Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
This commit is contained in:
parent
36d47f72e3
commit
d228c1192e
|
@ -5,8 +5,9 @@ from django.utils.importlib import import_module
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
|
|
||||||
|
|
||||||
__all__ = ['handler403', 'handler404', 'handler500', 'include', 'patterns', 'url']
|
__all__ = ['handler400', 'handler403', 'handler404', 'handler500', 'include', 'patterns', 'url']
|
||||||
|
|
||||||
|
handler400 = 'django.views.defaults.bad_request'
|
||||||
handler403 = 'django.views.defaults.permission_denied'
|
handler403 = 'django.views.defaults.permission_denied'
|
||||||
handler404 = 'django.views.defaults.page_not_found'
|
handler404 = 'django.views.defaults.page_not_found'
|
||||||
handler500 = 'django.views.defaults.server_error'
|
handler500 = 'django.views.defaults.server_error'
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
from django.core.exceptions import SuspiciousOperation
|
||||||
|
|
||||||
|
|
||||||
|
class DisallowedModelAdminLookup(SuspiciousOperation):
|
||||||
|
"""Invalid filter was passed to admin view via URL querystring"""
|
||||||
|
pass
|
|
@ -14,6 +14,7 @@ from django.utils.translation import ugettext, ugettext_lazy
|
||||||
from django.utils.http import urlencode
|
from django.utils.http import urlencode
|
||||||
|
|
||||||
from django.contrib.admin import FieldListFilter
|
from django.contrib.admin import FieldListFilter
|
||||||
|
from django.contrib.admin.exceptions import DisallowedModelAdminLookup
|
||||||
from django.contrib.admin.options import IncorrectLookupParameters
|
from django.contrib.admin.options import IncorrectLookupParameters
|
||||||
from django.contrib.admin.util import (quote, get_fields_from_path,
|
from django.contrib.admin.util import (quote, get_fields_from_path,
|
||||||
lookup_needs_distinct, prepare_lookup_value)
|
lookup_needs_distinct, prepare_lookup_value)
|
||||||
|
@ -128,7 +129,7 @@ class ChangeList(six.with_metaclass(RenameChangeListMethods)):
|
||||||
lookup_params[force_str(key)] = value
|
lookup_params[force_str(key)] = value
|
||||||
|
|
||||||
if not self.model_admin.lookup_allowed(key, value):
|
if not self.model_admin.lookup_allowed(key, value):
|
||||||
raise SuspiciousOperation("Filtering by %s not allowed" % key)
|
raise DisallowedModelAdminLookup("Filtering by %s not allowed" % key)
|
||||||
|
|
||||||
filter_specs = []
|
filter_specs = []
|
||||||
if self.list_filter:
|
if self.list_filter:
|
||||||
|
|
|
@ -10,7 +10,6 @@ from django.conf import global_settings, settings
|
||||||
from django.contrib.sites.models import Site, RequestSite
|
from django.contrib.sites.models import Site, RequestSite
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.core import mail
|
from django.core import mail
|
||||||
from django.core.exceptions import SuspiciousOperation
|
|
||||||
from django.core.urlresolvers import reverse, NoReverseMatch
|
from django.core.urlresolvers import reverse, NoReverseMatch
|
||||||
from django.http import QueryDict, HttpRequest
|
from django.http import QueryDict, HttpRequest
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
|
@ -18,7 +17,7 @@ from django.utils.html import escape
|
||||||
from django.utils.http import urlquote
|
from django.utils.http import urlquote
|
||||||
from django.utils._os import upath
|
from django.utils._os import upath
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.test.utils import override_settings
|
from django.test.utils import override_settings, patch_logger
|
||||||
from django.middleware.csrf import CsrfViewMiddleware
|
from django.middleware.csrf import CsrfViewMiddleware
|
||||||
from django.contrib.sessions.middleware import SessionMiddleware
|
from django.contrib.sessions.middleware import SessionMiddleware
|
||||||
|
|
||||||
|
@ -155,23 +154,28 @@ class PasswordResetTest(AuthViewsTestCase):
|
||||||
# produce a meaningful reset URL, we need to be certain that the
|
# produce a meaningful reset URL, we need to be certain that the
|
||||||
# HTTP_HOST header isn't poisoned. This is done as a check when get_host()
|
# HTTP_HOST header isn't poisoned. This is done as a check when get_host()
|
||||||
# is invoked, but we check here as a practical consequence.
|
# is invoked, but we check here as a practical consequence.
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with patch_logger('django.security.DisallowedHost', 'error') as logger_calls:
|
||||||
self.client.post('/password_reset/',
|
response = self.client.post('/password_reset/',
|
||||||
{'email': 'staffmember@example.com'},
|
{'email': 'staffmember@example.com'},
|
||||||
HTTP_HOST='www.example:dr.frankenstein@evil.tld'
|
HTTP_HOST='www.example:dr.frankenstein@evil.tld'
|
||||||
)
|
)
|
||||||
|
self.assertEqual(response.status_code, 400)
|
||||||
self.assertEqual(len(mail.outbox), 0)
|
self.assertEqual(len(mail.outbox), 0)
|
||||||
|
self.assertEqual(len(logger_calls), 1)
