def get_post_parameters(self, request): # We hook into this method to modify request in place, not nice, but it works for key in request.META: if key.isupper(): request.META[key] = debug.cleanse_setting(key, request.META[key]) for key in request.COOKIES: request.COOKIES[key] = debug.cleanse_setting(key, request.COOKIES[key]) return super(SafeExceptionReporterFilter, self).get_post_parameters(request)
def settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict["HERA"] = [] for i in site_settings.HERA: settings_dict["HERA"].append(debug.cleanse_setting("HERA", i)) for i in ["PAYPAL_EMBEDDED_AUTH", "PAYPAL_CGI_AUTH"]: settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i)) return jingo.render(request, "zadmin/settings.html", {"settings_dict": settings_dict})
def settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in site_settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']: settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i)) return jingo.render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict["HERA"] = [] for i in site_settings.HERA: settings_dict["HERA"].append(debug.cleanse_setting("HERA", i)) # Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local # are not exposed. for i in ["PAYPAL_EMBEDDED_AUTH", "PAYPAL_CGI_AUTH"]: settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i)) settings_dict["WEBAPPS_RECEIPT_KEY"] = "********************" return jingo.render(request, "zadmin/settings.html", {"settings_dict": settings_dict})
def __init__(self, base_url, conf_urls={}, verbosity=1, output_dir=None, ascend=True, **kwargs): self.base_url = base_url self.conf_urls = conf_urls self.verbosity = verbosity self.ascend = ascend auth = kwargs.get('auth') if output_dir: assert os.path.isdir(output_dir) self.output_dir = os.path.realpath(output_dir) LOG.info("Output will be saved to %s" % self.output_dir) else: self.output_dir = None #These two are what keep track of what to crawl and what has been. self.not_crawled = [(0, 'START',self.base_url)] self.crawled = {} self.c = Client(REMOTE_ADDR='127.0.0.1') if auth: printable_auth = ', '.join( '%s: %s' % (key, cleanse_setting(key.upper(), value)) for key, value in auth.items()) LOG.info('Log in with %s' % printable_auth) self.c.login(**auth) self.plugins = [] for plug in Plugin.__subclasses__(): active = getattr(plug, 'active', True) if active: #TODO: Check if plugin supports writing CSV (or to a file in general?) self.plugins.append(plug())
def get_post_parameters(self, request): if request is None and not self.is_active(request): return super(SafeExceptionReporterFilter, self).get_post_parameters(request) # We hook into this method to modify request in place, not nice, but it works. for key in request.META: request.META[key] = debug.cleanse_setting(key, request.META[key]) for key in request.COOKIES: request.COOKIES[key] = debug.cleanse_setting(key, request.COOKIES[key]) post = super(SafeExceptionReporterFilter, self).get_post_parameters(request).copy() for key in post: post[key] = debug.cleanse_setting(key, post[key]) return post
def show_settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) for i in ['GOOGLE_ANALYTICS_CREDENTIALS',]: settings_dict[i] = debug.cleanse_setting(i, getattr(settings, i, {})) settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************' return render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in site_settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) # Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local # are not exposed. for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']: settings_dict[i] = debug.cleanse_setting(i, getattr(site_settings, i)) settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************' return jingo.render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def env(request): env = {} for k in request.META.keys(): env[k] = debug.cleanse_setting(k, request.META[k]) return render(request, 'zadmin/settings.html', { 'settings_dict': env, 'title': 'Env!' })
def show_settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) # Retain this so that legacy PAYPAL_CGI_AUTH variables in local settings # are not exposed. for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH', 'GOOGLE_ANALYTICS_CREDENTIALS']: settings_dict[i] = debug.cleanse_setting(i, getattr(settings, i, {})) return render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def show_settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) # Retain this so that legacy PAYPAL_CGI_AUTH variables in settings_local # are not exposed. for i in ['PAYPAL_EMBEDDED_AUTH', 'PAYPAL_CGI_AUTH']: settings_dict[i] = debug.cleanse_setting(i, getattr(settings, i, {})) settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************' return jingo.render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def settings(request): settings_dict = debug.get_safe_settings() # sigh settings_dict['HERA'] = [] for i in site_settings.HERA: settings_dict['HERA'].append(debug.cleanse_setting('HERA', i)) return jingo.render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def get_post_parameters(self, request): if request is None: return super(SafeExceptionReporterFilter, self).get_post_parameters(request) # We hook into this method to modify request in place, not nice, but it works. for key in request.META: request.META[key] = debug.cleanse_setting(key, request.META[key]) for key in request.COOKIES: request.COOKIES[key] = debug.cleanse_setting( key, request.COOKIES[key]) post = super(SafeExceptionReporterFilter, self).get_post_parameters(request).copy() for key in post: post[key] = debug.cleanse_setting(key, post[key]) return post
