def process_response(self, request, response):
if response.status_code < 400 or response.status_code == 404:
return response
from raven.contrib.django.models import client
if not client.is_enabled():
return response
# format error message
message = ("{status_code} code returned for URL: {url}"
"with message: {message}").format(
status_code=response.status_code,
url=request.build_absolute_uri(),
message=str(response.content),
)
# create data representation
data = client.get_data_from_request(request)
data.update({
"level": logging.WARN,
"logger": "BadRequestMiddleware",
})
client.captureMessage(message=message, data=data)
return response
def csp_violation_capture(request):
# HT @glogiotatidis https://github.com/mozmeao/lumbergh/pull/180/
if not settings.CSP_REPORT_ENABLE:
# mitigation option for a flood of violation reports
return HttpResponse()
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'CSP',
})
try:
csp_data = json.loads(request.body)
except ValueError:
# Cannot decode CSP violation data, ignore
return HttpResponseBadRequest('Invalid CSP Report')
try:
blocked_uri = csp_data['csp-report']['blocked-uri']
except KeyError:
# Incomplete CSP report
return HttpResponseBadRequest('Incomplete CSP Report')
client.captureMessage(message='CSP Violation: {}'.format(blocked_uri),
data=data)
return HttpResponse('Captured CSP violation, thanks for reporting.')
def csp_violation_capture(request):
# HT @glogiotatidis https://github.com/mozmar/lumbergh/pull/180/
if not settings.CSP_REPORT_ENABLE:
# mitigation option for a flood of violation reports
return HttpResponse()
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'CSP',
})
try:
csp_data = json.loads(request.body.decode())
except ValueError:
# Cannot decode CSP violation data, ignore
return HttpResponseBadRequest('Invalid CSP Report')
try:
blocked_uri = csp_data['csp-report']['blocked-uri']
except KeyError:
# Incomplete CSP report
return HttpResponseBadRequest('Incomplete CSP Report')
client.captureMessage(message='CSP Violation: {}'.format(blocked_uri),
data=data)
return HttpResponse('Captured CSP violation, thanks for reporting.')
def process_response(self, request, response):
if response.status_code != 404:
return response
if is_ignorable_404(request.get_full_path()):
return response
from raven.contrib.django.models import client
if not client.is_enabled():
return response
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'http404',
})
result = client.captureMessage(message='Page Not Found: %s' %
request.build_absolute_uri(),
data=data)
if not result:
return
request.sentry = {
'project_id': data.get('project', client.remote.project),
'id': client.get_ident(result),
}
return response
def process_response(self, request, response):
from raven.contrib.django.models import client
if response.status_code < 400 or response.status_code > 450 or is_ignorable_404(
request.get_full_path()) or not client.is_enabled():
return response
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'http{0}'.format(str(response.status_code)),
})
result = client.captureMessage(message='{0}: {1}'.format(
getattr(response, 'status_text', 'Page Not Found'),
request.build_absolute_uri()),
data=data)
if not result:
return
request.sentry = {
'project_id': data.get('project', client.remote.project),
'id': client.get_ident(result),
}
return response
def process_response(self, request, response):
if response.status_code < 400 or response.status_code == 404:
return response
from raven.contrib.django.models import client
if not client.is_enabled():
return response
data = client.get_data_from_request(request)
data.update({
"level": logging.WARN,
"logger": "BadRequestMiddleware",
})
message_template = "{status_code} code returned for URL: {url} {content}"
content = ""
try:
content = "with message: {}".format(str(response.content))
except:
pass
message = message_template.format(status_code=response.status_code,
url=request.build_absolute_uri(),
content=content)
result = client.captureMessage(message=message, data=data)
return response
def csp_violation_capture(request):
"""
Capture CSP violation reports, forward to Sentry.
