mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.
This commit is contained in:
		| @@ -5,8 +5,9 @@ from django.utils.importlib import import_module | |||||||
| from django.utils import six | from django.utils import six | ||||||
|  |  | ||||||
|  |  | ||||||
| __all__ = ['handler403', 'handler404', 'handler500', 'include', 'patterns', 'url'] | __all__ = ['handler400', 'handler403', 'handler404', 'handler500', 'include', 'patterns', 'url'] | ||||||
|  |  | ||||||
|  | handler400 = 'django.views.defaults.bad_request' | ||||||
| handler403 = 'django.views.defaults.permission_denied' | handler403 = 'django.views.defaults.permission_denied' | ||||||
| handler404 = 'django.views.defaults.page_not_found' | handler404 = 'django.views.defaults.page_not_found' | ||||||
| handler500 = 'django.views.defaults.server_error' | handler500 = 'django.views.defaults.server_error' | ||||||
|   | |||||||
							
								
								
									
										6
									
								
								django/contrib/admin/exceptions.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								django/contrib/admin/exceptions.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | |||||||
|  | from django.core.exceptions import SuspiciousOperation | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class DisallowedModelAdminLookup(SuspiciousOperation): | ||||||
|  |     """Invalid filter was passed to admin view via URL querystring""" | ||||||
|  |     pass | ||||||
| @@ -14,6 +14,7 @@ from django.utils.translation import ugettext, ugettext_lazy | |||||||
| from django.utils.http import urlencode | from django.utils.http import urlencode | ||||||
|  |  | ||||||
| from django.contrib.admin import FieldListFilter | from django.contrib.admin import FieldListFilter | ||||||
|  | from django.contrib.admin.exceptions import DisallowedModelAdminLookup | ||||||
| from django.contrib.admin.options import IncorrectLookupParameters | from django.contrib.admin.options import IncorrectLookupParameters | ||||||
| from django.contrib.admin.util import (quote, get_fields_from_path, | from django.contrib.admin.util import (quote, get_fields_from_path, | ||||||
|     lookup_needs_distinct, prepare_lookup_value) |     lookup_needs_distinct, prepare_lookup_value) | ||||||
| @@ -128,7 +129,7 @@ class ChangeList(six.with_metaclass(RenameChangeListMethods)): | |||||||
|                 lookup_params[force_str(key)] = value |                 lookup_params[force_str(key)] = value | ||||||
|  |  | ||||||
|             if not self.model_admin.lookup_allowed(key, value): |             if not self.model_admin.lookup_allowed(key, value): | ||||||
|                 raise SuspiciousOperation("Filtering by %s not allowed" % key) |                 raise DisallowedModelAdminLookup("Filtering by %s not allowed" % key) | ||||||
|  |  | ||||||
|         filter_specs = [] |         filter_specs = [] | ||||||
|         if self.list_filter: |         if self.list_filter: | ||||||
|   | |||||||
| @@ -10,7 +10,6 @@ from django.conf import global_settings, settings | |||||||
| from django.contrib.sites.models import Site, RequestSite | from django.contrib.sites.models import Site, RequestSite | ||||||
| from django.contrib.auth.models import User | from django.contrib.auth.models import User | ||||||
| from django.core import mail | from django.core import mail | ||||||
| from django.core.exceptions import SuspiciousOperation |  | ||||||
| from django.core.urlresolvers import reverse, NoReverseMatch | from django.core.urlresolvers import reverse, NoReverseMatch | ||||||
| from django.http import QueryDict, HttpRequest | from django.http import QueryDict, HttpRequest | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
| @@ -18,7 +17,7 @@ from django.utils.html import escape | |||||||
| from django.utils.http import urlquote | from django.utils.http import urlquote | ||||||
| from django.utils._os import upath | from django.utils._os import upath | ||||||
| from django.test import TestCase | from django.test import TestCase | ||||||
| from django.test.utils import override_settings | from django.test.utils import override_settings, patch_logger | ||||||
| from django.middleware.csrf import CsrfViewMiddleware | from django.middleware.csrf import CsrfViewMiddleware | ||||||
| from django.contrib.sessions.middleware import SessionMiddleware | from django.contrib.sessions.middleware import SessionMiddleware | ||||||
|  |  | ||||||
| @@ -155,23 +154,28 @@ class PasswordResetTest(AuthViewsTestCase): | |||||||
|         # produce a meaningful reset URL, we need to be certain that the |         # produce a meaningful reset URL, we need to be certain that the | ||||||
|         # HTTP_HOST header isn't poisoned. This is done as a check when get_host() |         # HTTP_HOST header isn't poisoned. This is done as a check when get_host() | ||||||
|         # is invoked, but we check here as a practical consequence. |         # is invoked, but we check here as a practical consequence. | ||||||
|         with self.assertRaises(SuspiciousOperation): |         with patch_logger('django.security.DisallowedHost', 'error') as logger_calls: | ||||||
|             self.client.post('/password_reset/', |             response = self.client.post('/password_reset/', | ||||||
|                 {'email': 'staffmember@example.com'}, |                     {'email': 'staffmember@example.com'}, | ||||||
|                 HTTP_HOST='www.example:dr.frankenstein@evil.tld' |                     HTTP_HOST='www.example:dr.frankenstein@evil.tld' | ||||||
|             ) |                 ) | ||||||
|         self.assertEqual(len(mail.outbox), 0) |             self.assertEqual(response.status_code, 400) | ||||||
|  |             self.assertEqual(len(mail.outbox), 0) | ||||||
|  |             self.assertEqual(len(logger_calls), 1) | ||||||
|  |  | ||||||
|     # Skip any 500 handler action (like sending more mail...) |     # Skip any 500 handler action (like sending more mail...) | ||||||
|     @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True) |     @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True) | ||||||
|     def test_poisoned_http_host_admin_site(self): |     def test_poisoned_http_host_admin_site(self): | ||||||
|         "Poisoned HTTP_HOST headers can't be used for reset emails on admin views" |         "Poisoned HTTP_HOST headers can't be used for reset emails on admin views" | ||||||
|         with self.assertRaises(SuspiciousOperation): |         with patch_logger('django.security.DisallowedHost', 'error') as logger_calls: | ||||||
|             self.client.post('/admin_password_reset/', |             response = self.client.post('/admin_password_reset/', | ||||||
|                 {'email': 'staffmember@example.com'}, |                     {'email': 'staffmember@example.com'}, | ||||||
|                 HTTP_HOST='www.example:dr.frankenstein@evil.tld' |                     HTTP_HOST='www.example:dr.frankenstein@evil.tld' | ||||||
|             ) |                 ) | ||||||
|         self.assertEqual(len(mail.outbox), 0) |             self.assertEqual(response.status_code, 400) | ||||||
|  |             self.assertEqual(len(mail.outbox), 0) | ||||||
|  |             self.assertEqual(len(logger_calls), 1) | ||||||
|  |  | ||||||
|  |  | ||||||
|     def _test_confirm_start(self): |     def _test_confirm_start(self): | ||||||
|         # Start by creating the email |         # Start by creating the email | ||||||
| @@ -678,5 +682,7 @@ class ChangelistTests(AuthViewsTestCase): | |||||||
|         self.login() |         self.login() | ||||||
|  |  | ||||||
|         # A lookup that tries to filter on password isn't OK |         # A lookup that tries to filter on password isn't OK | ||||||
|         with self.assertRaises(SuspiciousOperation): |         with patch_logger('django.security.DisallowedModelAdminLookup', 'error') as logger_calls: | ||||||
|             response = self.client.get('/admin/auth/user/?password__startswith=sha1$') |             response = self.client.get('/admin/auth/user/?password__startswith=sha1$') | ||||||
|  |             self.assertEqual(response.status_code, 400) | ||||||
|  |             self.assertEqual(len(logger_calls), 1) | ||||||
|   | |||||||
							
