def get_post_parameters(self, request):
# We hook into this method to modify request in place, not nice, but it works
for key in request.META:
if key.isupper():
request.META[key] = debug.cleanse_setting(key, request.META[key])
for key in request.COOKIES:
request.COOKIES[key] = debug.cleanse_setting(key, request.COOKIES[key])
return super(SafeExceptionReporterFilter, self).get_post_parameters(request)
def settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict["HERA"] = []
for i in site_settings.HERA:
settings_dict["HERA"].append(debug.cleanse_setting("HERA", i))
for i in ["PAYPAL_EMBEDDED_AUTH", "PAYPAL_CGI_AUTH"]:
settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i))
return jingo.render(request, "zadmin/settings.html", {"settings_dict": settings_dict})
def settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in site_settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']:
settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i))
return jingo.render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict["HERA"] = []
for i in site_settings.HERA:
settings_dict["HERA"].append(debug.cleanse_setting("HERA", i))
# Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local
# are not exposed.
for i in ["PAYPAL_EMBEDDED_AUTH", "PAYPAL_CGI_AUTH"]:
settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i))
settings_dict["WEBAPPS_RECEIPT_KEY"] = "********************"
return jingo.render(request, "zadmin/settings.html", {"settings_dict": settings_dict})
def __init__(self, base_url, conf_urls={}, verbosity=1, output_dir=None, ascend=True, **kwargs):
self.base_url = base_url
self.conf_urls = conf_urls
self.verbosity = verbosity
self.ascend = ascend
auth = kwargs.get('auth')
if output_dir:
assert os.path.isdir(output_dir)
self.output_dir = os.path.realpath(output_dir)
LOG.info("Output will be saved to %s" % self.output_dir)
else:
self.output_dir = None
#These two are what keep track of what to crawl and what has been.
self.not_crawled = [(0, 'START',self.base_url)]
self.crawled = {}
self.c = Client(REMOTE_ADDR='127.0.0.1')
if auth:
printable_auth = ', '.join(
'%s: %s' % (key, cleanse_setting(key.upper(), value))
for key, value in auth.items())
LOG.info('Log in with %s' % printable_auth)
self.c.login(**auth)
self.plugins = []
for plug in Plugin.__subclasses__():
active = getattr(plug, 'active', True)
if active:
#TODO: Check if plugin supports writing CSV (or to a file in general?)
self.plugins.append(plug())
def get_post_parameters(self, request):
if request is None and not self.is_active(request):
return super(SafeExceptionReporterFilter, self).get_post_parameters(request)
# We hook into this method to modify request in place, not nice, but it works.
for key in request.META:
request.META[key] = debug.cleanse_setting(key, request.META[key])
for key in request.COOKIES:
request.COOKIES[key] = debug.cleanse_setting(key, request.COOKIES[key])
post = super(SafeExceptionReporterFilter, self).get_post_parameters(request).copy()
for key in post:
post[key] = debug.cleanse_setting(key, post[key])
return post
def show_settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
for i in ['GOOGLE_ANALYTICS_CREDENTIALS',]:
settings_dict[i] = debug.cleanse_setting(i,
getattr(settings, i, {}))
settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************'
return render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in site_settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
# Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local
# are not exposed.
for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']:
settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i))
settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************'
return jingo.render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def env(request):
env = {}
for k in request.META.keys():
env[k] = debug.cleanse_setting(k, request.META[k])
return render(request, 'zadmin/settings.html', {
'settings_dict': env,
'title': 'Env!'
})
def show_settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
# Retain this so that legacy PAYPAL_CGI_AUTH variables in local settings
# are not exposed.
for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH',
'GOOGLE_ANALYTICS_CREDENTIALS']:
settings_dict[i] = debug.cleanse_setting(i,
getattr(settings, i, {}))
return render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def show_settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
# Retain this so that legacy PAYPAL_CGI_AUTH variables in local settings
# are not exposed.
for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH',
'GOOGLE_ANALYTICS_CREDENTIALS']:
settings_dict[i] = debug.cleanse_setting(i,
getattr(settings, i, {}))
return render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def show_settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
# Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local
# are not exposed.
for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']:
settings_dict[i] = debug.cleanse_setting(i,
getattr(settings, i, {}))
settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************'
return jingo.render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def settings(request):
settings_dict = debug.get_safe_settings()
# sigh
settings_dict['HERA'] = []
for i in site_settings.HERA:
settings_dict['HERA'].append(debug.cleanse_setting('HERA', i))
return jingo.render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def get_post_parameters(self, request):
if request is None:
return super(SafeExceptionReporterFilter,
self).get_post_parameters(request)