|
||||||
|
|
||||||
# Skip any 500 handler action (like sending more mail...)
|
# Skip any 500 handler action (like sending more mail...)
|
||||||
@override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
|
@override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
|
||||||
def test_poisoned_http_host_admin_site(self):
|
def test_poisoned_http_host_admin_site(self):
|
||||||
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
|
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with patch_logger('django.security.DisallowedHost', 'error') as logger_calls:
|
||||||
self.client.post('/admin_password_reset/',
|
response = self.client.post('/admin_password_reset/',
|
||||||
{'email': 'staffmember@example.com'},
|
{'email': 'staffmember@example.com'},
|
||||||
HTTP_HOST='www.example:dr.frankenstein@evil.tld'
|
HTTP_HOST='www.example:dr.frankenstein@evil.tld'
|
||||||
)
|
)
|
||||||
|
self.assertEqual(response.status_code, 400)
|
||||||
self.assertEqual(len(mail.outbox), 0)
|
self.assertEqual(len(mail.outbox), 0)
|
||||||
|
self.assertEqual(len(logger_calls), 1)
|
||||||
|
|
||||||
|
|
||||||
def _test_confirm_start(self):
|
def _test_confirm_start(self):
|
||||||
# Start by creating the email
|
# Start by creating the email
|
||||||
|
@ -678,5 +682,7 @@ class ChangelistTests(AuthViewsTestCase):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
||||||
# A lookup that tries to filter on password isn't OK
|
# A lookup that tries to filter on password isn't OK
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with patch_logger('django.security.DisallowedModelAdminLookup', 'error') as logger_calls:
|
||||||
response = self.client.get('/admin/auth/user/?password__startswith=sha1$')
|
response = self.client.get('/admin/auth/user/?password__startswith=sha1$')
|
||||||
|
self.assertEqual(response.status_code, 400)
|
||||||
|
self.assertEqual(len(logger_calls), 1)
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
from django.core.exceptions import SuspiciousOperation
|
||||||
|
|
||||||
|
|
||||||
|
class WizardViewCookieModified(SuspiciousOperation):
|
||||||
|
"""Signature of cookie modified"""
|
||||||
|
pass
|
|
@ -1,8 +1,8 @@
|
||||||
import json
|
import json
|
||||||
|
|
||||||
from django.core.exceptions import SuspiciousOperation
|
|
||||||
from django.core.signing import BadSignature
|
from django.core.signing import BadSignature
|
||||||
|
|
||||||
|
from django.contrib.formtools.exceptions import WizardViewCookieModified
|
||||||
from django.contrib.formtools.wizard import storage
|
from django.contrib.formtools.wizard import storage
|
||||||
|
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ class CookieStorage(storage.BaseStorage):
|
||||||
except KeyError:
|
except KeyError:
|
||||||
data = None
|
data = None
|
||||||
except BadSignature:
|
except BadSignature:
|
||||||
raise SuspiciousOperation('WizardView cookie manipulated')
|
raise WizardViewCookieModified('WizardView cookie manipulated')
|
||||||
if data is None:
|
if data is None:
|
||||||
return None
|
return None
|
||||||
return json.loads(data, cls=json.JSONDecoder)
|
return json.loads(data, cls=json.JSONDecoder)
|
||||||
|
|
|
@ -2,6 +2,8 @@ from __future__ import unicode_literals
|
||||||
|
|
||||||
import base64
|
import base64
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
import logging
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from django.utils.six.moves import cPickle as pickle
|
from django.utils.six.moves import cPickle as pickle
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
@ -14,7 +16,9 @@ from django.utils.crypto import constant_time_compare
|
||||||
from django.utils.crypto import get_random_string
|
from django.utils.crypto import get_random_string
|
||||||
from django.utils.crypto import salted_hmac
|
from django.utils.crypto import salted_hmac
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils.encoding import force_bytes
|
from django.utils.encoding import force_bytes, force_text
|
||||||
|
|
||||||
|
from django.contrib.sessions.exceptions import SuspiciousSession
|
||||||
|
|
||||||
# session_key should not be case sensitive because some backends can store it
|
# session_key should not be case sensitive because some backends can store it
|
||||||
# on case insensitive file systems.
|
# on case insensitive file systems.
|
||||||
|
@ -94,12 +98,16 @@ class SessionBase(object):
|
||||||
hash, pickled = encoded_data.split(b':', 1)
|
hash, pickled = encoded_data.split(b':', 1)
|
||||||
expected_hash = self._hash(pickled)
|
expected_hash = self._hash(pickled)
|
||||||
if not constant_time_compare(hash.decode(), expected_hash):
|
if not constant_time_compare(hash.decode(), expected_hash):
|
||||||
raise SuspiciousOperation("Session data corrupted")
|
raise SuspiciousSession("Session data corrupted")
|
||||||
else:
|
else:
|
||||||
return pickle.loads(pickled)
|
return pickle.loads(pickled)
|
||||||
except Exception:
|
except Exception as e:
|
||||||
# ValueError, SuspiciousOperation, unpickling exceptions. If any of
|
# ValueError, SuspiciousOperation, unpickling exceptions. If any of
|
||||||
# these happen, just return an empty dictionary (an empty session).
|
# these happen, just return an empty dictionary (an empty session).
|
||||||
|
if isinstance(e, SuspiciousOperation):
|
||||||
|
logger = logging.getLogger('django.security.%s' %
|
||||||
|
e.__class__.__name__)
|
||||||
|
logger.warning(force_text(e))
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
def update(self, dict_):
|
def update(self, dict_):
|
||||||
|
|
|
@ -2,10 +2,13 @@
|
||||||
Cached, database-backed sessions.
|
Cached, database-backed sessions.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
from django.contrib.sessions.backends.db import SessionStore as DBStore
|
from django.contrib.sessions.backends.db import SessionStore as DBStore
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousOperation
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
from django.utils.encoding import force_text
|
||||||
|
|
||||||
KEY_PREFIX = "django.contrib.sessions.cached_db"
|
KEY_PREFIX = "django.contrib.sessions.cached_db"
|
||||||
|
|
||||||
|
@ -41,7 +44,11 @@ class SessionStore(DBStore):
|
||||||
data = self.decode(s.session_data)
|
data = self.decode(s.session_data)
|
||||||
cache.set(self.cache_key, data,
|
cache.set(self.cache_key, data,
|
||||||
self.get_expiry_age(expiry=s.expire_date))
|
self.get_expiry_age(expiry=s.expire_date))
|
||||||
except (Session.DoesNotExist, SuspiciousOperation):
|
except (Session.DoesNotExist, SuspiciousOperation) as e:
|
||||||
|
if isinstance(e, SuspiciousOperation):
|
||||||
|
logger = logging.getLogger('django.security.%s' %
|
||||||
|
e.__class__.__name__)
|
||||||
|
logger.warning(force_text(e))
|
||||||
self.create()
|
self.create()
|
||||||
data = {}
|
data = {}
|
||||||
return data
|
return data
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
|
import logging
|
||||||
|
|
||||||
from django.contrib.sessions.backends.base import SessionBase, CreateError
|
from django.contrib.sessions.backends.base import SessionBase, CreateError
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousOperation
|
||||||
from django.db import IntegrityError, transaction, router
|
from django.db import IntegrityError, transaction, router
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
from django.utils.encoding import force_text
|
||||||
|
|
||||||
class SessionStore(SessionBase):
|
class SessionStore(SessionBase):
|
||||||
"""
|
"""
|
||||||
|
@ -18,7 +20,11 @@ class SessionStore(SessionBase):
|
||||||
expire_date__gt=timezone.now()
|
expire_date__gt=timezone.now()
|
||||||
)
|
)
|
||||||
return self.decode(s.session_data)
|
return self.decode(s.session_data)
|
||||||
except (Session.DoesNotExist, SuspiciousOperation):
|
except (Session.DoesNotExist, SuspiciousOperation) as e:
|
||||||
|
if isinstance(e, SuspiciousOperation):
|
||||||
|
logger = logging.getLogger('django.security.%s' %
|
||||||
|
e.__class__.__name__)
|
||||||
|
logger.warning(force_text(e))
|
||||||
self.create()
|
self.create()
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import datetime
|
import datetime
|
||||||
import errno
|
import errno
|
||||||
|
import logging
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
import tempfile
|
import tempfile
|
||||||
|
@ -8,6 +9,9 @@ from django.conf import settings
|
||||||
from django.contrib.sessions.backends.base import SessionBase, CreateError, VALID_KEY_CHARS
|
from django.contrib.sessions.backends.base import SessionBase, CreateError, VALID_KEY_CHARS
|
||||||
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
|
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
|
from django.utils.encoding import force_text
|
||||||
|
|
||||||
|
from django.contrib.sessions.exceptions import InvalidSessionKey
|
||||||
|
|
||||||
class SessionStore(SessionBase):
|
class SessionStore(SessionBase):
|
||||||
"""
|
"""
|
||||||
|
@ -48,7 +52,7 @@ class SessionStore(SessionBase):
