def from_http_request(request, options):
try:
client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
except Exception:
client_token = None
try:
headers = RequestUtils.get_headers_from_request(request.headers, options)
except Exception:
headers = None
if Utils.is_null_or_empty(client_token):
client_token = RequestUtils.get_secure_header_from_request(headers)
return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request, options),
RequestUtils.get_remote_ip_from_request(request), headers, request.url,
request.method, None)
def test_extraction_from_REMOTE_ADDR_header_single_ip(self):
options = SecureNativeOptions()
with requests_mock.Mocker(real_http=True) as request:
request.headers = {"REMOTE_ADDR": "141.246.115.116"}
client_ip = RequestUtils.get_client_ip_from_request(request, options)
self.assertEqual("141.246.115.116", client_ip)
def test_proxy_headers_extraction_from_request_ipv4(self):
options = SecureNativeOptions(proxy_headers=['CF-Connecting-IP'])
with requests_mock.Mocker(real_http=True) as request:
request.headers = {"CF-Connecting-IP": "203.0.113.1"}
client_ip = RequestUtils.get_client_ip_from_request(
request, options)
self.assertEqual("203.0.113.1", client_ip)
def test_extraction_from_X_FORWARDED_FOR_header_multiple_ips(self):
options = SecureNativeOptions()
with requests_mock.Mocker(real_http=True) as request:
request.headers = {
"X_FORWARDED_FOR": "141.246.115.116, 203.0.113.1, 12.34.56.3"
}
client_ip = RequestUtils.get_client_ip_from_request(request, options)
self.assertEqual("141.246.115.116", client_ip)
def test_proxy_headers_extraction_from_request_multiple_ips(self):
options = SecureNativeOptions(proxy_headers=['CF-Connecting-IP'])
with requests_mock.Mocker(real_http=True) as request:
request.headers = {
"CF-Connecting-IP": "141.246.115.116, 203.0.113.1, 12.34.56.3"
}
client_ip = RequestUtils.get_client_ip_from_request(
request, options)
self.assertEqual("141.246.115.116", client_ip)
def test_extraction_priority_without_x_forwarded_for(self):
options = SecureNativeOptions()
with requests_mock.Mocker(real_http=True) as request:
request.headers = {
"x-real-ip": "198.51.100.101",
"x-client-ip": "203.0.113.1, 141.246.115.116, 12.34.56.3"
}
client_ip = RequestUtils.get_client_ip_from_request(request, options)
self.assertEqual("203.0.113.1", client_ip)
def test_proxy_headers_extraction_from_request_ipv6(self):
options = SecureNativeOptions(proxy_headers=['CF-Connecting-IP'])
with requests_mock.Mocker(real_http=True) as request:
request.headers = {
"CF-Connecting-IP": "6559:6335:f572:14c6:4198:dd09:ddea:04f4"
}
client_ip = RequestUtils.get_client_ip_from_request(
request, options)
self.assertEqual("6559:6335:f572:14c6:4198:dd09:ddea:04f4",
client_ip)
def test_strip_down_pii_data_from_custom_headers(self):
headers = {
'Host': 'net.example.com',
'User-Agent':
'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)',
'Accept':
'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language': 'en-us,en;q=0.5',
'Accept-Encoding': 'gzip,deflate',
'Accept-Charset': 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Keep-Alive': '300',
'Connection': 'keep-alive',
'Cookie': 'PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120',
'Pragma': 'no-cache',
'Cache-Control': 'no-cache',
'authorization': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z',
'access_token': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z',
'apikey': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z',
'password': '******',
'passwd': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z',
'secret': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z',
'api_key': 'ylSkZIjbdWybfs4fUQe9BqP0LH5Z'
}
with requests_mock.Mocker(real_http=True) as request:
request.headers = headers
options = SecureNativeOptions(pii_headers=[
'authorization', 'access_token', 'apikey', 'password', 'passwd',
'secret', 'api_key'
])
h = RequestUtils.get_headers_from_request(request.headers, options)
self.assertEqual(h.get('authorization'), None)
self.assertEqual(h.get('access_token'), None)
self.assertEqual(h.get('apikey'), None)
self.assertEqual(h.get('password'), None)
self.assertEqual(h.get('passwd'), None)
self.assertEqual(h.get('secret'), None)
self.assertEqual(h.get('api_key'), None)