# We hook into this method to modify request in place, not nice, but it works.
for key in request.META:
request.META[key] = debug.cleanse_setting(key, request.META[key])
for key in request.COOKIES:
request.COOKIES[key] = debug.cleanse_setting(
key, request.COOKIES[key])
post = super(SafeExceptionReporterFilter,
self).get_post_parameters(request).copy()
for key in post:
post[key] = debug.cleanse_setting(key, post[key])
return post
def report_settings(module):
from django.views.debug import cleanse_setting
custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {})
for key in sorted(custom_settings_mappings):
values = custom_settings_mappings[key]
global_name, default_value, mapping, using_default = values
source = using_default and "default" or key
global_value = getattr(module, global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source)
def show_settings(request):
settings_dict = debug.get_safe_settings()
for i in ['GOOGLE_ANALYTICS_CREDENTIALS']:
settings_dict[i] = debug.cleanse_setting(i, getattr(settings, i, {}))
settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************'
return render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict})
def cleanse_dictionary(dictionary):
"""
Cleanse sensitive values in a dictionary.
"""
cleansed_dictionary = SortedDict()
for key, val in dictionary.iteritems():
cleansed_dictionary[key] = cleanse_setting(key, val)
return cleansed_dictionary
def show_settings(request):
settings_dict = debug.get_safe_settings()
# Retain this so that GOOGLE_ANALYTICS_CREDENTIALS variables in local
# settings are not exposed.
google_cred = 'GOOGLE_ANALYTICS_CREDENTIALS'
settings_dict[google_cred] = debug.cleanse_setting(
google_cred, getattr(settings, google_cred, {}))
return render(request, 'zadmin/settings.html',
{'settings_dict': settings_dict, 'title': 'Settings!'})
def report_settings(module):
from django.views.debug import cleanse_setting
custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {})
for key in sorted(custom_settings_mappings):
values = custom_settings_mappings[key]
global_name, default_value, mapping, using_default = values
source = using_default and "default" or key
global_value = getattr(module, global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name,
cleanse_setting(global_name, global_value), source)
def _login(self, auth):
if not auth:
return
printable_auth = ', '.join(
'%s: %s' % (key, cleanse_setting(key.upper(), value))
for key, value in auth.items())
LOG.info('try logging in with %s' % printable_auth)
if self.c.login(**auth):
LOG.info('logged in successfully')
else:
raise CommandError("logon not possible, check credentials")
def show_settings(request):
settings_dict = debug.get_safe_settings()
# Retain this so that GOOGLE_ANALYTICS_CREDENTIALS variables in local
# settings are not exposed.
google_cred = 'GOOGLE_ANALYTICS_CREDENTIALS'
settings_dict[google_cred] = debug.cleanse_setting(
google_cred, getattr(settings, google_cred, {}))
return render(request, 'zadmin/settings.html', {
'settings_dict': settings_dict,
'title': 'Settings!'
})
def report_settings(module):
from django.views.debug import cleanse_setting
custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {})
for key in sorted(custom_settings_mappings):
values = custom_settings_mappings[key]
global_name, default_value, mapping, description, using_default = \
values
source = using_default and "default" or key
global_value = getattr(module, global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name,
cleanse_setting(global_name, global_value), source)
deprecated_settings = getattr(module, 'DEPRECATED_SETTINGS_MAPPINGS', {})
for key in sorted(deprecated_settings):
values = deprecated_settings[key]
global_name, default_value, mapping, description, using_default = \
values
global_value = getattr(module, global_name, None)
if global_name.isupper() and not using_default:
logger.debug("%s = %r (deprecated:%s, %s)", global_name,
cleanse_setting(global_name, global_value), key,
description)
def report_settings(module):
from django.views.debug import cleanse_setting
custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {})
for key in sorted(custom_settings_mappings):
values = custom_settings_mappings[key]
global_name, default_value, mapping, description, using_default = \
values
source = using_default and "default" or key
global_value = getattr(module, global_name, None)
if global_name.isupper():
logger.debug(
"%s = %r (source:%s)", global_name,
cleanse_setting(global_name, global_value), source)
deprecated_settings = getattr(module, 'DEPRECATED_SETTINGS_MAPPINGS', {})
for key in sorted(deprecated_settings):
values = deprecated_settings[key]
global_name, default_value, mapping, description, using_default = \
values
global_value = getattr(module, global_name, None)
if global_name.isupper() and not using_default:
logger.debug(
"%s = %r (deprecated:%s, %s)", global_name,
cleanse_setting(global_name, global_value), key, description)
def __init__(self,
base_url,
conf_urls={},
verbosity=1,
output_dir=None,
ascend=True,
**kwargs):
self.base_url = base_url
self.conf_urls = conf_urls
self.verbosity = verbosity
self.ascend = ascend
auth = kwargs.get('auth')
if output_dir:
assert os.path.isdir(output_dir)
self.output_dir = os.path.realpath(output_dir)
LOG.info("Output will be saved to %s" % self.output_dir)
else:
self.output_dir = None
#These two are what keep track of what to crawl and what has been.