|
||||||
# should always be md5s, so they should never contain directory
|
# should always be md5s, so they should never contain directory
|
||||||
# components.
|
# components.
|
||||||
if not set(session_key).issubset(set(VALID_KEY_CHARS)):
|
if not set(session_key).issubset(set(VALID_KEY_CHARS)):
|
||||||
raise SuspiciousOperation(
|
raise InvalidSessionKey(
|
||||||
"Invalid characters in session key")
|
"Invalid characters in session key")
|
||||||
|
|
||||||
return os.path.join(self.storage_path, self.file_prefix + session_key)
|
return os.path.join(self.storage_path, self.file_prefix + session_key)
|
||||||
|
@ -75,7 +79,11 @@ class SessionStore(SessionBase):
|
||||||
if file_data:
|
if file_data:
|
||||||
try:
|
try:
|
||||||
session_data = self.decode(file_data)
|
session_data = self.decode(file_data)
|
||||||
except (EOFError, SuspiciousOperation):
|
except (EOFError, SuspiciousOperation) as e:
|
||||||
|
if isinstance(e, SuspiciousOperation):
|
||||||
|
logger = logging.getLogger('django.security.%s' %
|
||||||
|
e.__class__.__name__)
|
||||||
|
logger.warning(force_text(e))
|
||||||
self.create()
|
self.create()
|
||||||
|
|
||||||
# Remove expired sessions.
|
# Remove expired sessions.
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
from django.core.exceptions import SuspiciousOperation
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidSessionKey(SuspiciousOperation):
|
||||||
|
"""Invalid characters in session key"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class SuspiciousSession(SuspiciousOperation):
|
||||||
|
"""The session may be tampered with"""
|
||||||
|
pass
|
|
@ -1,3 +1,4 @@
|
||||||
|
import base64
|
||||||
from datetime import timedelta
|
from datetime import timedelta
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
|
@ -15,14 +16,16 @@ from django.contrib.sessions.models import Session
|
||||||
from django.contrib.sessions.middleware import SessionMiddleware
|
from django.contrib.sessions.middleware import SessionMiddleware
|
||||||
from django.core.cache import get_cache
|
from django.core.cache import get_cache
|
||||||
from django.core import management
|
from django.core import management
|
||||||
from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
from django.test import TestCase, RequestFactory
|
from django.test import TestCase, RequestFactory
|
||||||
from django.test.utils import override_settings
|
from django.test.utils import override_settings, patch_logger
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.utils import unittest
|
from django.utils import unittest
|
||||||
|
|
||||||
|
from django.contrib.sessions.exceptions import InvalidSessionKey
|
||||||
|
|
||||||
|
|
||||||
class SessionTestsMixin(object):
|
class SessionTestsMixin(object):
|
||||||
# This does not inherit from TestCase to avoid any tests being run with this
|
# This does not inherit from TestCase to avoid any tests being run with this
|
||||||
|
@ -272,6 +275,15 @@ class SessionTestsMixin(object):
|
||||||
encoded = self.session.encode(data)
|
encoded = self.session.encode(data)
|
||||||
self.assertEqual(self.session.decode(encoded), data)
|
self.assertEqual(self.session.decode(encoded), data)
|
||||||
|
|
||||||
|
def test_decode_failure_logged_to_security(self):
|
||||||
|
bad_encode = base64.b64encode(b'flaskdj:alkdjf')
|
||||||
|
with patch_logger('django.security.SuspiciousSession', 'warning') as calls:
|
||||||
|
self.assertEqual({}, self.session.decode(bad_encode))
|
||||||
|
# check that the failed decode is logged
|
||||||
|
self.assertEqual(len(calls), 1)
|
||||||
|
self.assertTrue('corrupted' in calls[0])
|
||||||
|
|
||||||
|
|
||||||
def test_actual_expiry(self):
|
def test_actual_expiry(self):
|
||||||
# Regression test for #19200
|
# Regression test for #19200
|
||||||
old_session_key = None
|
old_session_key = None
|
||||||
|
@ -411,12 +423,12 @@ class FileSessionTests(SessionTestsMixin, unittest.TestCase):
|
||||||
# This is tested directly on _key_to_file, as load() will swallow
|
# This is tested directly on _key_to_file, as load() will swallow
|
||||||
# a SuspiciousOperation in the same way as an IOError - by creating
|
# a SuspiciousOperation in the same way as an IOError - by creating
|
||||||
# a new session, making it unclear whether the slashes were detected.
|
# a new session, making it unclear whether the slashes were detected.
|
||||||
self.assertRaises(SuspiciousOperation,
|
self.assertRaises(InvalidSessionKey,
|
||||||
self.backend()._key_to_file, "a\\b\\c")
|
self.backend()._key_to_file, "a\\b\\c")
|
||||||
|
|
||||||
def test_invalid_key_forwardslash(self):
|
def test_invalid_key_forwardslash(self):
|
||||||
# Ensure we don't allow directory-traversal
|
# Ensure we don't allow directory-traversal
|
||||||
self.assertRaises(SuspiciousOperation,
|
self.assertRaises(InvalidSessionKey,
|
||||||
self.backend()._key_to_file, "a/b/c")
|
self.backend()._key_to_file, "a/b/c")
|
||||||
|
|
||||||
@override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file")
|
@override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file")
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
"""
|
"""
|
||||||
Global Django exception and warning classes.
|
Global Django exception and warning classes.
|
||||||
"""
|
"""
|
||||||
|
import logging
|
||||||
from functools import reduce
|
from functools import reduce
|
||||||
|
|
||||||
|
|
||||||
|
@ -9,37 +10,56 @@ class DjangoRuntimeWarning(RuntimeWarning):
|
||||||
|
|
||||||
|
|
||||||
class ObjectDoesNotExist(Exception):
|
class ObjectDoesNotExist(Exception):
|
||||||
"The requested object does not exist"
|
"""The requested object does not exist"""
|
||||||
silent_variable_failure = True
|
silent_variable_failure = True
|
||||||
|
|
||||||
|
|
||||||
class MultipleObjectsReturned(Exception):
|
class MultipleObjectsReturned(Exception):
|
||||||
"The query returned multiple objects when only one was expected."
