2011-06-09 06:18:46 +08:00
|
|
|
import functools
|
|
|
|
|
2013-08-03 02:46:17 +08:00
|
|
|
from django.http import HttpRequest
|
|
|
|
|
2011-06-09 06:18:46 +08:00
|
|
|
|
|
|
|
def sensitive_variables(*variables):
|
|
|
|
"""
|
2017-01-25 04:36:07 +08:00
|
|
|
Indicate which variables used in the decorated function are sensitive so
|
2011-06-09 06:18:46 +08:00
|
|
|
that those variables can later be treated in a special way, for example
|
|
|
|
by hiding them when logging unhandled exceptions.
|
|
|
|
|
2017-01-25 04:36:07 +08:00
|
|
|
Accept two forms:
|
2011-06-09 06:18:46 +08:00
|
|
|
|
|
|
|
* with specified variable names:
|
|
|
|
|
|
|
|
@sensitive_variables('user', 'password', 'credit_card')
|
|
|
|
def my_function(user):
|
|
|
|
password = user.pass_word
|
|
|
|
credit_card = user.credit_card_number
|
|
|
|
...
|
|
|
|
|
2017-01-25 04:36:07 +08:00
|
|
|
* without any specified variable names, in which case consider all
|
|
|
|
variables are sensitive:
|
2011-06-09 06:18:46 +08:00
|
|
|
|
|
|
|
@sensitive_variables()
|
|
|
|
def my_function()
|
|
|
|
...
|
|
|
|
"""
|
2019-12-09 19:12:17 +08:00
|
|
|
if len(variables) == 1 and callable(variables[0]):
|
|
|
|
raise TypeError(
|
|
|
|
'sensitive_variables() must be called to use it as a decorator, '
|
|
|
|
'e.g., use @sensitive_variables(), not @sensitive_variables.'
|
|
|
|
)
|
|
|
|
|
2011-06-09 06:18:46 +08:00
|
|
|
def decorator(func):
|
|
|
|
@functools.wraps(func)
|
2013-01-01 01:34:08 +08:00
|
|
|
def sensitive_variables_wrapper(*func_args, **func_kwargs):
|
2011-06-09 06:18:46 +08:00
|
|
|
if variables:
|
2012-06-04 08:33:09 +08:00
|
|
|
sensitive_variables_wrapper.sensitive_variables = variables
|
2011-06-09 06:18:46 +08:00
|
|
|
else:
|
2012-06-04 08:33:09 +08:00
|
|
|
sensitive_variables_wrapper.sensitive_variables = '__ALL__'
|
2013-01-01 01:34:08 +08:00
|
|
|
return func(*func_args, **func_kwargs)
|
2012-06-04 08:33:09 +08:00
|
|
|
return sensitive_variables_wrapper
|
2011-06-09 06:18:46 +08:00
|
|
|
return decorator
|
|
|
|
|
|
|
|
|
|
|
|
def sensitive_post_parameters(*parameters):
|
|
|
|
"""
|
2017-01-25 04:36:07 +08:00
|
|
|
Indicate which POST parameters used in the decorated view are sensitive,
|
2011-06-09 06:18:46 +08:00
|
|
|
so that those parameters can later be treated in a special way, for example
|
|
|
|
by hiding them when logging unhandled exceptions.
|
|
|
|
|
2017-01-25 04:36:07 +08:00
|
|
|
Accept two forms:
|
2011-06-09 06:18:46 +08:00
|
|
|
|
|
|
|
* with specified parameters:
|
|
|
|
|
|
|
|
@sensitive_post_parameters('password', 'credit_card')
|
|
|
|
def my_view(request):
|
|
|
|
pw = request.POST['password']
|
|
|
|
cc = request.POST['credit_card']
|
|
|
|
...
|
|
|
|
|
2017-01-25 04:36:07 +08:00
|
|
|
* without any specified parameters, in which case consider all
|
|
|
|
variables are sensitive:
|
2011-06-09 06:18:46 +08:00
|
|
|
|
|
|
|
@sensitive_post_parameters()
|
|
|
|
def my_view(request)
|
|
|
|
...
|
|
|
|
"""
|
2019-12-09 19:12:17 +08:00
|
|
|
if len(parameters) == 1 and callable(parameters[0]):
|
|
|
|
raise TypeError(
|
|
|
|
'sensitive_post_parameters() must be called to use it as a '
|
|
|
|
'decorator, e.g., use @sensitive_post_parameters(), not '
|
|
|
|
'@sensitive_post_parameters.'
|
|
|
|
)
|
|
|
|
|
2011-06-09 06:18:46 +08:00
|
|
|
def decorator(view):
|
|
|
|
@functools.wraps(view)
|
2012-06-04 08:33:09 +08:00
|
|
|
def sensitive_post_parameters_wrapper(request, *args, **kwargs):
|
2021-06-21 02:16:33 +08:00
|
|
|
if not isinstance(request, HttpRequest):
|
|
|
|
raise TypeError(
|
|
|
|
"sensitive_post_parameters didn't receive an HttpRequest "
|
|
|
|
"object. If you are decorating a classmethod, make sure "
|
|
|
|
"to use @method_decorator."
|
|
|
|
)
|
2011-06-09 06:18:46 +08:00
|
|
|
if parameters:
|
|
|
|
request.sensitive_post_parameters = parameters
|
|
|
|
else:
|
|
|
|
request.sensitive_post_parameters = '__ALL__'
|
|
|
|
return view(request, *args, **kwargs)
|
2012-06-04 08:33:09 +08:00
|
|
|
return sensitive_post_parameters_wrapper
|
2011-06-09 06:18:46 +08:00
|
|
|
return decorator
|