url(r"^custom/daily_saved/$", DailySavedExportListView.as_view(), name=DailySavedExportListView.urlname), url(r"^custom/dashboard_feed/$", DashboardFeedListView.as_view(), name=DashboardFeedListView.urlname), url(r"^custom/odata_feed/$", ODataFeedListView.as_view(), name=ODataFeedListView.urlname), url(r"^custom/download_data_files/$", waf_allow('XSS_BODY')(DataFileDownloadList.as_view()), name=DataFileDownloadList.urlname), url(r"^custom/download_data_files/(?P<pk>[\w\-]+)/(?P<filename>.*)$", DataFileDownloadDetail.as_view(), name=DataFileDownloadDetail.urlname), url(r"^custom/inc_export/$", IncrementalExportView.as_view(), name=IncrementalExportView.urlname), url(r"^custom/inc_export_file/(?P<checkpoint_id>[\w\-]+)$", incremental_export_checkpoint_file, name='incremental_export_checkpoint_file'), url(r"^custom/inc_export_reset/(?P<checkpoint_id>[\w\-]+)$", incremental_export_reset_checkpoint, name='incremental_export_reset_checkpoint'), url(r"^custom/inc_export_resend_all/(?P<incremental_export_id>[\w\-]+)$", incremental_export_resend_all,
from django.conf.urls import re_path as url from corehq.apps.hqwebapp.decorators import waf_allow from corehq.motech.dhis2.views import ( DataSetMapCreateView, DataSetMapListView, DataSetMapUpdateView, DataSetMapJsonCreateView, DataSetMapJsonEditView, send_dataset_now, ) urlpatterns = [ url(r'^map/$', DataSetMapListView.as_view(), name=DataSetMapListView.urlname), url(r'^map/json/add/$', DataSetMapJsonCreateView.as_view(), name=DataSetMapJsonCreateView.urlname), url(r'^map/json/(?P<pk>\w+)/$', DataSetMapJsonEditView.as_view(), name=DataSetMapJsonEditView.urlname), url(r'^map/add/$', DataSetMapCreateView.as_view(), name=DataSetMapCreateView.urlname), url(r'^map/(?P<pk>\w+)/$', waf_allow('XSS_BODY')(DataSetMapUpdateView.as_view()), name=DataSetMapUpdateView.urlname), url(r'^send/(?P<pk>[\w-]+)/$', send_dataset_now, name='send_dataset_now'), ]
from django.conf.urls import re_path as url from corehq.apps.hqwebapp.decorators import waf_allow from corehq.messaging.smsbackends.trumpia.views import TrumpiaIncomingView urlpatterns = [ url(r'^sms/(?P<api_key>[\w-]+)/?$', waf_allow('XSS_QUERYSTRING')(TrumpiaIncomingView.as_view()), name=TrumpiaIncomingView.urlname), ]
name=FormplayerPreviewSingleApp.urlname, ), url(r'^preview_app/(?P<app_id>[\w-]+)/$', PreviewAppView.as_view(), name=PreviewAppView.urlname), url(r'^report_formplayer_error', report_formplayer_error, name='report_formplayer_error') ] api_urls = [ url(r'^login_as/users/$', LoginAsUsers.as_view(), name=LoginAsUsers.urlname), url(r'^readable_questions/$', waf_allow('XSS_BODY')(ReadableQuestions.as_view()), name=ReadableQuestions.urlname), ] # used in settings urls settings_urls = [ url(r'^app/', EditCloudcareUserPermissionsView.as_view(), name=EditCloudcareUserPermissionsView.urlname), ] urlpatterns = [ url(r'^$', default, name='cloudcare_default'), url(r'^apps/', include(app_urls)), url(r'^api/', include(api_urls)), ]
from django.conf.urls import include, re_path as url from corehq.apps.hqwebapp.decorators import waf_allow from .models import GrapevineResource gvi_resource = GrapevineResource() urlpatterns = [ url(r'^api/', include(gvi_resource.urls)), ] waf_allow('XSS_BODY', hard_code_pattern=r'^/gvi/api/sms/$')