self.not_crawled = [(0, 'START', self.base_url)]
self.crawled = {}
self.c = Client(REMOTE_ADDR='127.0.0.1')
if auth:
printable_auth = ', '.join(
'%s: %s' % (key, cleanse_setting(key.upper(), value))
for key, value in auth.items())
LOG.info('Log in with %s' % printable_auth)
self.c.login(**auth)
self.plugins = []
for plug in Plugin.__subclasses__():
active = getattr(plug, 'active', True)
if active:
#TODO: Check if plugin supports writing CSV (or to a file in general?)
self.plugins.append(plug())
def test_cleanse_setting_basic(self):
self.assertEqual(cleanse_setting('TEST', 'TEST'), 'TEST')
self.assertEqual(cleanse_setting('PASSWORD', 'super_secret'), CLEANSED_SUBSTITUTE)
def test_cleanse_setting_recurses_in_dictionary(self):
initial = {'login': '******', 'password': '******'}
expected = {'login': '******', 'password': CLEANSED_SUBSTITUTE}
self.assertEqual(cleanse_setting('SETTING_NAME', initial), expected)
def test_cleanse_setting_recurses_in_dictionary(self):
initial = {"login": "******", "password": "******"}
expected = {"login": "******", "password": CLEANSED_SUBSTITUTE}
self.assertEqual(cleanse_setting("SETTING_NAME", initial), expected)
def test_cleanse_setting_basic(self):
self.assertEqual(cleanse_setting('TEST', 'TEST'), 'TEST')
self.assertEqual(cleanse_setting('PASSWORD', 'super_secret'), CLEANSED_SUBSTITUTE)
def test_cleanse_setting_ignore_case(self):
self.assertEqual(cleanse_setting('password', 'super_secret'), CLEANSED_SUBSTITUTE)
# error page will display a detailed report for any TemplateSyntaxError. This report contains
# the relevant snippet of the template, with the appropriate line highlighted.
# Note that Django only displays fancy error pages if DEBUG is True, alternatively error
# is handled by:
# handler404 = "omeroweb.feedback.views.handler404"
# handler500 = "omeroweb.feedback.views.handler500"
TEMPLATE_DEBUG = DEBUG
from django.views.debug import cleanse_setting
for key in sorted(CUSTOM_SETTINGS_MAPPINGS):
values = CUSTOM_SETTINGS_MAPPINGS[key]
global_name, default_value, mapping, using_default = values
source = using_default and "default" or key
global_value = globals().get(global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source)
