def test_customized_max_body_length(self, mock_log):
body = 150 * "0" + "1"
request = self.factory.post("/somewhere", data={"file": body})
middleware = LoggingMiddleware(self.get_response)
middleware.__call__(request)
request_body_str = request.body if isinstance(request.body, str) else request.body.decode()
self._assert_logged(mock_log, re.sub(r"\r?\n", "", request_body_str[:150]))
self._assert_not_logged(mock_log, body)
class MissingRoutes(BaseLogTestCase):
def setUp(self):
self.factory = RequestFactory()
def get_response(request):
response = mock.MagicMock()
response.status_code = 200
response.get.return_value = "application/json"
headers = {"test_headers": "test_headers"}
if IS_DJANGO_VERSION_GTE_3_2_0:
response.headers = headers
else:
response._headers = headers
return response
self.middleware = LoggingMiddleware(get_response)
def test_no_exception_risen(self, mock_log):
body = u"some body"
request = self.factory.post("/a-missing-route-somewhere", data={"file": body})
self.middleware.__call__(request)
self._assert_logged(mock_log, body)
class DjangoDecoratorTestCase(BaseLogTestCase):
def setUp(self):
self.factory = RequestFactory()
def get_response(request):
response = mock.MagicMock()
response.status_code = 200
response.get.return_value = 'application/json'
return response
self.middleware = LoggingMiddleware(get_response)
# Because django isn't actually processing this test this test stubbed
# out the important parts of what it does which is processes a decorator
# like @sensitive_post_parameters('pass__word'), which gets added
# to the request object, and then I also created the QueryDict that is
# the underlying POST data.
def test_log_sensitive_post_parameters(self, mock_log):
uri = "/dont_log_sensitive_parameter"
request = self.factory.post(uri)
request.POST = QueryDict('pass_word=foo')
request.sensitive_post_parameters = ["pass_word"]
self.middleware.__call__(request)
self._assert_not_logged(mock_log, "foo")
class LogTestCase(BaseLogTestCase):
def setUp(self):
self.factory = RequestFactory()
def get_response(request):
response = mock.MagicMock()
response.status_code = 200
response.get.return_value = 'application/json'
response._headers = {'test_headers': 'test_headers'}
return response
self.middleware = LoggingMiddleware(get_response)
def test_request_body_logged(self, mock_log):
body = u"some body"
request = self.factory.post("/somewhere", data={"file": body})
self.middleware.process_request(request)
self._assert_logged(mock_log, body)
def test_request_binary_logged(self, mock_log):
body = u"some body"
datafile = io.StringIO(body)
request = self.factory.post("/somewhere", data={"file": datafile})
self.middleware.process_request(request)
self._assert_logged(mock_log, "(binary data)")
@unittest.skipIf(sys.version_info < (3, 0), "This issue won't happen on python 2")
def test_request_jpeg_logged(self, mock_log):
body = b'--BoUnDaRyStRiNg\r\nContent-Disposition: form-data; name="file"; filename="campaign_carousel_img.jp' \
b'g"\r\nContent-Type: image/jpeg\r\n\r\n\xff\xd8\xff\xe1\x00\x18Exif\x00\x00II*\x00\x08\x00\x00\x00' \
b'\x00\x00\x00\x00\x00\x00\x00\x00\xff\xec\x00\x11Ducky\x00\x01\x00\x04\x00\x00\x00d\x00\x00\xff\xe1' \
b'\x03{http://ns.adobe.com/'
datafile = io.BytesIO(body)
request = self.factory.post("/somewhere", data={"file": datafile})
self.middleware.process_request(request)
self._assert_logged(mock_log, "(multipart/form)")
def test_request_headers_logged(self, mock_log):
request = self.factory.post("/somewhere",
**{'HTTP_USER_AGENT': 'silly-human'})
self.middleware.process_request(request)
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_response_headers_logged(self, mock_log):
request = self.factory.post("/somewhere")
response = mock.MagicMock()
response.get.return_value = 'application/json'
response._headers = {'test_headers': 'test_headers'}
self.middleware.process_response(request, response)
self._assert_logged(mock_log, "test_headers")
def test_call_logged(self, mock_log):
body = u"some body"
request = self.factory.post("/somewhere", data={"file": body},
**{'HTTP_USER_AGENT': 'silly-human'})
self.middleware.__call__(request)
self._assert_logged(mock_log, body)
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_call_binary_logged(self, mock_log):
body = u"some body"
datafile = io.StringIO(body)
request = self.factory.post("/somewhere", data={"file": datafile},
**{'HTTP_USER_AGENT': 'silly-human'})
self.middleware.__call__(request)
self._assert_logged(mock_log, "(binary data)")
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
@unittest.skipIf(sys.version_info < (3, 0), "This issue won't happen on python 2")
def test_call_jpeg_logged(self, mock_log):
body = b'--BoUnDaRyStRiNg\r\nContent-Disposition: form-data; name="file"; filename="campaign_carousel_img.jp' \
b'g"\r\nContent-Type: image/jpeg\r\n\r\n\xff\xd8\xff\xe1\x00\x18Exif\x00\x00II*\x00\x08\x00\x00\x00' \
b'\x00\x00\x00\x00\x00\x00\x00\x00\xff\xec\x00\x11Ducky\x00\x01\x00\x04\x00\x00\x00d\x00\x00\xff\xe1' \
b'\x03{http://ns.adobe.com/'
datafile = io.BytesIO(body)