urlpatterns = [ url(r'^file/(?P<media_type>[\w\-]+)/(?P<doc_id>[\w\-]+)/(.+)?$', ViewMultimediaFile.as_view(), name=ViewMultimediaFile.urlname), url(r'^upload_status/$', MultimediaUploadStatusView.as_view(), name=MultimediaUploadStatusView.urlname) ] application_urls = [ url(r'^upload/$', BulkUploadMultimediaView.as_view(), name=BulkUploadMultimediaView.urlname), url(r'^paths/$', ManageMultimediaPathsView.as_view(), name=ManageMultimediaPathsView.urlname), url(r'^paths/download/$', download_multimedia_paths, name='download_multimedia_paths'), url(r'^audio_translator_file/$', MultimediaAudioTranslatorFileView.as_view(), name=MultimediaAudioTranslatorFileView.urlname), url(r'^translations/$', MultimediaTranslationsCoverageView.as_view(), name=MultimediaTranslationsCoverageView.urlname), url(r'^uploaded/bulk/$', ProcessBulkUploadView.as_view(), name=ProcessBulkUploadView.urlname), url(r'^uploaded/image/$', waf_allow('XSS_BODY')(ProcessImageFileUploadView.as_view()), name=ProcessImageFileUploadView.urlname), url(r'^uploaded/app_logo/(?P<logo_name>[\w\-]+)/$', waf_allow('XSS_BODY')(ProcessLogoFileUploadView.as_view()), name=ProcessLogoFileUploadView.urlname), url(r'^uploaded/audio/$', waf_allow('XSS_BODY')(ProcessAudioFileUploadView.as_view()), name=ProcessAudioFileUploadView.urlname), url(r'^uploaded/video/$', waf_allow('XSS_BODY')(ProcessVideoFileUploadView.as_view()), name=ProcessVideoFileUploadView.urlname), url(r'^uploaded/text/$', ProcessTextFileUploadView.as_view(), name=ProcessTextFileUploadView.urlname), url(r'^uploaded/detail_print/(?P<module_unique_id>[\w-]+)/$', ProcessDetailPrintTemplateUploadView.as_view(), name=ProcessDetailPrintTemplateUploadView.urlname), url(r'^remove_logo/$', RemoveLogoView.as_view(), name=RemoveLogoView.urlname), url(r'^remove_print_template/$', RemoveDetailPrintTemplateView.as_view(), name=RemoveDetailPrintTemplateView.urlname), url(r'^map/$', MultimediaReferencesView.as_view(), name=MultimediaReferencesView.urlname),
ManageMultimediaPathsView.as_view(), name=ManageMultimediaPathsView.urlname), url(r'^paths/download/$', download_multimedia_paths, name='download_multimedia_paths'), url(r'^audio_translator_file/$', MultimediaAudioTranslatorFileView.as_view(), name=MultimediaAudioTranslatorFileView.urlname), url(r'^translations/$', MultimediaTranslationsCoverageView.as_view(), name=MultimediaTranslationsCoverageView.urlname), url(r'^uploaded/bulk/$', ProcessBulkUploadView.as_view(), name=ProcessBulkUploadView.urlname), url(r'^uploaded/image/$', waf_allow('XSS_BODY')(ProcessImageFileUploadView.as_view()), name=ProcessImageFileUploadView.urlname), url(r'^uploaded/app_logo/(?P<logo_name>[\w\-]+)/$', waf_allow('XSS_BODY')(ProcessLogoFileUploadView.as_view()), name=ProcessLogoFileUploadView.urlname), url(r'^uploaded/audio/$', ProcessAudioFileUploadView.as_view(), name=ProcessAudioFileUploadView.urlname), url(r'^uploaded/video/$', ProcessVideoFileUploadView.as_view(), name=ProcessVideoFileUploadView.urlname), url(r'^uploaded/text/$', ProcessTextFileUploadView.as_view(), name=ProcessTextFileUploadView.urlname), url(r'^uploaded/detail_print/(?P<module_unique_id>[\w-]+)/$', ProcessDetailPrintTemplateUploadView.as_view(),