								
								
									
										6
									
								
								django/contrib/formtools/exceptions.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								django/contrib/formtools/exceptions.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | |||||||
|  | from django.core.exceptions import SuspiciousOperation | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class WizardViewCookieModified(SuspiciousOperation): | ||||||
|  |     """Signature of cookie modified""" | ||||||
|  |     pass | ||||||
| @@ -1,8 +1,8 @@ | |||||||
| import json | import json | ||||||
|  |  | ||||||
| from django.core.exceptions import SuspiciousOperation |  | ||||||
| from django.core.signing import BadSignature | from django.core.signing import BadSignature | ||||||
|  |  | ||||||
|  | from django.contrib.formtools.exceptions import WizardViewCookieModified | ||||||
| from django.contrib.formtools.wizard import storage | from django.contrib.formtools.wizard import storage | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -21,7 +21,7 @@ class CookieStorage(storage.BaseStorage): | |||||||
|         except KeyError: |         except KeyError: | ||||||
|             data = None |             data = None | ||||||
|         except BadSignature: |         except BadSignature: | ||||||
|             raise SuspiciousOperation('WizardView cookie manipulated') |             raise WizardViewCookieModified('WizardView cookie manipulated') | ||||||
|         if data is None: |         if data is None: | ||||||
|             return None |             return None | ||||||
|         return json.loads(data, cls=json.JSONDecoder) |         return json.loads(data, cls=json.JSONDecoder) | ||||||
|   | |||||||
| @@ -2,6 +2,8 @@ from __future__ import unicode_literals | |||||||
|  |  | ||||||
| import base64 | import base64 | ||||||
| from datetime import datetime, timedelta | from datetime import datetime, timedelta | ||||||
|  | import logging | ||||||
|  |  | ||||||
| try: | try: | ||||||
|     from django.utils.six.moves import cPickle as pickle |     from django.utils.six.moves import cPickle as pickle | ||||||
| except ImportError: | except ImportError: | ||||||
| @@ -14,7 +16,9 @@ from django.utils.crypto import constant_time_compare | |||||||
| from django.utils.crypto import get_random_string | from django.utils.crypto import get_random_string | ||||||
| from django.utils.crypto import salted_hmac | from django.utils.crypto import salted_hmac | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
| from django.utils.encoding import force_bytes | from django.utils.encoding import force_bytes, force_text | ||||||
|  |  | ||||||
|  | from django.contrib.sessions.exceptions import SuspiciousSession | ||||||
|  |  | ||||||
| # session_key should not be case sensitive because some backends can store it | # session_key should not be case sensitive because some backends can store it | ||||||
| # on case insensitive file systems. | # on case insensitive file systems. | ||||||
| @@ -94,12 +98,16 @@ class SessionBase(object): | |||||||
|             hash, pickled = encoded_data.split(b':', 1) |             hash, pickled = encoded_data.split(b':', 1) | ||||||
|             expected_hash = self._hash(pickled) |             expected_hash = self._hash(pickled) | ||||||
|             if not constant_time_compare(hash.decode(), expected_hash): |             if not constant_time_compare(hash.decode(), expected_hash): | ||||||
|                 raise SuspiciousOperation("Session data corrupted") |                 raise SuspiciousSession("Session data corrupted") | ||||||
|             else: |             else: | ||||||
|                 return pickle.loads(pickled) |                 return pickle.loads(pickled) | ||||||
|         except Exception: |         except Exception as e: | ||||||
|             # ValueError, SuspiciousOperation, unpickling exceptions. If any of |             # ValueError, SuspiciousOperation, unpickling exceptions. If any of | ||||||
|             # these happen, just return an empty dictionary (an empty session). |             # these happen, just return an empty dictionary (an empty session). | ||||||
|  |             if isinstance(e, SuspiciousOperation): | ||||||
|  |                 logger = logging.getLogger('django.security.%s' % | ||||||
|  |                         e.__class__.__name__) | ||||||
|  |                 logger.warning(force_text(e)) | ||||||
|             return {} |             return {} | ||||||
|  |  | ||||||
|     def update(self, dict_): |     def update(self, dict_): | ||||||
|   | |||||||
| @@ -2,10 +2,13 @@ | |||||||
| Cached, database-backed sessions. | Cached, database-backed sessions. | ||||||
| """ | """ | ||||||
|  |  | ||||||
|  | import logging | ||||||
|  |  | ||||||
| from django.contrib.sessions.backends.db import SessionStore as DBStore | from django.contrib.sessions.backends.db import SessionStore as DBStore | ||||||
| from django.core.cache import cache | from django.core.cache import cache | ||||||
| from django.core.exceptions import SuspiciousOperation | from django.core.exceptions import SuspiciousOperation | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
|  | from django.utils.encoding import force_text | ||||||
|  |  | ||||||
| KEY_PREFIX = "django.contrib.sessions.cached_db" | KEY_PREFIX = "django.contrib.sessions.cached_db" | ||||||
|  |  | ||||||
| @@ -41,7 +44,11 @@ class SessionStore(DBStore): | |||||||
|                 data = self.decode(s.session_data) |                 data = self.decode(s.session_data) | ||||||
|                 cache.set(self.cache_key, data, |                 cache.set(self.cache_key, data, | ||||||
|                     self.get_expiry_age(expiry=s.expire_date)) |                     self.get_expiry_age(expiry=s.expire_date)) | ||||||
|             except (Session.DoesNotExist, SuspiciousOperation): |             except (Session.DoesNotExist, SuspiciousOperation) as e: | ||||||
|  |                 if isinstance(e, SuspiciousOperation): | ||||||
|  |                     logger = logging.getLogger('django.security.%s' % | ||||||
|  |                             e.__class__.__name__) | ||||||
|  |                     logger.warning(force_text(e)) | ||||||
|                 self.create() |                 self.create() | ||||||
|                 data = {} |                 data = {} | ||||||
|         return data |         return data | ||||||
|   | |||||||
| @@ -1,8 +1,10 @@ | |||||||
|  | import logging | ||||||
|  |  | ||||||
| from django.contrib.sessions.backends.base import SessionBase, CreateError | from django.contrib.sessions.backends.base import SessionBase, CreateError | ||||||
| from django.core.exceptions import SuspiciousOperation | from django.core.exceptions import SuspiciousOperation | ||||||
| from django.db import IntegrityError, transaction, router | from django.db import IntegrityError, transaction, router | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
|  | from django.utils.encoding import force_text | ||||||
|  |  | ||||||
| class SessionStore(SessionBase): | class SessionStore(SessionBase): | ||||||
|     """ |     """ | ||||||
| @@ -18,7 +20,11 @@ class SessionStore(SessionBase): | |||||||
|                 expire_date__gt=timezone.now() |                 expire_date__gt=timezone.now() | ||||||
|             ) |             ) | ||||||
|             return self.decode(s.session_data) |             return self.decode(s.session_data) | ||||||
|         except (Session.DoesNotExist, SuspiciousOperation): |         except (Session.DoesNotExist, SuspiciousOperation) as e: | ||||||
|  |             if isinstance(e, SuspiciousOperation): | ||||||
|  |                 logger = logging.getLogger('django.security.%s' % | ||||||
|  |                         e.__class__.__name__) | ||||||
|  |                 logger.warning(force_text(e)) | ||||||
|             self.create() |             self.create() | ||||||
|             return {} |             return {} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,5 +1,6 @@ | |||||||
| import datetime | import datetime | ||||||
| import errno | import errno | ||||||
|  | import logging | ||||||
| import os | import os | ||||||
| import shutil | import shutil | ||||||
| import tempfile | import tempfile | ||||||
| @@ -8,6 +9,9 @@ from django.conf import settings | |||||||
| from django.contrib.sessions.backends.base import SessionBase, CreateError, VALID_KEY_CHARS | from django.contrib.sessions.backends.base import SessionBase, CreateError, VALID_KEY_CHARS | ||||||
| from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured | from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
|  | from django.utils.encoding import force_text | ||||||
|  |  | ||||||
|  | from django.contrib.sessions.exceptions import InvalidSessionKey | ||||||
|  |  | ||||||
| class SessionStore(SessionBase): | class SessionStore(SessionBase): | ||||||
|     """ |     """ | ||||||
| @@ -48,7 +52,7 @@ class SessionStore(SessionBase): | |||||||
|         # should always be md5s, so they should never contain directory |         # should always be md5s, so they should never contain directory | ||||||
|         # components. |         # components. | ||||||
|         if not set(session_key).issubset(set(VALID_KEY_CHARS)): |         if not set(session_key).issubset(set(VALID_KEY_CHARS)): | ||||||
|             raise SuspiciousOperation( |             raise InvalidSessionKey( | ||||||
|                 "Invalid characters in session key") |                 "Invalid characters in session key") | ||||||
|  |  | ||||||
|         return os.path.join(self.storage_path, self.file_prefix + session_key) |         return os.path.join(self.storage_path, self.file_prefix + session_key) | ||||||
| @@ -75,7 +79,11 @@ class SessionStore(SessionBase): | |||||||
|             if file_data: |             if file_data: | ||||||
|                 try: |                 try: | ||||||
|                     session_data = self.decode(file_data) |                     session_data = self.decode(file_data) | ||||||
|                 except (EOFError, SuspiciousOperation): |                 except (EOFError, SuspiciousOperation) as e: | ||||||
|  |                     if isinstance(e, SuspiciousOperation): | ||||||
|  |                         logger = logging.getLogger('django.security.%s' % | ||||||
|  |                                 e.__class__.__name__) | ||||||
|  |                         logger.warning(force_text(e)) | ||||||
|                     self.create() |                     self.create() | ||||||
|  |  | ||||||
|                 # Remove expired sessions. |                 # Remove expired sessions. | ||||||
|   | |||||||
							