|
"""The query returned multiple objects when only one was expected."""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class SuspiciousOperation(Exception):
|
class SuspiciousOperation(Exception):
|
||||||
"The user did something suspicious"
|
"""The user did something suspicious"""
|
||||||
|
|
||||||
|
|
||||||
|
class SuspiciousMultipartForm(SuspiciousOperation):
|
||||||
|
"""Suspect MIME request in multipart form data"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class SuspiciousFileOperation(SuspiciousOperation):
|
||||||
|
"""A Suspicious filesystem operation was attempted"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class DisallowedHost(SuspiciousOperation):
|
||||||
|
"""HTTP_HOST header contains invalid value"""
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class DisallowedRedirect(SuspiciousOperation):
|
||||||
|
"""Redirect to scheme not in allowed list"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class PermissionDenied(Exception):
|
class PermissionDenied(Exception):
|
||||||
"The user did not have permission to do that"
|
"""The user did not have permission to do that"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class ViewDoesNotExist(Exception):
|
class ViewDoesNotExist(Exception):
|
||||||
"The requested view does not exist"
|
"""The requested view does not exist"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class MiddlewareNotUsed(Exception):
|
class MiddlewareNotUsed(Exception):
|
||||||
"This middleware is not used in this server configuration"
|
"""This middleware is not used in this server configuration"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
class ImproperlyConfigured(Exception):
|
class ImproperlyConfigured(Exception):
|
||||||
"Django is somehow improperly configured"
|
"""Django is somehow improperly configured"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@ import itertools
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousFileOperation
|
||||||
from django.core.files import locks, File
|
from django.core.files import locks, File
|
||||||
from django.core.files.move import file_move_safe
|
from django.core.files.move import file_move_safe
|
||||||
from django.utils.encoding import force_text, filepath_to_uri
|
from django.utils.encoding import force_text, filepath_to_uri
|
||||||
|
@ -260,7 +260,7 @@ class FileSystemStorage(Storage):
|
||||||
try:
|
try:
|
||||||
path = safe_join(self.location, name)
|
path = safe_join(self.location, name)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
raise SuspiciousOperation("Attempted access to '%s' denied." % name)
|
raise SuspiciousFileOperation("Attempted access to '%s' denied." % name)
|
||||||
return os.path.normpath(path)
|
return os.path.normpath(path)
|
||||||
|
|
||||||
def size(self, name):
|
def size(self, name):
|
||||||
|
|
|
@ -8,7 +8,7 @@ from django import http
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core import urlresolvers
|
from django.core import urlresolvers
|
||||||
from django.core import signals
|
from django.core import signals
|
||||||
from django.core.exceptions import MiddlewareNotUsed, PermissionDenied
|
from django.core.exceptions import MiddlewareNotUsed, PermissionDenied, SuspiciousOperation
|
||||||
from django.db import connections, transaction
|
from django.db import connections, transaction
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
from django.utils.module_loading import import_by_path
|
from django.utils.module_loading import import_by_path
|
||||||
|
@ -170,11 +170,27 @@ class BaseHandler(object):
|
||||||
response = self.handle_uncaught_exception(request,
|
response = self.handle_uncaught_exception(request,
|
||||||
resolver, sys.exc_info())
|
resolver, sys.exc_info())
|
||||||
|
|
||||||
|
except SuspiciousOperation as e:
|
||||||
|
# The request logger receives events for any problematic request
|
||||||
|
# The security logger receives events for all SuspiciousOperations
|
||||||
|
security_logger = logging.getLogger('django.security.%s' %
|
||||||
|
e.__class__.__name__)
|
||||||
|
security_logger.error(force_text(e))
|
||||||
|
|
||||||
|
try:
|
||||||
|
callback, param_dict = resolver.resolve400()
|
||||||
|
response = callback(request, **param_dict)
|
||||||
|
except:
|
||||||
|
signals.got_request_exception.send(
|
||||||
|
sender=self.__class__, request=request)
|
||||||
|
response = self.handle_uncaught_exception(request,
|
||||||
|
resolver, sys.exc_info())
|
||||||
|
|
||||||
except SystemExit:
|
except SystemExit:
|
||||||
# Allow sys.exit() to actually exit. See tickets #1023 and #4701
|
# Allow sys.exit() to actually exit. See tickets #1023 and #4701
|
||||||
raise
|
raise
|
||||||
|
|
||||||
except: # Handle everything else, including SuspiciousOperation, etc.
|
except: # Handle everything else.
|
||||||
# Get the exception info now, in case another exception is thrown later.
|
# Get the exception info now, in case another exception is thrown later.
|
||||||
signals.got_request_exception.send(sender=self.__class__, request=request)
|
signals.got_request_exception.send(sender=self.__class__, request=request)
|
||||||
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
|
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
|
||||||
|
|
|
@ -360,6 +360,9 @@ class RegexURLResolver(LocaleRegexProvider):
|
||||||
callback = getattr(urls, 'handler%s' % view_type)
|
callback = getattr(urls, 'handler%s' % view_type)
|
||||||
return get_callable(callback), {}
|
return get_callable(callback), {}
|
||||||
|
|
||||||
|
def resolve400(self):
|
||||||
|
return self._resolve_special('400')
|
||||||
|
|
||||||
def resolve403(self):
|
def resolve403(self):
|
||||||
return self._resolve_special('403')
|
return self._resolve_special('403')
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ import cgi
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import SuspiciousMultipartForm
|
||||||
from django.utils.datastructures import MultiValueDict
|
from django.utils.datastructures import MultiValueDict
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
|
@ -370,7 +370,7 @@ class LazyStream(six.Iterator):
|
||||||
if current_number == num_bytes])
|
if current_number == num_bytes])
|
||||||
|
|
||||||
if number_equal > 40:
|
if number_equal > 40:
|
||||||
raise SuspiciousOperation(
|
raise SuspiciousMultipartForm(
|
||||||
"The multipart parser got stuck, which shouldn't happen with"
|
"The multipart parser got stuck, which shouldn't happen with"
|
||||||
" normal uploaded files. Check for malicious upload activity;"
|
" normal uploaded files. Check for malicious upload activity;"
|
||||||
" if there is none, report this to the Django developers."
|
" if there is none, report this to the Django developers."
|
||||||
|
|
|
@ -14,7 +14,7 @@ except ImportError:
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core import signing
|
from django.core import signing
|
||||||
from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured
|
from django.core.exceptions import DisallowedHost, ImproperlyConfigured
|
||||||
from django.core.files import uploadhandler
|
from django.core.files import uploadhandler
|
||||||
from django.http.multipartparser import MultiPartParser
|
from django.http.multipartparser import MultiPartParser
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
|
@ -72,7 +72,7 @@ class HttpRequest(object):
|
||||||
msg = "Invalid HTTP_HOST header: %r." % host
|
msg = "Invalid HTTP_HOST header: %r." % host
|
||||||
if domain:
|
if domain:
|
||||||
msg += "You may need to add %r to ALLOWED_HOSTS." % domain
|
msg += "You may need to add %r to ALLOWED_HOSTS." % domain
|
||||||
raise SuspiciousOperation(msg)
|
raise DisallowedHost(msg)
|
||||||
|
|
||||||
def get_full_path(self):
|
def get_full_path(self):