def report_settings(module): from django.views.debug import cleanse_setting custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {}) for key in sorted(custom_settings_mappings): values = custom_settings_mappings[key] global_name, default_value, mapping, using_default = values source = using_default and "default" or key global_value = getattr(module, global_name, None) if global_name.isupper(): logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source)
def show_settings(request): settings_dict = debug.get_safe_settings() for i in ['GOOGLE_ANALYTICS_CREDENTIALS']: settings_dict[i] = debug.cleanse_setting(i, getattr(settings, i, {})) settings_dict['WEBAPPS_RECEIPT_KEY'] = '********************' return render(request, 'zadmin/settings.html', {'settings_dict': settings_dict})
def cleanse_dictionary(dictionary): """ Cleanse sensitive values in a dictionary. """ cleansed_dictionary = SortedDict() for key, val in dictionary.iteritems(): cleansed_dictionary[key] = cleanse_setting(key, val) return cleansed_dictionary
def show_settings(request): settings_dict = debug.get_safe_settings() # Retain this so that GOOGLE_ANALYTICS_CREDENTIALS variables in local # settings are not exposed. google_cred = 'GOOGLE_ANALYTICS_CREDENTIALS' settings_dict[google_cred] = debug.cleanse_setting( google_cred, getattr(settings, google_cred, {})) return render(request, 'zadmin/settings.html', {'settings_dict': settings_dict, 'title': 'Settings!'})
def _login(self, auth): if not auth: return printable_auth = ', '.join( '%s: %s' % (key, cleanse_setting(key.upper(), value)) for key, value in auth.items()) LOG.info('try logging in with %s' % printable_auth) if self.c.login(**auth): LOG.info('logged in successfully') else: raise CommandError("logon not possible, check credentials")
def show_settings(request): settings_dict = debug.get_safe_settings() # Retain this so that GOOGLE_ANALYTICS_CREDENTIALS variables in local # settings are not exposed. google_cred = 'GOOGLE_ANALYTICS_CREDENTIALS' settings_dict[google_cred] = debug.cleanse_setting( google_cred, getattr(settings, google_cred, {})) return render(request, 'zadmin/settings.html', { 'settings_dict': settings_dict, 'title': 'Settings!' })
def report_settings(module): from django.views.debug import cleanse_setting custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {}) for key in sorted(custom_settings_mappings): values = custom_settings_mappings[key] global_name, default_value, mapping, description, using_default = \ values source = using_default and "default" or key global_value = getattr(module, global_name, None) if global_name.isupper(): logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source) deprecated_settings = getattr(module, 'DEPRECATED_SETTINGS_MAPPINGS', {}) for key in sorted(deprecated_settings): values = deprecated_settings[key] global_name, default_value, mapping, description, using_default = \ values global_value = getattr(module, global_name, None) if global_name.isupper() and not using_default: logger.debug("%s = %r (deprecated:%s, %s)", global_name, cleanse_setting(global_name, global_value), key, description)
def report_settings(module): from django.views.debug import cleanse_setting custom_settings_mappings = getattr(module, 'CUSTOM_SETTINGS_MAPPINGS', {}) for key in sorted(custom_settings_mappings): values = custom_settings_mappings[key] global_name, default_value, mapping, description, using_default = \ values source = using_default and "default" or key global_value = getattr(module, global_name, None) if global_name.isupper(): logger.debug( "%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source) deprecated_settings = getattr(module, 'DEPRECATED_SETTINGS_MAPPINGS', {}) for key in sorted(deprecated_settings): values = deprecated_settings[key] global_name, default_value, mapping, description, using_default = \ values global_value = getattr(module, global_name, None) if global_name.isupper() and not using_default: logger.debug( "%s = %r (deprecated:%s, %s)", global_name, cleanse_setting(global_name, global_value), key, description)
def __init__(self, base_url, conf_urls={}, verbosity=1, output_dir=None, ascend=True, **kwargs): self.base_url = base_url self.conf_urls = conf_urls self.verbosity = verbosity self.ascend = ascend auth = kwargs.get('auth') if output_dir: assert os.path.isdir(output_dir) self.output_dir = os.path.realpath(output_dir) LOG.info("Output will be saved to %s" % self.output_dir) else: self.output_dir = None #These two are what keep track of what to crawl and what has been. self.not_crawled = [(0, 'START', self.base_url)] self.crawled = {} self.c = Client(REMOTE_ADDR='127.0.0.1') if auth: printable_auth = ', '.join( '%s: %s' % (key, cleanse_setting(key.upper(), value)) for key, value in auth.items()) LOG.info('Log in with %s' % printable_auth) self.c.login(**auth) self.plugins = [] for plug in Plugin.__subclasses__(): active = getattr(plug, 'active', True) if active: #TODO: Check if plugin supports writing CSV (or to a file in general?) self.plugins.append(plug())
def test_cleanse_setting_basic(self): self.assertEqual(cleanse_setting('TEST', 'TEST'), 'TEST') self.assertEqual(cleanse_setting('PASSWORD', 'super_secret'), CLEANSED_SUBSTITUTE)