								
								
									
										11
									
								
								django/contrib/sessions/exceptions.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								django/contrib/sessions/exceptions.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | from django.core.exceptions import SuspiciousOperation | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class InvalidSessionKey(SuspiciousOperation): | ||||||
|  |     """Invalid characters in session key""" | ||||||
|  |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class SuspiciousSession(SuspiciousOperation): | ||||||
|  |     """The session may be tampered with""" | ||||||
|  |     pass | ||||||
| @@ -1,3 +1,4 @@ | |||||||
|  | import base64 | ||||||
| from datetime import timedelta | from datetime import timedelta | ||||||
| import os | import os | ||||||
| import shutil | import shutil | ||||||
| @@ -15,14 +16,16 @@ from django.contrib.sessions.models import Session | |||||||
| from django.contrib.sessions.middleware import SessionMiddleware | from django.contrib.sessions.middleware import SessionMiddleware | ||||||
| from django.core.cache import get_cache | from django.core.cache import get_cache | ||||||
| from django.core import management | from django.core import management | ||||||
| from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation | from django.core.exceptions import ImproperlyConfigured | ||||||
| from django.http import HttpResponse | from django.http import HttpResponse | ||||||
| from django.test import TestCase, RequestFactory | from django.test import TestCase, RequestFactory | ||||||
| from django.test.utils import override_settings | from django.test.utils import override_settings, patch_logger | ||||||
| from django.utils import six | from django.utils import six | ||||||
| from django.utils import timezone | from django.utils import timezone | ||||||
| from django.utils import unittest | from django.utils import unittest | ||||||
|  |  | ||||||
|  | from django.contrib.sessions.exceptions import InvalidSessionKey | ||||||
|  |  | ||||||
|  |  | ||||||
| class SessionTestsMixin(object): | class SessionTestsMixin(object): | ||||||
|     # This does not inherit from TestCase to avoid any tests being run with this |     # This does not inherit from TestCase to avoid any tests being run with this | ||||||
| @@ -272,6 +275,15 @@ class SessionTestsMixin(object): | |||||||
|         encoded = self.session.encode(data) |         encoded = self.session.encode(data) | ||||||
|         self.assertEqual(self.session.decode(encoded), data) |         self.assertEqual(self.session.decode(encoded), data) | ||||||
|  |  | ||||||
|  |     def test_decode_failure_logged_to_security(self): | ||||||
|  |         bad_encode = base64.b64encode(b'flaskdj:alkdjf') | ||||||
|  |         with patch_logger('django.security.SuspiciousSession', 'warning') as calls: | ||||||
|  |             self.assertEqual({}, self.session.decode(bad_encode)) | ||||||
|  |             # check that the failed decode is logged | ||||||
|  |             self.assertEqual(len(calls), 1) | ||||||
|  |             self.assertTrue('corrupted' in calls[0]) | ||||||
|  |  | ||||||
|  |  | ||||||
|     def test_actual_expiry(self): |     def test_actual_expiry(self): | ||||||
|         # Regression test for #19200 |         # Regression test for #19200 | ||||||
|         old_session_key = None |         old_session_key = None | ||||||
| @@ -411,12 +423,12 @@ class FileSessionTests(SessionTestsMixin, unittest.TestCase): | |||||||
|         # This is tested directly on _key_to_file, as load() will swallow |         # This is tested directly on _key_to_file, as load() will swallow | ||||||
|         # a SuspiciousOperation in the same way as an IOError - by creating |         # a SuspiciousOperation in the same way as an IOError - by creating | ||||||
|         # a new session, making it unclear whether the slashes were detected. |         # a new session, making it unclear whether the slashes were detected. | ||||||
|         self.assertRaises(SuspiciousOperation, |         self.assertRaises(InvalidSessionKey, | ||||||
|                           self.backend()._key_to_file, "a\\b\\c") |                           self.backend()._key_to_file, "a\\b\\c") | ||||||
|  |  | ||||||
|     def test_invalid_key_forwardslash(self): |     def test_invalid_key_forwardslash(self): | ||||||
|         # Ensure we don't allow directory-traversal |         # Ensure we don't allow directory-traversal | ||||||
|         self.assertRaises(SuspiciousOperation, |         self.assertRaises(InvalidSessionKey, | ||||||
|                           self.backend()._key_to_file, "a/b/c") |                           self.backend()._key_to_file, "a/b/c") | ||||||
|  |  | ||||||
|     @override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file") |     @override_settings(SESSION_ENGINE="django.contrib.sessions.backends.file") | ||||||
|   | |||||||
| @@ -1,6 +1,7 @@ | |||||||
| """ | """ | ||||||
| Global Django exception and warning classes. | Global Django exception and warning classes. | ||||||
| """ | """ | ||||||
|  | import logging | ||||||
| from functools import reduce | from functools import reduce | ||||||
|  |  | ||||||
|  |  | ||||||
| @@ -9,37 +10,56 @@ class DjangoRuntimeWarning(RuntimeWarning): | |||||||
|  |  | ||||||
|  |  | ||||||
| class ObjectDoesNotExist(Exception): | class ObjectDoesNotExist(Exception): | ||||||
|     "The requested object does not exist" |     """The requested object does not exist""" | ||||||
|     silent_variable_failure = True |     silent_variable_failure = True | ||||||
|  |  | ||||||
|  |  | ||||||
| class MultipleObjectsReturned(Exception): | class MultipleObjectsReturned(Exception): | ||||||
|     "The query returned multiple objects when only one was expected." |     """The query returned multiple objects when only one was expected.""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
| class SuspiciousOperation(Exception): | class SuspiciousOperation(Exception): | ||||||
|     "The user did something suspicious" |     """The user did something suspicious""" | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class SuspiciousMultipartForm(SuspiciousOperation): | ||||||
|  |     """Suspect MIME request in multipart form data""" | ||||||
|  |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class SuspiciousFileOperation(SuspiciousOperation): | ||||||
|  |     """A Suspicious filesystem operation was attempted""" | ||||||
|  |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class DisallowedHost(SuspiciousOperation): | ||||||
|  |     """HTTP_HOST header contains invalid value""" | ||||||
|  |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class DisallowedRedirect(SuspiciousOperation): | ||||||
|  |     """Redirect to scheme not in allowed list""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
| class PermissionDenied(Exception): | class PermissionDenied(Exception): | ||||||
|     "The user did not have permission to do that" |     """The user did not have permission to do that""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
| class ViewDoesNotExist(Exception): | class ViewDoesNotExist(Exception): | ||||||
|     "The requested view does not exist" |     """The requested view does not exist""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
| class MiddlewareNotUsed(Exception): | class MiddlewareNotUsed(Exception): | ||||||
