3 v^P@sbddlZddlZddlZddlZddlmZddlmZddlm Z m Z m Z ddl m Z mZmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZed ddidZejdej dZ!dZ"ee#j$Z%GdddZ&ddZ'ddZ(d+ddZ)ej*ddZ+dd Z,Gd!d"d"Z-Gd#d$d$e-Z.Gd%d&d&Z/d'd(Z0d)d*Z1dS),N)Path)settings)Http404 HttpResponseHttpResponseNotFound)ContextEngineTemplateDoesNotExist)pprint)resolve)timezone)MultiValueDict) force_str) import_string)get_docs_versionTZi18nzdjango.templatetags.i18n)debug librariesz#API|TOKEN|KEY|SECRET|PASS|SIGNATURE)flagsz********************c@s eZdZdZddZddZdS)CallableSettingWrapperz Object to wrap callable appearing in settings. * Not to call in the debug page (#21345). * Not to break the debug page if the callable forbidding to set attributes (#23070). cCs ||_dS)N)_wrapped)selfZcallable_settingr6/usr/lib/python3.6/site-packages/django/views/debug.py__init__)szCallableSettingWrapper.__init__cCs t|jS)N)reprr)rrrr__repr__,szCallableSettingWrapper.__repr__N)__name__ __module__ __qualname____doc__rrrrrrr"src Csdy6tj|rt}n"t|tr0dd|jD}n|}Wntk rN|}YnXt|r`t|}|S)z Cleanse an individual setting key/value of sensitive content. If the value is a dictionary, recursively cleanse the keys in that dictionary. cSsi|]\}}t|||qSr)cleanse_setting).0kvrrr :sz#cleanse_setting..) HIDDEN_SETTINGSsearchCLEANSED_SUBSTITUTE isinstancedictitems TypeErrorcallabler)keyvaluecleansedrrrr 0s   r cCs6i}x,ttD] }|jrt|tt|||<qW|S)z{ Return a dictionary of the settings module with values of sensitive settings replaced with stars (*********). )dirrisupperr getattr) settings_dictr"rrrget_safe_settingsHs r4cCsFt||||}|jr,|j}t||ddS|j}t||ddSdS)z Create a technical server error response. The last three arguments are the values returned from sys.exc_info() and friends. ztext/plain; charset=utf-8)status content_typez text/htmlN)ExceptionReporteris_ajaxget_traceback_textrget_traceback_html)requestexc_type exc_valuetb status_codereportertexthtmlrrrtechnical_500_responseTs rDcCs ttjS)N)rr!DEFAULT_EXCEPTION_REPORTER_FILTERrrrr%get_default_exception_reporter_filterbsrFcCst}t|d|S)NZexception_reporter_filter)rFr2)r<Zdefault_filterrrrget_exception_reporter_filterhsrGc@s eZdZdZddZddZdS)ExceptionReporterFilterzv Base for all exception reporter filter classes. All overridable hooks contain lenient default behaviors. cCs|dkr iS|jSdS)N)POST)rr<rrrget_post_parametersssz+ExceptionReporterFilter.get_post_parameterscCst|jjS)N)listf_localsr*)rr<tb_framerrrget_traceback_frame_variablesysz5ExceptionReporterFilter.get_traceback_frame_variablesN)rrrrrJrNrrrrrHmsrHc@s8eZdZdZddZddZddZdd Zd d Zd S) SafeExceptionReporterFilterz Use annotations made by the sensitive_post_parameters and sensitive_variables decorators to filter out sensitive information. cCs tjdkS)a This filter is to add safety in production environments (i.e. DEBUG is False). If DEBUG is