def get_user_info(self, request):
user_info = {}
if not hasattr(request, "user"):
return user_info
try:
user = request.user
if hasattr(user, "is_authenticated"):
if callable(user.is_authenticated):
user_info["is_authenticated"] = user.is_authenticated()
else:
user_info["is_authenticated"] = bool(user.is_authenticated)
if hasattr(user, "id"):
user_info["id"] = encoding.keyword_field(user.id)
if hasattr(user, "get_username"):
user_info["username"] = encoding.keyword_field(
encoding.force_text(user.get_username()))
elif hasattr(user, "username"):
user_info["username"] = encoding.keyword_field(
encoding.force_text(user.username))
if hasattr(user, "email"):
user_info["email"] = encoding.force_text(user.email)
except DatabaseError:
# If the connection is closed or similar, we'll just skip this
return {}
return user_info
def sanitize_http_request_cookies(client, event):
"""
Sanitizes http request cookies
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
# sanitize request.cookies dict
try:
cookies = event["context"]["request"]["cookies"]
event["context"]["request"]["cookies"] = varmap(
_sanitize,
cookies,
sanitize_field_names=client.config.sanitize_field_names)
except (KeyError, TypeError):
pass
# sanitize request.header.cookie string
try:
cookie_string = force_text(
event["context"]["request"]["headers"]["cookie"], errors="replace")
event["context"]["request"]["headers"]["cookie"] = _sanitize_string(
cookie_string,
"; ",
"=",
sanitize_field_names=client.config.sanitize_field_names)
except (KeyError, TypeError):
pass
return event
def sanitize_http_request_querystring(client, event):
"""
Sanitizes http request query string
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
try:
query_string = force_text(event["context"]["request"]["url"]["search"],
errors="replace")
except (KeyError, TypeError):
return event
if "=" in query_string:
sanitized_query_string = _sanitize_string(
query_string,
"&",
"=",
sanitize_field_names=client.config.sanitize_field_names)
full_url = event["context"]["request"]["url"]["full"]
# we need to pipe the sanitized string through encoding.keyword_field to ensure that the maximum
# length of keyword fields is still ensured.
event["context"]["request"]["url"]["search"] = keyword_field(
sanitized_query_string)
event["context"]["request"]["url"]["full"] = keyword_field(
full_url.replace(query_string, sanitized_query_string))
return event
def sanitize_http_request_body(client, event):
"""
Sanitizes http request body. This only works if the request body
is a query-encoded string. Other types (e.g. JSON) are not handled by
this sanitizer.
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
try:
body = force_text(event["context"]["request"]["body"], errors="replace")
except (KeyError, TypeError):
return event
if "=" in body:
sanitized_query_string = _sanitize_string(body, "&", "=")
event["context"]["request"]["body"] = sanitized_query_string
return event
def sanitize_http_request_querystring(client, event):
"""
Sanitizes http request query string
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
try:
query_string = force_text(event["context"]["request"]["url"]["search"], errors="replace")
except (KeyError, TypeError):
return event
if "=" in query_string:
sanitized_query_string = _sanitize_string(query_string, "&", "=")
full_url = event["context"]["request"]["url"]["full"]
event["context"]["request"]["url"]["search"] = sanitized_query_string
event["context"]["request"]["url"]["full"] = full_url.replace(query_string, sanitized_query_string)
return event
def sanitize_http_request_querystring(client, event):
"""
Sanitizes http request query string
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
try:
query_string = force_text(event['context']['request']['url']['search'],
errors='replace')
except (KeyError, TypeError):
return event
if '=' in query_string:
sanitized_query_string = _sanitize_string(query_string, '&', '=')
raw = event['context']['request']['url']['raw']
event['context']['request']['url']['search'] = sanitized_query_string
event['context']['request']['url']['raw'] = raw.replace(
query_string, sanitized_query_string)
return event
def sanitize_http_response_cookies(client, event):
"""
Sanitizes the set-cookie header of the response
:param client: an ElasticAPM client
:param event: a transaction or error event
:return: The modified event
"""
try:
cookie_string = force_text(
event["context"]["response"]["headers"]["set-cookie"],
errors="replace")
event["context"]["response"]["headers"][
"set-cookie"] = _sanitize_string(
cookie_string,
";",
"=",
sanitize_field_names=client.config.sanitize_field_names)
except (KeyError, TypeError):
pass
return event
def extract_signature(sql):
"""
Extracts a minimal signature from a given SQL query
:param sql: the SQL statement
:return: a string representing the signature
"""
sql = force_text(sql)
sql = sql.strip()
first_space = sql.find(" ")
if first_space < 0:
return sql
second_space = sql.find(" ", first_space + 1)
sql_type = sql[0:first_space].upper()
if sql_type in ["INSERT", "DELETE"]:
keyword = "INTO" if sql_type == "INSERT" else "FROM"
sql_type = sql_type + " " + keyword
table_name = look_for_table(sql, keyword)
elif sql_type in ["CREATE", "DROP"]:
# 2nd word is part of SQL type
sql_type = sql_type + sql[first_space:second_space]
table_name = ""
elif sql_type == "UPDATE":
table_name = look_for_table(sql, "UPDATE")
elif sql_type == "SELECT":
# Name is first table
try:
sql_type = "SELECT FROM"
table_name = look_for_table(sql, "FROM")
except Exception:
table_name = ""
else:
# No name
table_name = ""
signature = " ".join(filter(bool, [sql_type, table_name]))
return signature