|     "This middleware is not used in this server configuration" |     """This middleware is not used in this server configuration""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
| class ImproperlyConfigured(Exception): | class ImproperlyConfigured(Exception): | ||||||
|     "Django is somehow improperly configured" |     """Django is somehow improperly configured""" | ||||||
|     pass |     pass | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ import itertools | |||||||
| from datetime import datetime | from datetime import datetime | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core.exceptions import SuspiciousOperation | from django.core.exceptions import SuspiciousFileOperation | ||||||
| from django.core.files import locks, File | from django.core.files import locks, File | ||||||
| from django.core.files.move import file_move_safe | from django.core.files.move import file_move_safe | ||||||
| from django.utils.encoding import force_text, filepath_to_uri | from django.utils.encoding import force_text, filepath_to_uri | ||||||
| @@ -260,7 +260,7 @@ class FileSystemStorage(Storage): | |||||||
|         try: |         try: | ||||||
|             path = safe_join(self.location, name) |             path = safe_join(self.location, name) | ||||||
|         except ValueError: |         except ValueError: | ||||||
|             raise SuspiciousOperation("Attempted access to '%s' denied." % name) |             raise SuspiciousFileOperation("Attempted access to '%s' denied." % name) | ||||||
|         return os.path.normpath(path) |         return os.path.normpath(path) | ||||||
|  |  | ||||||
|     def size(self, name): |     def size(self, name): | ||||||
|   | |||||||
| @@ -8,7 +8,7 @@ from django import http | |||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core import urlresolvers | from django.core import urlresolvers | ||||||
| from django.core import signals | from django.core import signals | ||||||
| from django.core.exceptions import MiddlewareNotUsed, PermissionDenied | from django.core.exceptions import MiddlewareNotUsed, PermissionDenied, SuspiciousOperation | ||||||
| from django.db import connections, transaction | from django.db import connections, transaction | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
| from django.utils.module_loading import import_by_path | from django.utils.module_loading import import_by_path | ||||||
| @@ -170,11 +170,27 @@ class BaseHandler(object): | |||||||
|                 response = self.handle_uncaught_exception(request, |                 response = self.handle_uncaught_exception(request, | ||||||
|                         resolver, sys.exc_info()) |                         resolver, sys.exc_info()) | ||||||
|  |  | ||||||
|  |         except SuspiciousOperation as e: | ||||||
|  |             # The request logger receives events for any problematic request | ||||||
|  |             # The security logger receives events for all SuspiciousOperations | ||||||
|  |             security_logger = logging.getLogger('django.security.%s' % | ||||||
|  |                             e.__class__.__name__) | ||||||
|  |             security_logger.error(force_text(e)) | ||||||
|  |  | ||||||
|  |             try: | ||||||
|  |                 callback, param_dict = resolver.resolve400() | ||||||
|  |                 response = callback(request, **param_dict) | ||||||
|  |             except: | ||||||
|  |                 signals.got_request_exception.send( | ||||||
|  |                         sender=self.__class__, request=request) | ||||||
|  |                 response = self.handle_uncaught_exception(request, | ||||||
|  |                         resolver, sys.exc_info()) | ||||||
|  |  | ||||||
|         except SystemExit: |         except SystemExit: | ||||||
|             # Allow sys.exit() to actually exit. See tickets #1023 and #4701 |             # Allow sys.exit() to actually exit. See tickets #1023 and #4701 | ||||||
|             raise |             raise | ||||||
|  |  | ||||||
|         except: # Handle everything else, including SuspiciousOperation, etc. |         except: # Handle everything else. | ||||||
|             # Get the exception info now, in case another exception is thrown later. |             # Get the exception info now, in case another exception is thrown later. | ||||||
|             signals.got_request_exception.send(sender=self.__class__, request=request) |             signals.got_request_exception.send(sender=self.__class__, request=request) | ||||||
|             response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) |             response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) | ||||||
|   | |||||||
| @@ -360,6 +360,9 @@ class RegexURLResolver(LocaleRegexProvider): | |||||||
|             callback = getattr(urls, 'handler%s' % view_type) |             callback = getattr(urls, 'handler%s' % view_type) | ||||||
|         return get_callable(callback), {} |         return get_callable(callback), {} | ||||||
|  |  | ||||||
|  |     def resolve400(self): | ||||||
|  |         return self._resolve_special('400') | ||||||
|  |  | ||||||
|     def resolve403(self): |     def resolve403(self): | ||||||
|         return self._resolve_special('403') |         return self._resolve_special('403') | ||||||
|  |  | ||||||
|   | |||||||
| @@ -11,7 +11,7 @@ import cgi | |||||||
| import sys | import sys | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core.exceptions import SuspiciousOperation | from django.core.exceptions import SuspiciousMultipartForm | ||||||
| from django.utils.datastructures import MultiValueDict | from django.utils.datastructures import MultiValueDict | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
| from django.utils import six | from django.utils import six | ||||||
| @@ -370,7 +370,7 @@ class LazyStream(six.Iterator): | |||||||
|                             if current_number == num_bytes]) |                             if current_number == num_bytes]) | ||||||
|  |  | ||||||
|         if number_equal > 40: |         if number_equal > 40: | ||||||
|             raise SuspiciousOperation( |             raise SuspiciousMultipartForm( | ||||||
|                 "The multipart parser got stuck, which shouldn't happen with" |                 "The multipart parser got stuck, which shouldn't happen with" | ||||||
|                 " normal uploaded files. Check for malicious upload activity;" |                 " normal uploaded files. Check for malicious upload activity;" | ||||||
|                 " if there is none, report this to the Django developers." |                 " if there is none, report this to the Django developers." | ||||||
|   | |||||||
| @@ -14,7 +14,7 @@ except ImportError: | |||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core import signing | from django.core import signing | ||||||
| from django.core.exceptions import SuspiciousOperation, ImproperlyConfigured | from django.core.exceptions import DisallowedHost, ImproperlyConfigured | ||||||
| from django.core.files import uploadhandler | from django.core.files import uploadhandler | ||||||
| from django.http.multipartparser import MultiPartParser | from django.http.multipartparser import MultiPartParser | ||||||
| from django.utils import six | from django.utils import six | ||||||
| @@ -72,7 +72,7 @@ class HttpRequest(object): | |||||||
|             msg = "Invalid HTTP_HOST header: %r." % host |             msg = "Invalid HTTP_HOST header: %r." % host | ||||||