|
||||||
# RFC 3986 requires query string arguments to be in the ASCII range.
|
# RFC 3986 requires query string arguments to be in the ASCII range.
|
||||||
|
|
|
@ -12,7 +12,7 @@ except ImportError:
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core import signals
|
from django.core import signals
|
||||||
from django.core import signing
|
from django.core import signing
|
||||||
from django.core.exceptions import SuspiciousOperation
|
from django.core.exceptions import DisallowedRedirect
|
||||||
from django.http.cookie import SimpleCookie
|
from django.http.cookie import SimpleCookie
|
||||||
from django.utils import six, timezone
|
from django.utils import six, timezone
|
||||||
from django.utils.encoding import force_bytes, iri_to_uri
|
from django.utils.encoding import force_bytes, iri_to_uri
|
||||||
|
@ -452,7 +452,7 @@ class HttpResponseRedirectBase(HttpResponse):
|
||||||
def __init__(self, redirect_to, *args, **kwargs):
|
def __init__(self, redirect_to, *args, **kwargs):
|
||||||
parsed = urlparse(redirect_to)
|
parsed = urlparse(redirect_to)
|
||||||
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
|
if parsed.scheme and parsed.scheme not in self.allowed_schemes:
|
||||||
raise SuspiciousOperation("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
|
raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
|
||||||
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
|
super(HttpResponseRedirectBase, self).__init__(*args, **kwargs)
|
||||||
self['Location'] = iri_to_uri(redirect_to)
|
self['Location'] = iri_to_uri(redirect_to)
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
from contextlib import contextmanager
|
||||||
|
import logging
|
||||||
import re
|
import re
|
||||||
import sys
|
import sys
|
||||||
import warnings
|
import warnings
|
||||||
|
@ -401,3 +403,21 @@ class IgnoreDeprecationWarningsMixin(object):
|
||||||
class IgnorePendingDeprecationWarningsMixin(IgnoreDeprecationWarningsMixin):
|
class IgnorePendingDeprecationWarningsMixin(IgnoreDeprecationWarningsMixin):
|
||||||
|
|
||||||
warning_class = PendingDeprecationWarning
|
warning_class = PendingDeprecationWarning
|
||||||
|
|
||||||
|
|
||||||
|
@contextmanager
|
||||||
|
def patch_logger(logger_name, log_level):
|
||||||
|
"""
|
||||||
|
Context manager that takes a named logger and the logging level
|
||||||
|
and provides a simple mock-like list of messages received
|
||||||
|
"""
|
||||||
|
calls = []
|
||||||
|
def replacement(msg):
|
||||||
|
calls.append(msg)
|
||||||
|
logger = logging.getLogger(logger_name)
|
||||||
|
orig = getattr(logger, log_level)
|
||||||
|
setattr(logger, log_level, replacement)
|
||||||
|
try:
|
||||||
|
yield calls
|
||||||
|
finally:
|
||||||
|
setattr(logger, log_level, orig)
|
||||||
|
|
|
@ -63,6 +63,11 @@ DEFAULT_LOGGING = {
|
||||||
'level': 'ERROR',
|
'level': 'ERROR',
|
||||||
'propagate': False,
|
'propagate': False,
|
||||||
},
|
},
|
||||||
|
'django.security': {
|
||||||
|
'handlers': ['mail_admins'],
|
||||||
|
'level': 'ERROR',
|
||||||
|
'propagate': False,
|
||||||
|
},
|
||||||
'py.warnings': {
|
'py.warnings': {
|
||||||
'handlers': ['console'],
|
'handlers': ['console'],
|
||||||
},
|
},
|
||||||
|
|
|
@ -43,6 +43,21 @@ def server_error(request, template_name='500.html'):
|
||||||
return http.HttpResponseServerError(template.render(Context({})))
|
return http.HttpResponseServerError(template.render(Context({})))
|
||||||
|
|
||||||
|
|
||||||
|
@requires_csrf_token
|
||||||
|
def bad_request(request, template_name='400.html'):
|
||||||
|
"""
|
||||||
|
400 error handler.
|
||||||
|
|
||||||
|
Templates: :template:`400.html`
|
||||||
|
Context: None
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
template = loader.get_template(template_name)
|
||||||
|
except TemplateDoesNotExist:
|
||||||
|
return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>')
|
||||||
|
return http.HttpResponseBadRequest(template.render(Context({})))
|
||||||
|
|
||||||
|
|
||||||
# This can be called when CsrfViewMiddleware.process_view has not run,
|
# This can be called when CsrfViewMiddleware.process_view has not run,
|
||||||
# therefore need @requires_csrf_token in case the template needs
|
# therefore need @requires_csrf_token in case the template needs
|
||||||
# {% csrf_token %}.
|
# {% csrf_token %}.
|
||||||
|
|
|
@ -44,9 +44,24 @@ SuspiciousOperation
|
||||||
-------------------
|
-------------------
|
||||||
.. exception:: SuspiciousOperation
|
.. exception:: SuspiciousOperation
|
||||||
|
|
||||||
The :exc:`SuspiciousOperation` exception is raised when a user has performed
|
The :exc:`SuspiciousOperation` exception is raised when a user has
|
||||||
an operation that should be considered suspicious from a security perspective,
|
performed an operation that should be considered suspicious from a security
|
||||||
such as tampering with a session cookie.
|
perspective, such as tampering with a session cookie. Subclasses of
|
||||||
|
SuspiciousOperation include:
|
||||||
|
|
||||||
|
* DisallowedHost
|
||||||
|
* DisallowedModelAdminLookup
|
||||||
|
* DisallowedRedirect
|
||||||
|
* InvalidSessionKey
|
||||||
|
* SuspiciousFileOperation
|
||||||
|
* SuspiciousMultipartForm
|
||||||
|
* SuspiciousSession
|
||||||
|
* WizardViewCookieModified
|
||||||
|
|
||||||
|
If a ``SuspiciousOperation`` exception reaches the WSGI handler level it is
|
||||||
|
logged at the ``Error`` level and results in
|
||||||
|
a :class:`~django.http.HttpResponseBadRequest`. See the :doc:`logging
|
||||||
|
documentation </topics/logging/>` for more information.
|
||||||
|
|
||||||
PermissionDenied
|
PermissionDenied
|
||||||
----------------
|
----------------
|
||||||
|
|
|
@ -270,6 +270,13 @@ Minor features
|
||||||
stores active language in session if it is not present there. This
|
stores active language in session if it is not present there. This
|
||||||
prevents loss of language settings after session flush, e.g. logout.
|
prevents loss of language settings after session flush, e.g. logout.
|
||||||
|
|
||||||
|
* :exc:`~django.core.exceptions.SuspiciousOperation` has been differentiated
|
||||||
|
into a number of subclasses, and each will log to a matching named logger
|
||||||
|
under the ``django.security`` logging hierarchy. Along with this change,
|
||||||
|
a ``handler400`` mechanism and default view are used whenever
|
||||||
|
a ``SuspiciousOperation`` reaches the WSGI handler to return an
|
||||||
|
``HttpResponseBadRequest``.