True then your site is not safe anyway. This hook is provided as a convenience to easily activate or deactivate the filter on a per request basis. F)rDEBUG)rr<rrr is_activesz%SafeExceptionReporterFilter.is_activecCsDt|dg}|j|r@|r@|j}x|D]}||kr(t||<q(W|S)z Replace the keys in a MultiValueDict marked as sensitive with stars. This mitigates leaking sensitive POST parameters if something like request.POST['nonexistent_key'] throws an exception (#21098). sensitive_post_parameters)r2rQcopyr')rr<ZmultivaluedictrRparamrrrget_cleansed_multivaluedicts   z7SafeExceptionReporterFilter.get_cleansed_multivaluedictcCs|dkr iSt|dg}|j|rv|rv|jj}|dkrRx|D] }t||<q>W|Sx|D]}||krXt||<qXW|Sn|jSdS)zk Replace the values of POST parameters marked as sensitive with stars (*********). NrR__ALL__)r2rQrIrSr')rr<rRr/r"rTrrrrJs      z/SafeExceptionReporterFilter.get_post_parameterscCsLyt|t}Wn(tk r6}z dj||Sd}~XnX|rH|j||}|S)Nz{!r} while evaluating {!r})r(r ExceptionformatrU)rr<r.Zis_multivalue_dicterrrcleanse_special_typess z1SafeExceptionReporterFilter.cleanse_special_typesc Cs|j}d}x@|dk rJ|jjdkrBd|jkrB|jd}t|dd}P|j}q Wi}|j|r|r|dkrxR|jD] }t||<qnWqxb|jjD]*\}}||krt}n |j||}|||<qWn(x&|jjD]\}}|j||||<qW|jjdkod|jkr t|d<t|d<|jS)ze Replace the values of variables marked as sensitive with stars (*********). NZsensitive_variables_wrappersensitive_variablesrVZ func_argsZ func_kwargs) f_backf_codeco_namerLr2rQr'r*rZ) rr<rM current_framer[wrapperr/namer.rrrrNs4          z9SafeExceptionReporterFilter.get_traceback_frame_variablesN) rrrrrQrUrJrZrNrrrrrO}s  rOc@sDeZdZdZdddZddZddZd d Zdd d ZddZ d S)r8z0Organize and coordinate reporting on exceptions.FcCsJ||_t|j|_||_||_||_||_t|jdd|_d|_ d|_ dS)Ntemplate_debugF) r<rGfilterr=r>r?is_emailr2 template_infotemplate_does_not_exist postmortem)rr<r=r>r?rdrrrrs zExceptionReporter.__init__cCsT|jr*t|jtr*d|_|jjp&|jg|_|j}xt|D]t\}}d|krg}xN|dD]B\}}t |}t |dkrd|ddt |f}|j ||fqZW||d<|||<qt|j| d<|rP|d| d<| S)z5Return a dictionary containing traceback information.Tvarsiu%s… rstartNendasciireplace)errors) get_versionz%[unable to retrieve the current user]z%d.%d.%d)rd unicode_hintframesr<user_strZfiltered_POST_itemsrZsys_executableZsys_version_info server_timeZdjango_version_infoZsys_pathrerfrgZrequest_GET_itemsZrequest_FILES_itemsZrequest_COOKIES_itemsZexception_typeZexception_valueZ lastframe))r= issubclassr rfr>chainrgget_traceback_frames enumerater lenappend UnicodeErrorr2argsrmaxmindjangorqr<struserrWrdrKrcrJr*r4sys executable version_infor nowpathreGETFILESCOOKIESr)rrtiframeZ frame_varsr"r#rsrjrkZ unicode_strrqrucrrrget_traceback_datasp   "        z$ExceptionReporter.get_traceback_datac CsHttddjdd}tj|j}WdQRXt|jdd}|j|S)z1Return HTML version of debug 500 HTTP error page. templatesztechnical_500.htmlzutf-8)encodingNF)use_l10n) r CURRENT_DIRopen DEBUG_ENGINE