|             if domain: |             if domain: | ||||||
|                 msg += "You may need to add %r to ALLOWED_HOSTS." % domain |                 msg += "You may need to add %r to ALLOWED_HOSTS." % domain | ||||||
|             raise SuspiciousOperation(msg) |             raise DisallowedHost(msg) | ||||||
|  |  | ||||||
|     def get_full_path(self): |     def get_full_path(self): | ||||||
|         # RFC 3986 requires query string arguments to be in the ASCII range. |         # RFC 3986 requires query string arguments to be in the ASCII range. | ||||||
|   | |||||||
| @@ -12,7 +12,7 @@ except ImportError: | |||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core import signals | from django.core import signals | ||||||
| from django.core import signing | from django.core import signing | ||||||
| from django.core.exceptions import SuspiciousOperation | from django.core.exceptions import DisallowedRedirect | ||||||
| from django.http.cookie import SimpleCookie | from django.http.cookie import SimpleCookie | ||||||
| from django.utils import six, timezone | from django.utils import six, timezone | ||||||
| from django.utils.encoding import force_bytes, iri_to_uri | from django.utils.encoding import force_bytes, iri_to_uri | ||||||
| @@ -452,7 +452,7 @@ class HttpResponseRedirectBase(HttpResponse): | |||||||
|     def __init__(self, redirect_to, *args, **kwargs): |     def __init__(self, redirect_to, *args, **kwargs): | ||||||
|         parsed = urlparse(redirect_to) |         parsed = urlparse(redirect_to) | ||||||
|         if parsed.scheme and parsed.scheme not in self.allowed_schemes: |         if parsed.scheme and parsed.scheme not in self.allowed_schemes: | ||||||
|             raise SuspiciousOperation("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) |             raise DisallowedRedirect("Unsafe redirect to URL with protocol '%s'" % parsed.scheme) | ||||||
|         super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) |         super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) | ||||||
|         self['Location'] = iri_to_uri(redirect_to) |         self['Location'] = iri_to_uri(redirect_to) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -1,3 +1,5 @@ | |||||||
|  | from contextlib import contextmanager | ||||||
|  | import logging | ||||||
| import re | import re | ||||||
| import sys | import sys | ||||||
| import warnings | import warnings | ||||||
| @@ -401,3 +403,21 @@ class IgnoreDeprecationWarningsMixin(object): | |||||||
| class IgnorePendingDeprecationWarningsMixin(IgnoreDeprecationWarningsMixin): | class IgnorePendingDeprecationWarningsMixin(IgnoreDeprecationWarningsMixin): | ||||||
|  |  | ||||||
|         warning_class = PendingDeprecationWarning |         warning_class = PendingDeprecationWarning | ||||||
|  |  | ||||||
|  |  | ||||||
|  | @contextmanager | ||||||
|  | def patch_logger(logger_name, log_level): | ||||||
|  |     """ | ||||||
|  |     Context manager that takes a named logger and the logging level | ||||||
|  |     and provides a simple mock-like list of messages received | ||||||
|  |     """ | ||||||
|  |     calls = [] | ||||||
|  |     def replacement(msg): | ||||||
|  |         calls.append(msg) | ||||||
|  |     logger = logging.getLogger(logger_name) | ||||||
|  |     orig = getattr(logger, log_level) | ||||||
|  |     setattr(logger, log_level, replacement) | ||||||
|  |     try: | ||||||
|  |         yield calls | ||||||
|  |     finally: | ||||||
|  |         setattr(logger, log_level, orig) | ||||||
|   | |||||||
| @@ -63,6 +63,11 @@ DEFAULT_LOGGING = { | |||||||
|             'level': 'ERROR', |             'level': 'ERROR', | ||||||
|             'propagate': False, |             'propagate': False, | ||||||
|         }, |         }, | ||||||
|  |         'django.security': { | ||||||
|  |             'handlers': ['mail_admins'], | ||||||
|  |             'level': 'ERROR', | ||||||
|  |             'propagate': False, | ||||||
|  |         }, | ||||||
|         'py.warnings': { |         'py.warnings': { | ||||||
|             'handlers': ['console'], |             'handlers': ['console'], | ||||||
|         }, |         }, | ||||||
|   | |||||||
| @@ -43,6 +43,21 @@ def server_error(request, template_name='500.html'): | |||||||
|     return http.HttpResponseServerError(template.render(Context({}))) |     return http.HttpResponseServerError(template.render(Context({}))) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | @requires_csrf_token | ||||||
|  | def bad_request(request, template_name='400.html'): | ||||||
|  |     """ | ||||||
|  |     400 error handler. | ||||||
|  |  | ||||||
|  |     Templates: :template:`400.html` | ||||||
|  |     Context: None | ||||||
|  |     """ | ||||||
|  |     try: | ||||||
|  |         template = loader.get_template(template_name) | ||||||
|  |     except TemplateDoesNotExist: | ||||||
|  |         return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>') | ||||||
|  |     return http.HttpResponseBadRequest(template.render(Context({}))) | ||||||
|  |  | ||||||
|  |  | ||||||
| # This can be called when CsrfViewMiddleware.process_view has not run, | # This can be called when CsrfViewMiddleware.process_view has not run, | ||||||
| # therefore need @requires_csrf_token in case the template needs | # therefore need @requires_csrf_token in case the template needs | ||||||
| # {% csrf_token %}. | # {% csrf_token %}. | ||||||
|   | |||||||
| @@ -44,9 +44,24 @@ SuspiciousOperation | |||||||
| ------------------- | ------------------- | ||||||
| .. exception:: SuspiciousOperation | .. exception:: SuspiciousOperation | ||||||
|  |  | ||||||
|     The :exc:`SuspiciousOperation` exception is raised when a user has performed |     The :exc:`SuspiciousOperation` exception is raised when a user has | ||||||
|     an operation that should be considered suspicious from a security perspective, |     performed an operation that should be considered suspicious from a security | ||||||
|     such as tampering with a session cookie. |     perspective, such as tampering with a session cookie. Subclasses of | ||||||
|  |     SuspiciousOperation include: | ||||||
|  |  | ||||||
|  |     * DisallowedHost | ||||||
|  |     * DisallowedModelAdminLookup | ||||||
|  |     * DisallowedRedirect | ||||||
|  |     * InvalidSessionKey | ||||||
|  |     * SuspiciousFileOperation | ||||||
|  |     * SuspiciousMultipartForm | ||||||
|  |     * SuspiciousSession | ||||||
|  |     * WizardViewCookieModified | ||||||
|  |  | ||||||
|  |     If a ``SuspiciousOperation`` exception reaches the WSGI handler level it is | ||||||
|  |     logged at the ``Error`` level and results in | ||||||
|  |     a :class:`~django.http.HttpResponseBadRequest`. See the :doc:`logging | ||||||
|  |     documentation </topics/logging/>` for more information. | ||||||
|  |  | ||||||
| PermissionDenied | PermissionDenied | ||||||
| ---------------- | ---------------- | ||||||
|   | |||||||
| @@ -270,6 +270,13 @@ Minor features | |||||||
|   stores active language in session if it is not present there. This |   stores active language in session if it is not present there. This | ||||||
|   prevents loss of language settings after session flush, e.g. logout. |   prevents loss of language settings after session flush, e.g. logout. | ||||||
|  |  | ||||||
|  | * :exc:`~django.core.exceptions.SuspiciousOperation` has been differentiated | ||||||