|
||||||
|
|
||||||
Backwards incompatible changes in 1.6
|
Backwards incompatible changes in 1.6
|
||||||
=====================================
|
=====================================
|
||||||
|
|
||||||
|
|
|
@ -231,3 +231,25 @@ same way you can for the 404 and 500 views by specifying a ``handler403`` in
|
||||||
your URLconf::
|
your URLconf::
|
||||||
|
|
||||||
handler403 = 'mysite.views.my_custom_permission_denied_view'
|
handler403 = 'mysite.views.my_custom_permission_denied_view'
|
||||||
|
|
||||||
|
.. _http_bad_request_view:
|
||||||
|
|
||||||
|
The 400 (bad request) view
|
||||||
|
--------------------------
|
||||||
|
|
||||||
|
When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django,
|
||||||
|
the it may be handled by a component of Django (for example resetting the
|
||||||
|
session data). If not specifically handled, Django will consider the current
|
||||||
|
request a 'bad request' instead of a server error.
|
||||||
|
|
||||||
|
The view ``django.views.defaults.bad_request``, is otherwise very similar to
|
||||||
|
the ``server_error`` view, but returns with the status code 400 indicating that
|
||||||
|
the error condition was the result of a client operation.
|
||||||
|
|
||||||
|
Like the ``server_error`` view, the default ``bad_request`` should suffice for
|
||||||
|
99% of Web applications, but if you want to override the view, you can specify
|
||||||
|
``handler400`` in your URLconf, like so::
|
||||||
|
|
||||||
|
handler400 = 'mysite.views.my_custom_bad_request_view'
|
||||||
|
|
||||||
|
``bad_request`` views are also only used when :setting:`DEBUG` is ``False``.
|
||||||
|
|
|
@ -394,7 +394,7 @@ requirements of logging in Web server environment.
|
||||||
Loggers
|
Loggers
|
||||||
-------
|
-------
|
||||||
|
|
||||||
Django provides three built-in loggers.
|
Django provides four built-in loggers.
|
||||||
|
|
||||||
``django``
|
``django``
|
||||||
~~~~~~~~~~
|
~~~~~~~~~~
|
||||||
|
@ -434,6 +434,35 @@ For performance reasons, SQL logging is only enabled when
|
||||||
``settings.DEBUG`` is set to ``True``, regardless of the logging
|
``settings.DEBUG`` is set to ``True``, regardless of the logging
|
||||||
level or handlers that are installed.
|
level or handlers that are installed.
|
||||||
|
|
||||||
|
``django.security.*``
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
The security loggers will receive messages on any occurrence of
|
||||||
|
:exc:`~django.core.exceptions.SuspiciousOperation`. There is a sub-logger for
|
||||||
|
each sub-type of SuspiciousOperation. The level of the log event depends on
|
||||||
|
where the exception is handled. Most occurrences are logged as a warning, while
|
||||||
|
any ``SuspiciousOperation`` that reaches the WSGI handler will be logged as an
|
||||||
|
error. For example, when an HTTP ``Host`` header is included in a request from
|
||||||
|
a client that does not match :setting:`ALLOWED_HOSTS`, Django will return a 400
|
||||||
|
response, and an error message will be logged to the
|
||||||
|
``django.security.DisallowedHost`` logger.
|
||||||
|
|
||||||
|
Only the parent ``django.security`` logger is configured by default, and all
|
||||||
|
child loggers will propagate to the parent logger. The ``django.security``
|
||||||
|
logger is configured the same as the ``django.request`` logger, and any error
|
||||||
|
events will be mailed to admins. Requests resulting in a 400 response due to
|
||||||
|
a ``SuspiciousOperation`` will not be logged to the ``django.request`` logger,
|
||||||
|
but only to the ``django.security`` logger.
|
||||||
|
|
||||||
|
To silence a particular type of SuspiciousOperation, you can override that
|
||||||
|
specific logger following this example::
|
||||||
|
|
||||||
|
'loggers': {
|
||||||
|
'django.security.DisallowedHost': {
|
||||||
|
'handlers': ['null'],
|
||||||
|
'propagate': False,
|
||||||
|
},
|
||||||
|
|
||||||
Handlers
|
Handlers
|
||||||
--------
|
--------
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,6 @@ except ImportError: # Python 2
|
||||||
|
|
||||||
from django.conf import settings, global_settings
|
from django.conf import settings, global_settings
|
||||||
from django.core import mail
|
from django.core import mail
|
||||||
from django.core.exceptions import SuspiciousOperation
|
|
||||||
from django.core.files import temp as tempfile
|
from django.core.files import temp as tempfile
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
# Register auth models with the admin.
|
# Register auth models with the admin.
|
||||||
|
@ -30,6 +29,7 @@ from django.db import connection
|
||||||
from django.forms.util import ErrorList
|
from django.forms.util import ErrorList
|
||||||
from django.template.response import TemplateResponse
|
from django.template.response import TemplateResponse
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
|
from django.test.utils import patch_logger
|
||||||
from django.utils import formats, translation, unittest
|
from django.utils import formats, translation, unittest
|
||||||
from django.utils.cache import get_max_age
|
from django.utils.cache import get_max_age
|
||||||
from django.utils.encoding import iri_to_uri, force_bytes
|
from django.utils.encoding import iri_to_uri, force_bytes
|
||||||
|
@ -543,20 +543,21 @@ class AdminViewBasicTest(TestCase):
|
||||||
self.assertContains(response, '%Y-%m-%d %H:%M:%S')
|
self.assertContains(response, '%Y-%m-%d %H:%M:%S')
|
||||||
|
|
||||||
def test_disallowed_filtering(self):
|
def test_disallowed_filtering(self):
|
||||||
self.assertRaises(SuspiciousOperation,
|
with patch_logger('django.security.DisallowedModelAdminLookup', 'error') as calls:
|
||||||
self.client.get, "/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy"
|
response = self.client.get("/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy")
|
||||||
)
|
self.assertEqual(response.status_code, 400)
|
||||||
|
self.assertEqual(len(calls), 1)
|
||||||
|
|
||||||
try:
|
# Filters are allowed if explicitly included in list_filter
|
||||||
self.client.get("/test_admin/admin/admin_views/thing/?color__value__startswith=red")
|
response = self.client.get("/test_admin/admin/admin_views/thing/?color__value__startswith=red")
|
||||||
self.client.get("/test_admin/admin/admin_views/thing/?color__value=red")
|
self.assertEqual(response.status_code, 200)
|
||||||
except SuspiciousOperation:
|
response = self.client.get("/test_admin/admin/admin_views/thing/?color__value=red")
|
||||||
self.fail("Filters are allowed if explicitly included in list_filter")
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
try:
|
# Filters should be allowed if they involve a local field without the
|
||||||
self.client.get("/test_admin/admin/admin_views/person/?age__gt=30")
|
# need to whitelist them in list_filter or date_hierarchy.
|
||||||
except SuspiciousOperation:
|
response = self.client.get("/test_admin/admin/admin_views/person/?age__gt=30")
|
||||||
self.fail("Filters should be allowed if they involve a local field without the need to whitelist them in list_filter or date_hierarchy.")