from_stringreadrrrender)rfhtrrrrr;Isz$ExceptionReporter.get_traceback_htmlc CsJttddjdd}tj|j}WdQRXt|jddd}|j|S)z7Return plain text version of debug 500 HTTP error page.rztechnical_500.txtzutf-8)rNF) autoescaper) rrrrrrrrr)rrrrrrrr:Psz$ExceptionReporter.get_traceback_textNcs<d}t|drBy|j|}Wntk r0YnX|dk rB|j}|dkry&t|d}|jj}WdQRXWntk rYnX|dkrdgdgfSt|dtrdx6|ddD]&}t j d|} | r| j dj dPqWfd d |D}t d||} ||} || |} ||} ||d| }| | | |fS) z Return context_lines before and after lineno from file. Return (pre_context_lineno, pre_context, context_line, post_context). N get_sourcerbrrnscoding[:=]\s*([-\w.]+)rlcsg|]}t|dqS)ro)r)r!sline)rrr ysz:ExceptionReporter._get_lines_from_file..)hasattrr ImportError splitlinesrrOSErrorr(bytesrer&groupdecoder)rfilenamelineno context_linesloader module_namesourcefplinematchZ lower_boundZ upper_bound pre_context context_line post_contextr)rr_get_lines_from_fileWs<     z&ExceptionReporter._get_lines_from_filecCszdd}g}|j}x$|r6|j|||}||krPqWg}|sD|S|j}|sV|jn|j}x|dk rt|jjjdr|j}q`|jj j }|jj j }|j d}|jj jd} |jj jdpd} |j||d| | \} } } }| dkr|} g} d } g}|j||t|d d || jd rd nd|||d|jj|j|jt|| | || dd |j rl|rl|j}|j}q`|j}q`W|S)NcSs t|dd}t|dd}|p|S)N __cause__ __context__)r2)r>ZexplicitZimplicitrrrexplicit_or_implicit_causes  zJExceptionReporter.get_traceback_frames..explicit_or_implicit_causeZ__traceback_hide__rl __loader__rrizrTzdjango.rr) Z exc_causeZexc_cause_explicitr?typerfunctionrrhidrrrpre_context_lineno)r>r}popr? __traceback__rMrLgettb_nextr] co_filenamer^ tb_lineno f_globalsrr2 startswithrcrNr<r)rr exceptionsr>rtr?rrrrrrrrrrrrrzs`      z&ExceptionReporter.get_traceback_frames)F)NN) rrrrrrr;r:rrzrrrrr8s G -r8c )Csy|jdd}Wn(tttfk r:|jdd}YnXy|jdd}Wntttfk rlg}YnnX| s|jdkrt|dkrt|ddkrt|ddddt|ddd dkod knrt|St|d t j }t |t j r|j}d}yt|j}Wntk r"Yn\X|j}t|d r>|j}n"t|d r`t|jd r`|jj}t|dr~|j}d||f}ttddjdd} tj| j} WdQRXt|t j ||t||t|d} t| j| ddS)zBCreate a technical 404 error response. `exception` is the Http404.rrrlNtried/app_nameri namespaceadminurlconfr __class__rz%s.%srztechnical_404.htmlzutf-8)r)rZ root_urlconfZ request_path urlpatternsreasonr<rZraising_view_namez text/html)r7) r IndexErrorr+KeyError path_inforr|r2default_urlconfr ROOT_URLCONFr(types ModuleTyperr rfuncrrrrrrrrrrrr4rr) r< exceptionZ error_urlrrZcallerresolver_matchobjmodulerrrrrrtechnical_404_responsesT   8     rc CsNttddjdd}tj|j}WdQRXtdti}t|j |ddS) z+Create an empty URLconf 404 error response.rzdefault_urlconf.htmlzutf-8)rNversionz text/html)r7) rrrrrrrrrr)r<rrrrrrrs  r)r5)2 functoolsrrrpathlibr django.confr django.httprrrdjango.templaterrr Zdjango.template.defaultfiltersr django.urlsr django.utilsr django.utils.datastructuresr django.utils.encodingrdjango.utils.module_loadingrdjango.utils.versionrrcompile IGNORECASEr%r'__file__parentrrr r4rD lru_cacherFrGrHrOr8rrrrrrs@            wX8