|  |   into a number of subclasses, and each will log to a matching named logger | ||||||
|  |   under the ``django.security`` logging hierarchy. Along with this change, | ||||||
|  |   a ``handler400`` mechanism and default view are used whenever | ||||||
|  |   a ``SuspiciousOperation`` reaches the WSGI handler to return an | ||||||
|  |   ``HttpResponseBadRequest``. | ||||||
|  |  | ||||||
| Backwards incompatible changes in 1.6 | Backwards incompatible changes in 1.6 | ||||||
| ===================================== | ===================================== | ||||||
|  |  | ||||||
|   | |||||||
| @@ -231,3 +231,25 @@ same way you can for the 404 and 500 views by specifying a ``handler403`` in | |||||||
| your URLconf:: | your URLconf:: | ||||||
|  |  | ||||||
|     handler403 = 'mysite.views.my_custom_permission_denied_view' |     handler403 = 'mysite.views.my_custom_permission_denied_view' | ||||||
|  |  | ||||||
|  | .. _http_bad_request_view: | ||||||
|  |  | ||||||
|  | The 400 (bad request) view | ||||||
|  | -------------------------- | ||||||
|  |  | ||||||
|  | When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django, | ||||||
|  | the it may be handled by a component of Django (for example resetting the | ||||||
|  | session data). If not specifically handled, Django will consider the current | ||||||
|  | request a 'bad request' instead of a server error. | ||||||
|  |  | ||||||
|  | The view ``django.views.defaults.bad_request``, is otherwise very similar to | ||||||
|  | the ``server_error`` view, but returns with the status code 400 indicating that | ||||||
|  | the error condition was the result of a client operation. | ||||||
|  |  | ||||||
|  | Like the ``server_error`` view, the default ``bad_request`` should suffice for | ||||||
|  | 99% of Web applications, but if you want to override the view, you can specify | ||||||
|  | ``handler400`` in your URLconf, like so:: | ||||||
|  |  | ||||||
|  |     handler400 = 'mysite.views.my_custom_bad_request_view' | ||||||
|  |  | ||||||
|  | ``bad_request`` views are also only used when :setting:`DEBUG` is ``False``. | ||||||
|   | |||||||
| @@ -394,7 +394,7 @@ requirements of logging in Web server environment. | |||||||
| Loggers | Loggers | ||||||
| ------- | ------- | ||||||
|  |  | ||||||
| Django provides three built-in loggers. | Django provides four built-in loggers. | ||||||
|  |  | ||||||
| ``django`` | ``django`` | ||||||
| ~~~~~~~~~~ | ~~~~~~~~~~ | ||||||
| @@ -434,6 +434,35 @@ For performance reasons, SQL logging is only enabled when | |||||||
| ``settings.DEBUG`` is set to ``True``, regardless of the logging | ``settings.DEBUG`` is set to ``True``, regardless of the logging | ||||||
| level or handlers that are installed. | level or handlers that are installed. | ||||||
|  |  | ||||||
|  | ``django.security.*`` | ||||||
|  | ~~~~~~~~~~~~~~~~~~~~~~ | ||||||
|  |  | ||||||
|  | The security loggers will receive messages on any occurrence of | ||||||
|  | :exc:`~django.core.exceptions.SuspiciousOperation`. There is a sub-logger for | ||||||
|  | each sub-type of SuspiciousOperation. The level of the log event depends on | ||||||
|  | where the exception is handled.  Most occurrences are logged as a warning, while | ||||||
|  | any ``SuspiciousOperation`` that reaches the WSGI handler will be logged as an | ||||||
|  | error. For example, when an HTTP ``Host`` header is included in a request from | ||||||
|  | a client that does not match :setting:`ALLOWED_HOSTS`, Django will return a 400 | ||||||
|  | response, and an error message will be logged to the | ||||||
|  | ``django.security.DisallowedHost`` logger. | ||||||
|  |  | ||||||
|  | Only the parent ``django.security`` logger is configured by default, and all | ||||||
|  | child loggers will propagate to the parent logger. The ``django.security`` | ||||||
|  | logger is configured the same as the ``django.request`` logger, and any error | ||||||
|  | events will be mailed to admins. Requests resulting in a 400 response due to | ||||||
|  | a ``SuspiciousOperation`` will not be logged to the ``django.request`` logger, | ||||||
|  | but only to the ``django.security`` logger. | ||||||
|  |  | ||||||
|  | To silence a particular type of SuspiciousOperation, you can override that | ||||||
|  | specific logger following this example:: | ||||||
|  |  | ||||||
|  |         'loggers': { | ||||||
|  |             'django.security.DisallowedHost': { | ||||||
|  |                 'handlers': ['null'], | ||||||
|  |                 'propagate': False, | ||||||
|  |             }, | ||||||
|  |  | ||||||
| Handlers | Handlers | ||||||
| -------- | -------- | ||||||
|  |  | ||||||
|   | |||||||
| @@ -11,7 +11,6 @@ except ImportError:  # Python 2 | |||||||
|  |  | ||||||
| from django.conf import settings, global_settings | from django.conf import settings, global_settings | ||||||
| from django.core import mail | from django.core import mail | ||||||
| from django.core.exceptions import SuspiciousOperation |  | ||||||
| from django.core.files import temp as tempfile | from django.core.files import temp as tempfile | ||||||
| from django.core.urlresolvers import reverse | from django.core.urlresolvers import reverse | ||||||
| # Register auth models with the admin. | # Register auth models with the admin. | ||||||
| @@ -30,6 +29,7 @@ from django.db import connection | |||||||
| from django.forms.util import ErrorList | from django.forms.util import ErrorList | ||||||
| from django.template.response import TemplateResponse | from django.template.response import TemplateResponse | ||||||
| from django.test import TestCase | from django.test import TestCase | ||||||
|  | from django.test.utils import patch_logger | ||||||
| from django.utils import formats, translation, unittest | from django.utils import formats, translation, unittest | ||||||
| from django.utils.cache import get_max_age | from django.utils.cache import get_max_age | ||||||
| from django.utils.encoding import iri_to_uri, force_bytes | from django.utils.encoding import iri_to_uri, force_bytes | ||||||
| @@ -543,20 +543,21 @@ class AdminViewBasicTest(TestCase): | |||||||
|                 self.assertContains(response, '%Y-%m-%d %H:%M:%S') |                 self.assertContains(response, '%Y-%m-%d %H:%M:%S') | ||||||
|  |  | ||||||
|     def test_disallowed_filtering(self): |     def test_disallowed_filtering(self): | ||||||
|         self.assertRaises(SuspiciousOperation, |         with patch_logger('django.security.DisallowedModelAdminLookup', 'error') as calls: | ||||||
|             self.client.get, "/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy" |             response = self.client.get("/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy") | ||||||
|         ) |             self.assertEqual(response.status_code, 400) | ||||||
|  |             self.assertEqual(len(calls), 1) | ||||||
|  |  | ||||||
|         try: |         # Filters are allowed if explicitly included in list_filter | ||||||
|             self.client.get("/test_admin/admin/admin_views/thing/?color__value__startswith=red") |         response = self.client.get("/test_admin/admin/admin_views/thing/?color__value__startswith=red") | ||||||
|             self.client.get("/test_admin/admin/admin_views/thing/?color__value=red") |         self.assertEqual(response.status_code, 200) | ||||||
|         except SuspiciousOperation: |         response = self.client.get("/test_admin/admin/admin_views/thing/?color__value=red") | ||||||