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123')
|
e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123')
|
||||||
e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124')
|
e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124')
|
||||||
|
@ -574,10 +575,9 @@ class AdminViewBasicTest(TestCase):
|
||||||
ForeignKey 'limit_choices_to' should be allowed, otherwise raw_id_fields
|
ForeignKey 'limit_choices_to' should be allowed, otherwise raw_id_fields
|
||||||
can break.
|
can break.
|
||||||
"""
|
"""
|
||||||
try:
|
# Filters should be allowed if they are defined on a ForeignKey pointing to this model
|
||||||
self.client.get("/test_admin/admin/admin_views/inquisition/?leader__name=Palin&leader__age=27")
|
response = self.client.get("/test_admin/admin/admin_views/inquisition/?leader__name=Palin&leader__age=27")
|
||||||
except SuspiciousOperation:
|
self.assertEqual(response.status_code, 200)
|
||||||
self.fail("Filters should be allowed if they are defined on a ForeignKey pointing to this model")
|
|
||||||
|
|
||||||
def test_hide_change_password(self):
|
def test_hide_change_password(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -61,6 +61,7 @@ class TransactionsPerRequestTests(TransactionTestCase):
|
||||||
connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests
|
connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests
|
||||||
self.assertContains(response, 'False')
|
self.assertContains(response, 'False')
|
||||||
|
|
||||||
|
|
||||||
class SignalsTests(TestCase):
|
class SignalsTests(TestCase):
|
||||||
urls = 'handlers.urls'
|
urls = 'handlers.urls'
|
||||||
|
|
||||||
|
@ -89,3 +90,11 @@ class SignalsTests(TestCase):
|
||||||
self.assertEqual(self.signals, ['started'])
|
self.assertEqual(self.signals, ['started'])
|
||||||
self.assertEqual(b''.join(response.streaming_content), b"streaming content")
|
self.assertEqual(b''.join(response.streaming_content), b"streaming content")
|
||||||
self.assertEqual(self.signals, ['started', 'finished'])
|
self.assertEqual(self.signals, ['started', 'finished'])
|
||||||
|
|
||||||
|
|
||||||
|
class HandlerSuspiciousOpsTest(TestCase):
|
||||||
|
urls = 'handlers.urls'
|
||||||
|
|
||||||
|
def test_suspiciousop_in_view_returns_400(self):
|
||||||
|
response = self.client.get('/suspicious/')
|
||||||
|
self.assertEqual(response.status_code, 400)
|
||||||
|
|
|
@ -9,4 +9,5 @@ urlpatterns = patterns('',
|
||||||
url(r'^streaming/$', views.streaming),
|
url(r'^streaming/$', views.streaming),
|
||||||
url(r'^in_transaction/$', views.in_transaction),
|
url(r'^in_transaction/$', views.in_transaction),
|
||||||
url(r'^not_in_transaction/$', views.not_in_transaction),
|
url(r'^not_in_transaction/$', views.not_in_transaction),
|
||||||
|
url(r'^suspicious/$', views.suspicious),
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.core.exceptions import SuspiciousOperation
|
||||||
from django.db import connection, transaction
|
from django.db import connection, transaction
|
||||||
from django.http import HttpResponse, StreamingHttpResponse
|
from django.http import HttpResponse, StreamingHttpResponse
|
||||||
|
|
||||||
|
@ -15,3 +16,6 @@ def in_transaction(request):
|
||||||
@transaction.non_atomic_requests
|
@transaction.non_atomic_requests
|
||||||
def not_in_transaction(request):
|
def not_in_transaction(request):
|
||||||
return HttpResponse(str(connection.in_atomic_block))
|
return HttpResponse(str(connection.in_atomic_block))
|
||||||
|
|
||||||
|
def suspicious(request):
|
||||||
|
raise SuspiciousOperation('dubious')
|
||||||
|
|
|
@ -8,9 +8,10 @@ import warnings
|
||||||
from django.conf import LazySettings
|
from django.conf import LazySettings
|
||||||
from django.core import mail
|
from django.core import mail
|
||||||
from django.test import TestCase, RequestFactory
|
from django.test import TestCase, RequestFactory
|
||||||
from django.test.utils import override_settings
|
from django.test.utils import override_settings, patch_logger
|
||||||
from django.utils.encoding import force_text
|
from django.utils.encoding import force_text
|
||||||
from django.utils.log import CallbackFilter, RequireDebugFalse, RequireDebugTrue
|
from django.utils.log import (CallbackFilter, RequireDebugFalse,
|
||||||
|
RequireDebugTrue)
|
||||||
from django.utils.six import StringIO
|
from django.utils.six import StringIO
|
||||||
from django.utils.unittest import skipUnless
|
from django.utils.unittest import skipUnless
|
||||||
|
|
||||||
|
@ -354,3 +355,22 @@ class SettingsConfigureLogging(TestCase):
|
||||||
settings.configure(
|
settings.configure(
|
||||||
LOGGING_CONFIG='logging_tests.tests.dictConfig')
|
LOGGING_CONFIG='logging_tests.tests.dictConfig')
|
||||||
self.assertTrue(dictConfig.called)
|
self.assertTrue(dictConfig.called)
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityLoggerTest(TestCase):
|
||||||
|
|
||||||
|
urls = 'logging_tests.urls'
|
||||||
|
|
||||||
|
def test_suspicious_operation_creates_log_message(self):
|
||||||
|
with self.settings(DEBUG=True):
|
||||||
|
with patch_logger('django.security.SuspiciousOperation', 'error') as calls:
|
||||||
|
response = self.client.get('/suspicious/')
|
||||||
|
self.assertEqual(len(calls), 1)
|
||||||
|
self.assertEqual(calls[0], 'dubious')
|
||||||
|
|
||||||
|
def test_suspicious_operation_uses_sublogger(self):
|
||||||
|
with self.settings(DEBUG=True):
|
||||||
|
with patch_logger('django.security.DisallowedHost', 'error') as calls:
|
||||||
|
response = self.client.get('/suspicious_spec/')
|
||||||
|
self.assertEqual(len(calls), 1)
|
||||||
|
self.assertEqual(calls[0], 'dubious')
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
|
|
||||||
|
from . import views
|
||||||
|
|
||||||
|
urlpatterns = patterns('',
|
||||||
|
url(r'^suspicious/$', views.suspicious),
|
||||||
|
url(r'^suspicious_spec/$', views.suspicious_spec),
|
||||||
|
)
|
|
@ -0,0 +1,11 @@
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.core.exceptions import SuspiciousOperation, DisallowedHost
|
||||||
|
|
||||||
|
|
||||||
|
def suspicious(request):
|
||||||
|
raise SuspiciousOperation('dubious')
|
||||||
|
|
||||||
|
|
||||||
|
def suspicious_spec(request):
|
||||||
|
raise DisallowedHost('dubious')
|
|
@ -7,7 +7,6 @@ from __future__ import unicode_literals
|
||||||
import os
|
import os
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.exceptions import SuspiciousOperation
|
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.template import (TemplateDoesNotExist, TemplateSyntaxError,
|
from django.template import (TemplateDoesNotExist, TemplateSyntaxError,
|
||||||
Context, Template, loader)
|
Context, Template, loader)
|
||||||
|
@ -20,6 +19,7 @@ from django.utils._os import upath
|
||||||
from django.utils.translation import ugettext_lazy
|
from django.utils.translation import ugettext_lazy
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
|
|
||||||
|
from .views import CustomTestException
|
||||||
|
|
||||||
@override_settings(
|
@override_settings(
|
||||||
TEMPLATE_DIRS=(os.path.join(os.path.dirname(upath(__file__)), 'templates'),)
|
TEMPLATE_DIRS=(os.path.join(os.path.dirname(upath(__file__)), 'templates'),)
|
||||||
|
@ -619,7 +619,7 @@ class ExceptionTests(TestCase):
|
||||||
try:
|
try:
|
||||||
response = self.client.get("/test_client_regress/staff_only/")
|
response = self.client.get("/test_client_regress/staff_only/")
|
||||||
self.fail("General users should not be able to visit this page")
|
self.fail("General users should not be able to visit this page")
|
||||||
except SuspiciousOperation:
