Revision 8ae38ff8 snf-common/synnefo/lib/middleware/cleanse.py
| b/snf-common/synnefo/lib/middleware/cleanse.py | ||
|---|---|---|
| 39 | 39 |
|
| 40 | 40 |
import re |
| 41 | 41 |
|
| 42 |
HIDDEN_ALL = settings.HIDDEN_COOKIES + settings.HIDDEN_HEADERS |
|
| 43 |
|
|
| 42 | 44 |
|
| 43 | 45 |
def mail_admins_safe(subject, message, fail_silently=False, connection=None): |
| 44 | 46 |
''' |
| 45 | 47 |
Wrapper function to cleanse email body from sensitive content before |
| 46 | 48 |
sending it |
| 47 | 49 |
''' |
| 50 |
new_msg = "" |
|
| 51 |
|
|
| 52 |
if len(message) > settings.MAIL_MAX_LEN: |
|
| 53 |
new_msg += "Mail size over limit (truncated)\n\n" |
|
| 54 |
message = message[:settings.MAIL_MAX_LEN] |
|
| 55 |
|
|
| 56 |
for line in message.splitlines(): |
|
| 57 |
# Lines of interest in the mail are in the form of |
|
| 58 |
# key:value. |
|
| 59 |
try: |
|
| 60 |
(key, value) = line.split(':', 1)
|
|
| 61 |
except ValueError: |
|
| 62 |
new_msg += line + '\n' |
|
| 63 |
continue |
|
| 64 |
|
|
| 65 |
new_msg += key + ':' |
|
| 66 |
|
|
| 67 |
# Special case when the first header / cookie printed |
|
| 68 |
# (prefixed by 'META:{' or 'COOKIES:{') needs to be hidden.
|
|
| 69 |
if value.startswith('{'):
|
|
| 70 |
try: |
|
| 71 |
(newkey, newval) = value.split(':', 1)
|
|
| 72 |
except ValueError: |
|
| 73 |
new_msg += value + '\n' |
|
| 74 |
continue |
|
| 48 | 75 |
|
| 49 |
HIDDEN_ALL = settings.HIDDEN_SETTINGS + "|" + settings.HIDDEN_COOKIES
|
|
| 50 |
message = re.sub("((\S+)?(%s)(\S+)?(:|\=)( )?)('|\"?)\S+('|\"?)"
|
|
| 51 |
% HIDDEN_ALL, r"\1*******", message)
|
|
| 76 |
new_msg += newkey + ':'
|
|
| 77 |
key = newkey.lstrip('{')
|
|
| 78 |
value = newval
|
|
| 52 | 79 |
|
| 53 |
return mail.mail_admins_plain(subject, message, fail_silently, connection) |
|
| 80 |
if key.strip(" '") not in HIDDEN_ALL:
|
|
| 81 |
new_msg += value + '\n' |
|
| 82 |
continue |
|
| 83 |
|
|
| 84 |
# Append value[-1] to the clensed string, so that commas / closing |
|
| 85 |
# brackets are printed correctly. |
|
| 86 |
# (it will 'eat up' the closing bracket if the header is the last one |
|
| 87 |
# printed) |
|
| 88 |
new_msg += ' ' + '*'*8 + value[-1] + '\n' |
|
| 89 |
|
|
| 90 |
return mail.mail_admins_plain(subject, new_msg, fail_silently, connection) |
|
| 54 | 91 |
|
| 55 | 92 |
|
| 56 | 93 |
class CleanseSettingsMiddleware(object): |
| 94 |
''' |
|
| 95 |
Prevent django from printing sensitive information (paswords, tokens |
|
| 96 |
etc), when handling server errors (for both DEBUG and no-DEBUG |
|
| 97 |
deployments. |
|
| 98 |
''' |
|
| 57 | 99 |
def __init__(self): |
| 58 |
''' |
|
| 59 |
Prevent django from printing sensitive information (paswords, tokens |
|
| 60 |
etc), when handling server errors (for both DEBUG and no-DEBUG |
|
| 61 |
deployments. |
|
| 62 |
''' |
|
| 63 | 100 |
debug.HIDDEN_SETTINGS = re.compile(settings.HIDDEN_SETTINGS) |
| 64 | 101 |
|
| 65 | 102 |
if not hasattr(mail, 'mail_admins_plain'): |
Also available in: Unified diff