|             self.fail("Filters are allowed if explicitly included in list_filter") |         self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|         try: |         # Filters should be allowed if they involve a local field without the | ||||||
|             self.client.get("/test_admin/admin/admin_views/person/?age__gt=30") |         # need to whitelist them in list_filter or date_hierarchy. | ||||||
|         except SuspiciousOperation: |         response = self.client.get("/test_admin/admin/admin_views/person/?age__gt=30") | ||||||
|             self.fail("Filters should be allowed if they involve a local field without the need to whitelist them in list_filter or date_hierarchy.") |         self.assertEqual(response.status_code, 200) | ||||||
|  |  | ||||||
|         e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123') |         e1 = Employee.objects.create(name='Anonymous', gender=1, age=22, alive=True, code='123') | ||||||
|         e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124') |         e2 = Employee.objects.create(name='Visitor', gender=2, age=19, alive=True, code='124') | ||||||
| @@ -574,10 +575,9 @@ class AdminViewBasicTest(TestCase): | |||||||
|         ForeignKey 'limit_choices_to' should be allowed, otherwise raw_id_fields |         ForeignKey 'limit_choices_to' should be allowed, otherwise raw_id_fields | ||||||
|         can break. |         can break. | ||||||
|         """ |         """ | ||||||
|         try: |         # Filters should be allowed if they are defined on a ForeignKey pointing to this model | ||||||
|             self.client.get("/test_admin/admin/admin_views/inquisition/?leader__name=Palin&leader__age=27") |         response = self.client.get("/test_admin/admin/admin_views/inquisition/?leader__name=Palin&leader__age=27") | ||||||
|         except SuspiciousOperation: |         self.assertEqual(response.status_code, 200) | ||||||
|             self.fail("Filters should be allowed if they are defined on a ForeignKey pointing to this model") |  | ||||||
|  |  | ||||||
|     def test_hide_change_password(self): |     def test_hide_change_password(self): | ||||||
|         """ |         """ | ||||||
|   | |||||||
| @@ -61,6 +61,7 @@ class TransactionsPerRequestTests(TransactionTestCase): | |||||||
|             connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests |             connection.settings_dict['ATOMIC_REQUESTS'] = old_atomic_requests | ||||||
|         self.assertContains(response, 'False') |         self.assertContains(response, 'False') | ||||||
|  |  | ||||||
|  |  | ||||||
| class SignalsTests(TestCase): | class SignalsTests(TestCase): | ||||||
|     urls = 'handlers.urls' |     urls = 'handlers.urls' | ||||||
|  |  | ||||||
| @@ -89,3 +90,11 @@ class SignalsTests(TestCase): | |||||||
|         self.assertEqual(self.signals, ['started']) |         self.assertEqual(self.signals, ['started']) | ||||||
|         self.assertEqual(b''.join(response.streaming_content), b"streaming content") |         self.assertEqual(b''.join(response.streaming_content), b"streaming content") | ||||||
|         self.assertEqual(self.signals, ['started', 'finished']) |         self.assertEqual(self.signals, ['started', 'finished']) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class HandlerSuspiciousOpsTest(TestCase): | ||||||
|  |     urls = 'handlers.urls' | ||||||
|  |  | ||||||
|  |     def test_suspiciousop_in_view_returns_400(self): | ||||||
|  |         response = self.client.get('/suspicious/') | ||||||
|  |         self.assertEqual(response.status_code, 400) | ||||||
|   | |||||||
| @@ -9,4 +9,5 @@ urlpatterns = patterns('', | |||||||
|     url(r'^streaming/$', views.streaming), |     url(r'^streaming/$', views.streaming), | ||||||
|     url(r'^in_transaction/$', views.in_transaction), |     url(r'^in_transaction/$', views.in_transaction), | ||||||
|     url(r'^not_in_transaction/$', views.not_in_transaction), |     url(r'^not_in_transaction/$', views.not_in_transaction), | ||||||
|  |     url(r'^suspicious/$', views.suspicious), | ||||||
| ) | ) | ||||||
|   | |||||||
| @@ -1,5 +1,6 @@ | |||||||
| from __future__ import unicode_literals | from __future__ import unicode_literals | ||||||
|  |  | ||||||
|  | from django.core.exceptions import SuspiciousOperation | ||||||
| from django.db import connection, transaction | from django.db import connection, transaction | ||||||
| from django.http import HttpResponse, StreamingHttpResponse | from django.http import HttpResponse, StreamingHttpResponse | ||||||
|  |  | ||||||
| @@ -15,3 +16,6 @@ def in_transaction(request): | |||||||
| @transaction.non_atomic_requests | @transaction.non_atomic_requests | ||||||
| def not_in_transaction(request): | def not_in_transaction(request): | ||||||
|     return HttpResponse(str(connection.in_atomic_block)) |     return HttpResponse(str(connection.in_atomic_block)) | ||||||
|  |  | ||||||
|  | def suspicious(request): | ||||||
|  |     raise SuspiciousOperation('dubious') | ||||||
|   | |||||||
| @@ -8,9 +8,10 @@ import warnings | |||||||
| from django.conf import LazySettings | from django.conf import LazySettings | ||||||
| from django.core import mail | from django.core import mail | ||||||
| from django.test import TestCase, RequestFactory | from django.test import TestCase, RequestFactory | ||||||
| from django.test.utils import override_settings | from django.test.utils import override_settings, patch_logger | ||||||
| from django.utils.encoding import force_text | from django.utils.encoding import force_text | ||||||
| from django.utils.log import CallbackFilter, RequireDebugFalse, RequireDebugTrue | from django.utils.log import (CallbackFilter, RequireDebugFalse, | ||||||
|  |     RequireDebugTrue) | ||||||
| from django.utils.six import StringIO | from django.utils.six import StringIO | ||||||
| from django.utils.unittest import skipUnless | from django.utils.unittest import skipUnless | ||||||
|  |  | ||||||
| @@ -354,3 +355,22 @@ class SettingsConfigureLogging(TestCase): | |||||||
|         settings.configure( |         settings.configure( | ||||||
|             LOGGING_CONFIG='logging_tests.tests.dictConfig') |             LOGGING_CONFIG='logging_tests.tests.dictConfig') | ||||||
|         self.assertTrue(dictConfig.called) |         self.assertTrue(dictConfig.called) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class SecurityLoggerTest(TestCase): | ||||||
|  |  | ||||||
|  |     urls = 'logging_tests.urls' | ||||||
|  |  | ||||||
|  |     def test_suspicious_operation_creates_log_message(self): | ||||||
|  |         with self.settings(DEBUG=True): | ||||||
|  |             with patch_logger('django.security.SuspiciousOperation', 'error') as calls: | ||||||
|  |                 response = self.client.get('/suspicious/') | ||||||
|  |                 self.assertEqual(len(calls), 1) | ||||||
|  |                 self.assertEqual(calls[0], 'dubious') | ||||||
|  |  | ||||||
|  |     def test_suspicious_operation_uses_sublogger(self): | ||||||
|  |         with self.settings(DEBUG=True): | ||||||
|  |             with patch_logger('django.security.DisallowedHost', 'error') as calls: | ||||||
|  |                 response = self.client.get('/suspicious_spec/') | ||||||
|  |                 self.assertEqual(len(calls), 1) | ||||||
|  |                 self.assertEqual(calls[0], 'dubious') | ||||||
|   | |||||||
							