|
except CustomTestException:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
# At this point, an exception has been raised, and should be cleared.
|
# At this point, an exception has been raised, and should be cleared.
|
||||||
|
@ -629,7 +629,7 @@ class ExceptionTests(TestCase):
|
||||||
self.assertTrue(login, 'Could not log in')
|
self.assertTrue(login, 'Could not log in')
|
||||||
try:
|
try:
|
||||||
self.client.get("/test_client_regress/staff_only/")
|
self.client.get("/test_client_regress/staff_only/")
|
||||||
except SuspiciousOperation:
|
except CustomTestException:
|
||||||
self.fail("Staff should be able to visit this page")
|
self.fail("Staff should be able to visit this page")
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -3,12 +3,15 @@ import json
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.http import HttpResponse, HttpResponseRedirect
|
from django.http import HttpResponse, HttpResponseRedirect
|
||||||
from django.core.exceptions import SuspiciousOperation
|
|
||||||
from django.shortcuts import render_to_response
|
from django.shortcuts import render_to_response
|
||||||
from django.core.serializers.json import DjangoJSONEncoder
|
from django.core.serializers.json import DjangoJSONEncoder
|
||||||
from django.test.client import CONTENT_TYPE_RE
|
from django.test.client import CONTENT_TYPE_RE
|
||||||
from django.template import RequestContext
|
from django.template import RequestContext
|
||||||
|
|
||||||
|
|
||||||
|
class CustomTestException(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
def no_template_view(request):
|
def no_template_view(request):
|
||||||
"A simple view that expects a GET request, and returns a rendered template"
|
"A simple view that expects a GET request, and returns a rendered template"
|
||||||
return HttpResponse("No template used. Sample content: twice once twice. Content ends.")
|
return HttpResponse("No template used. Sample content: twice once twice. Content ends.")
|
||||||
|
@ -18,7 +21,7 @@ def staff_only_view(request):
|
||||||
if request.user.is_staff:
|
if request.user.is_staff:
|
||||||
return HttpResponse('')
|
return HttpResponse('')
|
||||||
else:
|
else:
|
||||||
raise SuspiciousOperation()
|
raise CustomTestException()
|
||||||
|
|
||||||
def get_view(request):
|
def get_view(request):
|
||||||
"A simple login protected view"
|
"A simple login protected view"
|
||||||
|
|
|
@ -516,7 +516,7 @@ class RequestURLconfTests(TestCase):
|
||||||
b''.join(self.client.get('/second_test/'))
|
b''.join(self.client.get('/second_test/'))
|
||||||
|
|
||||||
class ErrorHandlerResolutionTests(TestCase):
|
class ErrorHandlerResolutionTests(TestCase):
|
||||||
"""Tests for handler404 and handler500"""
|
"""Tests for handler400, handler404 and handler500"""
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
from django.core.urlresolvers import RegexURLResolver
|
from django.core.urlresolvers import RegexURLResolver
|
||||||
|
@ -528,12 +528,14 @@ class ErrorHandlerResolutionTests(TestCase):
|
||||||
def test_named_handlers(self):
|
def test_named_handlers(self):
|
||||||
from .views import empty_view
|
from .views import empty_view
|
||||||
handler = (empty_view, {})
|
handler = (empty_view, {})
|
||||||
|
self.assertEqual(self.resolver.resolve400(), handler)
|
||||||
self.assertEqual(self.resolver.resolve404(), handler)
|
self.assertEqual(self.resolver.resolve404(), handler)
|
||||||
self.assertEqual(self.resolver.resolve500(), handler)
|
self.assertEqual(self.resolver.resolve500(), handler)
|
||||||
|
|
||||||
def test_callable_handers(self):
|
def test_callable_handers(self):
|
||||||
from .views import empty_view
|
from .views import empty_view
|
||||||
handler = (empty_view, {})
|
handler = (empty_view, {})
|
||||||
|
self.assertEqual(self.callable_resolver.resolve400(), handler)
|
||||||
self.assertEqual(self.callable_resolver.resolve404(), handler)
|
self.assertEqual(self.callable_resolver.resolve404(), handler)
|
||||||
self.assertEqual(self.callable_resolver.resolve500(), handler)
|
self.assertEqual(self.callable_resolver.resolve500(), handler)
|
||||||
|
|
||||||
|
|
|
@ -4,5 +4,6 @@ from django.conf.urls import patterns
|
||||||
|
|
||||||
urlpatterns = patterns('')
|
urlpatterns = patterns('')
|
||||||
|
|
||||||
|
handler400 = 'urlpatterns_reverse.views.empty_view'
|
||||||
handler404 = 'urlpatterns_reverse.views.empty_view'
|
handler404 = 'urlpatterns_reverse.views.empty_view'
|
||||||
handler500 = 'urlpatterns_reverse.views.empty_view'
|
handler500 = 'urlpatterns_reverse.views.empty_view'
|
||||||
|
|
|
@ -9,5 +9,6 @@ from .views import empty_view
|
||||||
|
|
||||||
urlpatterns = patterns('')
|
urlpatterns = patterns('')
|
||||||
|
|
||||||
|
handler400 = empty_view
|
||||||
handler404 = empty_view
|
handler404 = empty_view
|
||||||
handler500 = empty_view
|
handler500 = empty_view
|
||||||
|
|
Loading…
Reference in New Issue