SITE_ID = 1
# Local time zone for this installation. Choices can be found here:
# http://www.postgresql.org/docs/8.1/static/datetime-keywords.html#DATETIME-TIMEZONE-SET-TABLE
# although not all variations may be possible on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'Europe/London'
FIRST_DAY_OF_WEEK = 0 # 0-Monday, ... 6-Sunday
# LANGUAGE_CODE: A string representing the language code for this installation. This should be
# in standard language format. For example, U.S. English is "en-us".
LANGUAGE_CODE = 'en-gb'
def cleanse_envvar(key, value):
hidden_envvars = getattr(settings, 'HIDDEN_ENVVARS', [])
if key in hidden_envvars:
return CLEANSED_SUBSTITUTE
else:
return cleanse_setting(key, value)
def test_cleanse_setting_unchanged_non_string():
# when setting value is not a string, no attempt to parse happens
original = 42
cleansed = debug.cleanse_setting("BACKEND_COUNT", original)
assert original == cleansed
def test_cleanse_setting_invalid_url_unchanged():
# adding an unmatched square bracket will trigger exception handling
original = "http://*****:*****@ex[ample.com/"
cleansed = debug.cleanse_setting("SOME_URL", original)
assert original == cleansed
def test_cleanse_setting_basic(self):
self.assertEqual(cleanse_setting("TEST", "TEST"), "TEST")
self.assertEqual(cleanse_setting("PASSWORD", "super_secret"), CLEANSED_SUBSTITUTE)
def test_cleanse_setting_unchanged_non_url_key():
# when setting key does not contain URL or BACKEND,
# no attempt to parse and obfuscate occurs
original = "http://*****:*****@example.com/some/path/"
cleansed = debug.cleanse_setting("NOT_REPLACED", original)
assert original == cleansed
def __init__(self, name):
self.pk = name
cleansed = debug.get_safe_settings()
self.cleansed = debug.cleanse_setting(name, cleansed[name])
def test_benign_value_not_obfuscated(self):
# regular settings are unchanged
original = "Some valid value"
cleansed = debug.cleanse_setting("BENIGN", original)
self.assertEqual(original, cleansed)
# the relevant snippet of the template, with the appropriate line highlighted.
# Note that Django only displays fancy error pages if DEBUG is True, alternatively error
# is handled by:
# handler404 = "omeroweb.feedback.views.handler404"
# handler500 = "omeroweb.feedback.views.handler500"
TEMPLATE_DEBUG = DEBUG
from django.views.debug import cleanse_setting
for key in sorted(CUSTOM_SETTINGS_MAPPINGS):
values = CUSTOM_SETTINGS_MAPPINGS[key]
global_name, default_value, mapping, using_default = values
source = using_default and "default" or key
global_value = globals().get(global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name,
cleanse_setting(global_name, global_value), source)
SITE_ID = 1
# Local time zone for this installation. Choices can be found here:
# http://www.postgresql.org/docs/8.1/static/datetime-keywords.html#DATETIME-TIMEZONE-SET-TABLE
# although not all variations may be possible on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'Europe/London'
FIRST_DAY_OF_WEEK = 0 # 0-Monday, ... 6-Sunday
# LANGUAGE_CODE: A string representing the language code for this installation. This should be
# in standard language format. For example, U.S. English is "en-us".
LANGUAGE_CODE = 'en-gb'
def test_cleanse_setting_ignore_case(self):
self.assertEqual(cleanse_setting('password', 'super_secret'), CLEANSED_SUBSTITUTE)
# error page will display a detailed report for any TemplateSyntaxError. This report contains
# the relevant snippet of the template, with the appropriate line highlighted.
# Note that Django only displays fancy error pages if DEBUG is True, alternatively error
# is handled by:
# handler404 = "omeroweb.feedback.views.handler404"
# handler500 = "omeroweb.feedback.views.handler500"
TEMPLATE_DEBUG = DEBUG
from django.views.debug import cleanse_setting
for key in sorted(CUSTOM_SETTINGS_MAPPINGS):
values = CUSTOM_SETTINGS_MAPPINGS[key]
global_name, default_value, mapping, using_default = values
source = using_default and "default" or key
global_value = globals().get(global_name, None)
if global_name.isupper():
logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source)
SITE_ID = 1
# Local time zone for this installation. Choices can be found here:
# http://www.postgresql.org/docs/8.1/static/datetime-keywords.html#DATETIME-TIMEZONE-SET-TABLE
# although not all variations may be possible on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'Europe/London'
FIRST_DAY_OF_WEEK = 0 # 0-Monday, ... 6-Sunday
# LANGUAGE_CODE: A string representing the language code for this installation. This should be
# in standard language format. For example, U.S. English is "en-us".
LANGUAGE_CODE = 'en-gb'
def test_cleanse_setting_recurses_in_dictionary(self):
initial = {'login': '******', 'password': '******'}
expected = {'login': '******', 'password': CLEANSED_SUBSTITUTE}
self.assertEqual(cleanse_setting('SETTING_NAME', initial), expected)
def test_unchanged_non_string(self):
# when setting value is not a string, no attempt to parse happens
original = 42
cleansed = debug.cleanse_setting("BACKEND_COUNT", original)
self.assertEqual(original, cleansed)
def env(request):
env = {}
for k in request.META.keys():
env[k] = debug.cleanse_setting(k, request.META[k])
return render(request, 'zadmin/settings.html',
{'settings_dict': env, 'title': 'Env!'})
def test_cleanse_setting_benign_value_not_obfuscated():
# regular settings are unchanged
original = "Some valid value"
cleansed = debug.cleanse_setting("BENIGN", original)
assert original == cleansed