								
								
									
										10
									
								
								tests/logging_tests/urls.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										10
									
								
								tests/logging_tests/urls.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,10 @@ | |||||||
|  | from __future__ import unicode_literals | ||||||
|  |  | ||||||
|  | from django.conf.urls import patterns, url | ||||||
|  |  | ||||||
|  | from . import views | ||||||
|  |  | ||||||
|  | urlpatterns = patterns('', | ||||||
|  |     url(r'^suspicious/$', views.suspicious), | ||||||
|  |     url(r'^suspicious_spec/$', views.suspicious_spec), | ||||||
|  | ) | ||||||
							
								
								
									
										11
									
								
								tests/logging_tests/views.py
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								tests/logging_tests/views.py
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | from __future__ import unicode_literals | ||||||
|  |  | ||||||
|  | from django.core.exceptions import SuspiciousOperation, DisallowedHost | ||||||
|  |  | ||||||
|  |  | ||||||
|  | def suspicious(request): | ||||||
|  |     raise SuspiciousOperation('dubious') | ||||||
|  |  | ||||||
|  |  | ||||||
|  | def suspicious_spec(request): | ||||||
|  |     raise DisallowedHost('dubious') | ||||||
| @@ -7,7 +7,6 @@ from __future__ import unicode_literals | |||||||
| import os | import os | ||||||
|  |  | ||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.core.exceptions import SuspiciousOperation |  | ||||||
| from django.core.urlresolvers import reverse | from django.core.urlresolvers import reverse | ||||||
| from django.template import (TemplateDoesNotExist, TemplateSyntaxError, | from django.template import (TemplateDoesNotExist, TemplateSyntaxError, | ||||||
|     Context, Template, loader) |     Context, Template, loader) | ||||||
| @@ -20,6 +19,7 @@ from django.utils._os import upath | |||||||
| from django.utils.translation import ugettext_lazy | from django.utils.translation import ugettext_lazy | ||||||
| from django.http import HttpResponse | from django.http import HttpResponse | ||||||
|  |  | ||||||
|  | from .views import CustomTestException | ||||||
|  |  | ||||||
| @override_settings( | @override_settings( | ||||||
|     TEMPLATE_DIRS=(os.path.join(os.path.dirname(upath(__file__)), 'templates'),) |     TEMPLATE_DIRS=(os.path.join(os.path.dirname(upath(__file__)), 'templates'),) | ||||||
| @@ -619,7 +619,7 @@ class ExceptionTests(TestCase): | |||||||
|         try: |         try: | ||||||
|             response = self.client.get("/test_client_regress/staff_only/") |             response = self.client.get("/test_client_regress/staff_only/") | ||||||
|             self.fail("General users should not be able to visit this page") |             self.fail("General users should not be able to visit this page") | ||||||
|         except SuspiciousOperation: |         except CustomTestException: | ||||||
|             pass |             pass | ||||||
|  |  | ||||||
|         # At this point, an exception has been raised, and should be cleared. |         # At this point, an exception has been raised, and should be cleared. | ||||||
| @@ -629,7 +629,7 @@ class ExceptionTests(TestCase): | |||||||
|         self.assertTrue(login, 'Could not log in') |         self.assertTrue(login, 'Could not log in') | ||||||
|         try: |         try: | ||||||
|             self.client.get("/test_client_regress/staff_only/") |             self.client.get("/test_client_regress/staff_only/") | ||||||
|         except SuspiciousOperation: |         except CustomTestException: | ||||||
|             self.fail("Staff should be able to visit this page") |             self.fail("Staff should be able to visit this page") | ||||||
|  |  | ||||||
|  |  | ||||||
|   | |||||||
| @@ -3,12 +3,15 @@ import json | |||||||
| from django.conf import settings | from django.conf import settings | ||||||
| from django.contrib.auth.decorators import login_required | from django.contrib.auth.decorators import login_required | ||||||
| from django.http import HttpResponse, HttpResponseRedirect | from django.http import HttpResponse, HttpResponseRedirect | ||||||
| from django.core.exceptions import SuspiciousOperation |  | ||||||
| from django.shortcuts import render_to_response | from django.shortcuts import render_to_response | ||||||
| from django.core.serializers.json import DjangoJSONEncoder | from django.core.serializers.json import DjangoJSONEncoder | ||||||
| from django.test.client import CONTENT_TYPE_RE | from django.test.client import CONTENT_TYPE_RE | ||||||
| from django.template import RequestContext | from django.template import RequestContext | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class CustomTestException(Exception): | ||||||
|  |     pass | ||||||
|  |  | ||||||
| def no_template_view(request): | def no_template_view(request): | ||||||
|     "A simple view that expects a GET request, and returns a rendered template" |     "A simple view that expects a GET request, and returns a rendered template" | ||||||
|     return HttpResponse("No template used. Sample content: twice once twice. Content ends.") |     return HttpResponse("No template used. Sample content: twice once twice. Content ends.") | ||||||
| @@ -18,7 +21,7 @@ def staff_only_view(request): | |||||||
|     if request.user.is_staff: |     if request.user.is_staff: | ||||||
|         return HttpResponse('') |         return HttpResponse('') | ||||||
|     else: |     else: | ||||||
|         raise SuspiciousOperation() |         raise CustomTestException() | ||||||
|  |  | ||||||
| def get_view(request): | def get_view(request): | ||||||
|     "A simple login protected view" |     "A simple login protected view" | ||||||
|   | |||||||
| @@ -516,7 +516,7 @@ class RequestURLconfTests(TestCase): | |||||||
|             b''.join(self.client.get('/second_test/')) |             b''.join(self.client.get('/second_test/')) | ||||||
|  |  | ||||||
| class ErrorHandlerResolutionTests(TestCase): | class ErrorHandlerResolutionTests(TestCase): | ||||||
|     """Tests for handler404 and handler500""" |     """Tests for handler400, handler404 and handler500""" | ||||||
|  |  | ||||||
|     def setUp(self): |     def setUp(self): | ||||||
|         from django.core.urlresolvers import RegexURLResolver |         from django.core.urlresolvers import RegexURLResolver | ||||||
| @@ -528,12 +528,14 @@ class ErrorHandlerResolutionTests(TestCase): | |||||||
|     def test_named_handlers(self): |     def test_named_handlers(self): | ||||||
|         from .views import empty_view |         from .views import empty_view | ||||||
|         handler = (empty_view, {}) |         handler = (empty_view, {}) | ||||||
|  |         self.assertEqual(self.resolver.resolve400(), handler) | ||||||
|         self.assertEqual(self.resolver.resolve404(), handler) |         self.assertEqual(self.resolver.resolve404(), handler) | ||||||
|         self.assertEqual(self.resolver.resolve500(), handler) |         self.assertEqual(self.resolver.resolve500(), handler) | ||||||
|  |  | ||||||
|     def test_callable_handers(self): |     def test_callable_handers(self): | ||||||
|         from .views import empty_view |         from .views import empty_view | ||||||
|         handler = (empty_view, {}) |         handler = (empty_view, {}) | ||||||
|  |         self.assertEqual(self.callable_resolver.resolve400(), handler) | ||||||
|         self.assertEqual(self.callable_resolver.resolve404(), handler) |         self.assertEqual(self.callable_resolver.resolve404(), handler) | ||||||
|         self.assertEqual(self.callable_resolver.resolve500(), handler) |         self.assertEqual(self.callable_resolver.resolve500(), handler) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -4,5 +4,6 @@ from django.conf.urls import patterns | |||||||
|  |  | ||||||
| urlpatterns = patterns('') | urlpatterns = patterns('') | ||||||
|  |  | ||||||
|  | handler400 = 'urlpatterns_reverse.views.empty_view' | ||||||
| handler404 = 'urlpatterns_reverse.views.empty_view' | handler404 = 'urlpatterns_reverse.views.empty_view' | ||||||
| handler500 = 'urlpatterns_reverse.views.empty_view' | handler500 = 'urlpatterns_reverse.views.empty_view' | ||||||
|   | |||||||
| @@ -9,5 +9,6 @@ from .views import empty_view | |||||||
|  |  | ||||||
| urlpatterns = patterns('') | urlpatterns = patterns('') | ||||||
|  |  | ||||||
|  | handler400 = empty_view | ||||||
| handler404 = empty_view | handler404 = empty_view | ||||||
| handler500 = empty_view | handler500 = empty_view | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user