HT @glogiotatidis https://github.com/mozmeao/lumbergh/pull/180
HT @pmac, @jgmize https://github.com/mozilla/bedrock/pull/4335
"""
if not settings.CSP_REPORT_ENABLE:
# mitigation option for a flood of violation reports
return HttpResponse()
data = client.get_data_from_request(request)
data.update({"level": logging.INFO, "logger": "CSP"})
try:
csp_data = json.loads(request.body)
except ValueError:
# Cannot decode CSP violation data, ignore
return HttpResponseBadRequest("Invalid CSP Report")
try:
blocked_uri = csp_data["csp-report"]["blocked-uri"]
except KeyError:
# Incomplete CSP report
return HttpResponseBadRequest("Incomplete CSP Report")
client.captureMessage(message="CSP Violation: {}".format(blocked_uri),
data=data)
return HttpResponse("Captured CSP violation, thanks for reporting.")
def process_response(self, request, response):
if response.status_code != 404:
return response
if is_ignorable_404(request.get_full_path()):
return response
from raven.contrib.django.models import client
if not client.is_enabled():
return response
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'http404',
})
result = client.captureMessage(message='Page Not Found: %s' % request.build_absolute_uri(), data=data)
if not result:
return
request.sentry = {
'project_id': data.get('project', client.remote.project),
'id': client.get_ident(result),
}
return response
def process_response(self, request, response):
if response.status_code != 400:
return response
from raven.contrib.django.models import client
if not client.is_enabled():
return response
data = client.get_data_from_request(request)
# Ignore `django.security.DisallowedHost` errors
if re.search(r'\d+\.\d+\.\d+\.\d+',
data.get('request', {}).get('url', '')):
return response
data.update({
'level': logging.DEBUG,
'logger': 'manual_sentry_logger',
})
result = client.captureMessage(
message='400 response',
data=data,
extra={'response': self._parse_response(response)},
)
if not result:
return response
request.sentry = {
'project_id': data.get('project', client.remote.project),
'id': client.get_ident(result),
}
return response
def log_error(request, message, extra=None):
logger.info("(Error) %s\n" % message)
data = client.get_data_from_request(request)
data.update({
'level': logging.ERROR,
})
client.capture('Message',
message=message,
data=data,
extra=extra)
def process_exception(self, request, exception):
from raven.contrib.django.models import client
if not client.is_enabled():
return
data = client.get_data_from_request(request)
data.update(
{"level": logging.WARN, "logger": "BadRequestMiddleware",}
)
client.captureMessage(message=str(exception), data=data)
def process_response(self, request, response):
if response.status_code != 404 or _is_ignorable_404(request.get_full_path()):
return response
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'http404',
})
result = client.captureMessage(message='Page Not Found: %s' % request.build_absolute_uri(), data=data)
request.sentry = {
'project_id': data.get('project', client.project),
'id': client.get_ident(result),
}
return response
def process_response(self, request, response):
if response.status_code != 404 or _is_ignorable_404(
request.get_full_path()):
return response
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'http404',
})
result = client.captureMessage(message='Page Not Found: %s' %
request.build_absolute_uri(),
data=data)
request.sentry = {
'project_id': data.get('project', client.project),
'id': client.get_ident(result),
}
return response
def capture_csp_violation(request):
data = client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'CSP',
})
try:
csp_data = json.loads(request.body)
except ValueError:
# Cannot decode CSP violation data, ignore
return HttpResponseBadRequest('Invalid CSP Report')
try:
blocked_uri = csp_data['csp-report']['blocked-uri']
except KeyError:
# Incomplete CSP report
return HttpResponseBadRequest('Incomplete CSP Report')
client.captureMessage(message='CSP Violation: {}'.format(blocked_uri),
data=data)
return HttpResponse('Captured CSP violation, thanks for reporting.')
def csp_violation_capture(request):
data = sentry_client.get_data_from_request(request)
data.update({
'level': logging.INFO,
'logger': 'CSP',
})
try:
csp_data = json.loads(request.body)
except ValueError:
# Cannot decode CSP violation data, ignore
return HttpResponseBadRequest('Invalid CSP Report')
try:
blocked_uri = csp_data['csp-report']['blocked-uri']
except KeyError:
# Incomplete CSP report
return HttpResponseBadRequest('Incomplete CSP Report')
sentry_client.captureMessage(
message='CSP Violation: {}'.format(blocked_uri),
data=data)
return HttpResponse('Captured CSP violation, thanks for reporting.')