def test_cleanse_setting_recurses_in_dictionary(self): initial = {'login': '******', 'password': '******'} expected = {'login': '******', 'password': CLEANSED_SUBSTITUTE} self.assertEqual(cleanse_setting('SETTING_NAME', initial), expected)
def test_cleanse_setting_recurses_in_dictionary(self): initial = {"login": "******", "password": "******"} expected = {"login": "******", "password": CLEANSED_SUBSTITUTE} self.assertEqual(cleanse_setting("SETTING_NAME", initial), expected)
def test_cleanse_setting_ignore_case(self): self.assertEqual(cleanse_setting('password', 'super_secret'), CLEANSED_SUBSTITUTE)
# error page will display a detailed report for any TemplateSyntaxError. This report contains # the relevant snippet of the template, with the appropriate line highlighted. # Note that Django only displays fancy error pages if DEBUG is True, alternatively error # is handled by: # handler404 = "omeroweb.feedback.views.handler404" # handler500 = "omeroweb.feedback.views.handler500" TEMPLATE_DEBUG = DEBUG from django.views.debug import cleanse_setting for key in sorted(CUSTOM_SETTINGS_MAPPINGS): values = CUSTOM_SETTINGS_MAPPINGS[key] global_name, default_value, mapping, using_default = values source = using_default and "default" or key global_value = globals().get(global_name, None) if global_name.isupper(): logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source) SITE_ID = 1 # Local time zone for this installation. Choices can be found here: # http://www.postgresql.org/docs/8.1/static/datetime-keywords.html#DATETIME-TIMEZONE-SET-TABLE # although not all variations may be possible on all operating systems. # If running in a Windows environment this must be set to the same as your # system time zone. TIME_ZONE = 'Europe/London' FIRST_DAY_OF_WEEK = 0 # 0-Monday, ... 6-Sunday # LANGUAGE_CODE: A string representing the language code for this installation. This should be # in standard language format. For example, U.S. English is "en-us". LANGUAGE_CODE = 'en-gb'
def cleanse_envvar(key, value): hidden_envvars = getattr(settings, 'HIDDEN_ENVVARS', []) if key in hidden_envvars: return CLEANSED_SUBSTITUTE else: return cleanse_setting(key, value)
def test_cleanse_setting_unchanged_non_string(): # when setting value is not a string, no attempt to parse happens original = 42 cleansed = debug.cleanse_setting("BACKEND_COUNT", original) assert original == cleansed
def test_cleanse_setting_invalid_url_unchanged(): # adding an unmatched square bracket will trigger exception handling original = "http://*****:*****@ex[ample.com/" cleansed = debug.cleanse_setting("SOME_URL", original) assert original == cleansed
def test_cleanse_setting_basic(self): self.assertEqual(cleanse_setting("TEST", "TEST"), "TEST") self.assertEqual(cleanse_setting("PASSWORD", "super_secret"), CLEANSED_SUBSTITUTE)
def test_cleanse_setting_unchanged_non_url_key(): # when setting key does not contain URL or BACKEND, # no attempt to parse and obfuscate occurs original = "http://*****:*****@example.com/some/path/" cleansed = debug.cleanse_setting("NOT_REPLACED", original) assert original == cleansed
def __init__(self, name): self.pk = name cleansed = debug.get_safe_settings() self.cleansed = debug.cleanse_setting(name, cleansed[name])
def test_benign_value_not_obfuscated(self): # regular settings are unchanged original = "Some valid value" cleansed = debug.cleanse_setting("BENIGN", original) self.assertEqual(original, cleansed)
# the relevant snippet of the template, with the appropriate line highlighted. # Note that Django only displays fancy error pages if DEBUG is True, alternatively error # is handled by: # handler404 = "omeroweb.feedback.views.handler404" # handler500 = "omeroweb.feedback.views.handler500" TEMPLATE_DEBUG = DEBUG from django.views.debug import cleanse_setting for key in sorted(CUSTOM_SETTINGS_MAPPINGS): values = CUSTOM_SETTINGS_MAPPINGS[key] global_name, default_value, mapping, using_default = values source = using_default and "default" or key global_value = globals().get(global_name, None) if global_name.isupper(): logger.debug("%s = %r (source:%s)", global_name, cleanse_setting(global_name, global_value), source) SITE_ID = 1 # Local time zone for this installation. Choices can be found here: # http://www.postgresql.org/docs/8.1/static/datetime-keywords.html#DATETIME-TIMEZONE-SET-TABLE # although not all variations may be possible on all operating systems. # If running in a Windows environment this must be set to the same as your # system time zone. TIME_ZONE = 'Europe/London' FIRST_DAY_OF_WEEK = 0 # 0-Monday, ... 6-Sunday # LANGUAGE_CODE: A string representing the language code for this installation. This should be # in standard language format. For example, U.S. English is "en-us". LANGUAGE_CODE = 'en-gb'
def test_unchanged_non_string(self): # when setting value is not a string, no attempt to parse happens original = 42 cleansed = debug.cleanse_setting("BACKEND_COUNT", original) self.assertEqual(original, cleansed)
def env(request): env = {} for k in request.META.keys(): env[k] = debug.cleanse_setting(k, request.META[k]) return render(request, 'zadmin/settings.html', {'settings_dict': env, 'title': 'Env!'})
def test_cleanse_setting_benign_value_not_obfuscated(): # regular settings are unchanged original = "Some valid value" cleansed = debug.cleanse_setting("BENIGN", original) assert original == cleansed