request = self.factory.post("/somewhere", data={"file": datafile},
**{'HTTP_USER_AGENT': 'silly-human'})
self.middleware.__call__(request)
self._assert_logged(mock_log, "(multipart/form)")
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
class LogTestCase(BaseLogTestCase):
def setUp(self):
self.factory = RequestFactory()
def get_response(request):
response = mock.MagicMock()
response.status_code = 200
response.get.return_value = "application/json"
response._headers = {"test_headers": "test_headers"}
return response
self.middleware = LoggingMiddleware(get_response)
def test_request_body_logged(self, mock_log):
body = u"some body"
request = self.factory.post("/somewhere", data={"file": body})
self.middleware.process_request(request)
self._assert_logged(mock_log, body)
def test_request_binary_logged(self, mock_log):
body = u"some body"
datafile = io.StringIO(body)
request = self.factory.post("/somewhere", data={"file": datafile})
self.middleware.process_request(request)
self._assert_logged(mock_log, "(binary data)")
def test_request_jpeg_logged(self, mock_log):
body = (
b'--BoUnDaRyStRiNg\r\nContent-Disposition: form-data; name="file"; filename="campaign_carousel_img.jp'
b'g"\r\nContent-Type: image/jpeg\r\n\r\n\xff\xd8\xff\xe1\x00\x18Exif\x00\x00II*\x00\x08\x00\x00\x00'
b"\x00\x00\x00\x00\x00\x00\x00\x00\xff\xec\x00\x11Ducky\x00\x01\x00\x04\x00\x00\x00d\x00\x00\xff\xe1"
b"\x03{http://ns.adobe.com/")
datafile = io.BytesIO(body)
request = self.factory.post("/somewhere", data={"file": datafile})
self.middleware.process_request(request)
self._assert_logged(mock_log, "(multipart/form)")
def test_request_headers_logged(self, mock_log):
request = self.factory.post("/somewhere",
**{"HTTP_USER_AGENT": "silly-human"})
self.middleware.process_request(request)
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_request_headers_sensitive_logged_default(self, mock_log):
request = self.factory.post(
"/somewhere", **{
"HTTP_AUTHORIZATION": "sensitive-token",
"HTTP_PROXY_AUTHORIZATION": "proxy-token"
})
middleware = LoggingMiddleware()
middleware.process_request(request)
self._assert_logged(mock_log, "HTTP_AUTHORIZATION")
self._assert_logged(mock_log, "HTTP_PROXY_AUTHORIZATION")
self._assert_logged_with_key_value(mock_log, "HTTP_AUTHORIZATION",
"*****")
self._assert_logged_with_key_value(mock_log,
"HTTP_PROXY_AUTHORIZATION", "*****")
@override_settings(
REQUEST_LOGGING_SENSITIVE_HEADERS=["HTTP_AUTHORIZATION"])
def test_request_headers_sensitive_logged(self, mock_log):
request = self.factory.post(
"/somewhere", **{
"HTTP_AUTHORIZATION": "sensitive-token",
"HTTP_USER_AGENT": "silly-human",
"HTTP_PROXY_AUTHORIZATION": "proxy-token",
})
middleware = LoggingMiddleware()
middleware.process_request(request)
self._assert_logged(mock_log, "HTTP_AUTHORIZATION")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
self._assert_logged(mock_log, "HTTP_PROXY_AUTHORIZATION")
self._assert_logged_with_key_value(mock_log, "HTTP_AUTHORIZATION",
"*****")
self._assert_logged_with_key_value(mock_log, "HTTP_USER_AGENT",
"silly-human")
self._assert_logged_with_key_value(mock_log,
"HTTP_PROXY_AUTHORIZATION",
"proxy-token")
def test_response_headers_logged(self, mock_log):
request = self.factory.post("/somewhere")
response = mock.MagicMock()
response.get.return_value = "application/json"
response._headers = {"test_headers": "test_headers"}
self.middleware.process_response(request, response)
self._assert_logged(mock_log, "test_headers")
def test_call_logged(self, mock_log):
body = u"some body"
request = self.factory.post("/somewhere",
data={"file": body},
**{"HTTP_USER_AGENT": "silly-human"})
self.middleware.__call__(request)
self._assert_logged(mock_log, body)
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_call_binary_logged(self, mock_log):
body = u"some body"
datafile = io.StringIO(body)
request = self.factory.post("/somewhere",
data={"file": datafile},
**{"HTTP_USER_AGENT": "silly-human"})
self.middleware.__call__(request)
self._assert_logged(mock_log, "(binary data)")
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_call_jpeg_logged(self, mock_log):
body = (
b'--BoUnDaRyStRiNg\r\nContent-Disposition: form-data; name="file"; filename="campaign_carousel_img.jp'
b'g"\r\nContent-Type: image/jpeg\r\n\r\n\xff\xd8\xff\xe1\x00\x18Exif\x00\x00II*\x00\x08\x00\x00\x00'
b"\x00\x00\x00\x00\x00\x00\x00\x00\xff\xec\x00\x11Ducky\x00\x01\x00\x04\x00\x00\x00d\x00\x00\xff\xe1"
b"\x03{http://ns.adobe.com/")
datafile = io.BytesIO(body)
request = self.factory.post("/somewhere",
data={"file": datafile},
**{"HTTP_USER_AGENT": "silly-human"})
self.middleware.__call__(request)
self._assert_logged(mock_log, "(multipart/form)")
self._assert_logged(mock_log, "test_headers")
self._assert_logged(mock_log, "HTTP_USER_AGENT")
def test_minimal_logging_when_streaming(self, mock_log):
uri = "/somewhere"
request = self.factory.get(uri)
response = StreamingHttpResponse(status=200,
streaming_content=b"OK",
content_type="application/json")
self.middleware.process_response(request, response=response)
self._assert_logged(mock_log, "(data_stream)")
