3 eE@sUddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZd d lmZd d lmZd dlmZd dlm Z d dlm!Z!e j"r"ddl#m$Z$ddl#m%Z%ddl#m&Z&d'Z'e(e(dddZ)da*e j+e j,e(e-f*e j+e j,e(e-fdddZ.GdddZ/de j,e j0e(e(fe j0d(fd d!d"Z1Gd#d$d$Z2dS))N)chain)basename)join)_log) parse_cookie)gen_salt)Request)Response)Console)Frame)get_current_traceback)render_console_html) Traceback) StartResponse)WSGIApplication)WSGIEnvironment<)pinreturncCs$tj|djddjddS)Nz added saltzutf-8replace )hashlibsha1encode hexdigest)rr;/tmp/pip-build-3irwxpxt/Werkzeug/werkzeug/debug/__init__.pyhash_pin$sr!)rcCs4tdk r tStjtjttfddd}|atS)N)rc %Ssd}xXdD]P}y&t|d}|jj}WdQRXWntk rJw YnX|r ||7}Pq Wy4tdd }||jjjdd7}WdQRXWntk rYnX|r|SyRdd lm}m}|d d d d dg|djd}t j d|}|dk r|j dSWntt fk rYnXt jdkrddl}yP|j|jdd|j|jB,} |j| d\} } | |jkrv| jdS| SQRXWntk rYnXdS)N/etc/machine-id/proc/sys/kernel/random/boot_idrbz/proc/self/cgroup/rr)PopenPIPEZioregz-cZIOPlatformExpertDevicez-d2)stdouts"serial-number" = <([^>]+)r win32zSOFTWARE\Microsoft\CryptographyZ MachineGuidzutf-8)r#r$)openreadlinestripOSError rpartition subprocessr'r( communicateresearchgroup ImportErrorsysplatformwinregOpenKeyHKEY_LOCAL_MACHINEZKEY_READZKEY_WOW64_64KEY QueryValueExREG_SZr) linuxfilenamefvaluer'r(dumpmatchr9ZrkZguidZ guid_typerrr _generate1sV   (     z!get_machine_id.._generate) _machine_idtOptionalUnionstrbytes)rDrrr get_machine_id+s CrKc@s*eZdZdZejeejfdddZdS) _ConsoleFramez]Helper class so that we can reuse the frame console code for the standalone console. ) namespacecCst||_d|_dS)Nr)r consoleid)selfrMrrr __init__}s z_ConsoleFrame.__init__N) __name__ __module__ __qualname____doc__rFDictrIAnyrQrrrr rLxsrLr)apprc stjjd}d}d|dkr dS|dk rJ|jddjrJd|krF|}n|t|dtjt|j j }y t j }Wnt tfk rd}YnXtjj|}||t|dt|jt|ddg}ttjtg}tj}x8t||D]*} | sqt| tr| jd } |j| qW|jd d |jdd } dkr\|jd t|jdddd|dkrxLdD]@tdkrldj fddt!dtD}PqlW}|| fS)aQGiven an application object this returns a semi-stable 9 digit pin code and a random key. The hope is that this is stable between restarts to not make debugging particularly frustrating. If the pin was forcefully disabled this returns `None`. Second item in the resulting tuple is the cookie name for remembering. ZWERKZEUG_DEBUG_PINNoff-rSrR__file__zutf-8s cookiesaltZ__wzdspinsaltZ09d rc3s&|]}||jdVqdS)0N)rjust).0x) group_sizenumrr sz*get_pin_and_cookie_name..)NN)r`rarb)"osenvirongetrisdigitgetattrrFcastobject __class__rSgetpassgetuserr6KeyErrorr7modulestyperRrIuuidgetnoderKrrr isinstancerupdaterintlenrrange) rXrrvmodnameusernamemodZprobably_public_bitsZ private_bitshbitZ cookie_namer)rgrhr get_pin_and_cookie_namesR            rc @sHeZdZUdZeed+deeeej ej gej eej ffeeedd d d Z eej ed d d Zejedddd Zeed ddZddejedddZeeejeefedddZeedddZeeedddZdej ed d!d"Zdd d#d$Zeedd%d&Zed d'd(Z ddej!edd)d*Z"dS),DebuggedApplicationaEnables debugging support for a given application:: from werkzeug.debug import DebuggedApplication from myapp import app app = DebuggedApplication(app, evalex=True) The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. :param request_key: The key that points to the request object in ths environment. This parameter is ignored in current versions. :param console_path: the URL for a general purpose console. :param console_init_func: the function that is executed before starting the general purpose console. The return value is used as initial namespace. :param show_hidden_frames: by default hidden traceback frames are skipped. You can show them by setting this parameter to `True`. :param pin_security: can be used to disable the pin based security system. :param pin_logging: enables the logging of the pin system. Fwerkzeug.request/consoleNTr) rXevalex request_key console_pathconsole_init_funcshow_hidden_frames pin_security pin_loggingrc Cs|sd}||_||_i|_i|_||_||_||_||_td|_ d|_ ||_ |rt j jddkr|rtdd|jdkrtddqtdd |jnd|_dS) Nr]rZWERKZEUG_RUN_MAINtruewarningz * Debugger is active!z- * Debugger PIN disabled. DEBUGGER UNSECURED!infoz * Debugger PIN: %s)rXrframes tracebacksrrrrrsecret_failed_pin_authrrjrkrlrr) rPrXrrrrrrrrrr rQs(     zDebuggedApplication.__init__)rcCs&t|ds t|j}|\|_|_|jS)N_pin)hasattrrrXr _pin_cookie)rP pin_cookierrr rs   zDebuggedApplication.pin)rArcCs ||_dS)N)r)rPrArrr r!scCs&t|ds t|j}|\|_|_|jS)zThe name of the pin cookie.r)rrrXrr)rPrrrr pin_cookie_name%s   z#DebuggedApplication.pin_cookie_namerr)rkstart_responserccsd}y,|j||}|EdHt|dr.|jWntk rt|drT|jtd|jdd}x|jD]}||j|j<qlW||j|j<y|dddgWn"tk r|d j d Yn.Xt |j |}|j |j ||jd jddV|j|d YnXdS)z6Run the application and conserve the traceback frames.Ncloser T)skiprZignore_system_exceptionsz500 INTERNAL SERVER ERROR Content-Typetext/html; charset=utf-8X-XSS-Protectionrcz wsgi.errorszpDebugging middleware caught exception in streamed response at a point where response headers were already sent. )revalex_trustedrzutf-8r)rr)rrc)rXrr ExceptionrrrrOrwriteboolcheck_pin_trustZ render_fullrrrlog)rPrkrZapp_iter tracebackframe is_trustedrrr debug_application-s:          z%DebuggedApplication.debug_application)requestcommandrrcCst|jj|ddS)zExecute a command in a console.z text/html)mimetype)r rNeval)rPrrrrrr execute_command_sz#DebuggedApplication.execute_command)rrcCshd|jkrB|jdkri}n t|j}|jd|jt||jd<t|j|j}t t |j |dddS)zDisplay a standalone shell.rNrX)rrz text/html)r) rrdict setdefaultrXrLrrrkr rr)rPrnsrrrr display_consolees    z#DebuggedApplication.display_console)rr?rc Csjtdt|}ytjt|}Wntk r6d}YnX|dk r^tj|dpPd}t||dStdddS) z0Return a static resource from the shared folder.ZsharedNrzapplication/octet-stream)rz Not Foundi)status) rrpkgutilget_data __package__r/ mimetypes guess_typer )rPrr?datarrrr get_resourcets  z DebuggedApplication.get_resource)rkrcCsr|jdkrdSt|j|j}| s,d|kr0dS|jdd\}}|jsLdS|t|jkr^dStjtt |kS)a!Checks if the request passed the pin test. This returns `True` if the request is trusted on a pin/cookie basis and returns `False` if not. Additionally if the cookie's stored pin hash is wrong it will return `None` so that appropriate action can be taken. NT|Fr ) rrrlrsplitrmr!timePIN_TIMEr{)rPrkvaltsZpin_hashrrr rs z#DebuggedApplication.check_pin_trustcCs*tj|jdkrdnd|jd7_dS)Nr`g@g?r )rsleepr)rPrrr _fail_pin_authsz"DebuggedApplication._fail_pin_authc Csd}d}|j|j}tjt|j}d}|dkr<|jd}nT|rFd}nJ|jdkrVd}n:|jd}|j j dd|j ddkrd|_d}n|jt t j ||d d d }|r|j|jttjd t|dd |jdn|r|j|j|S)zAuthenticates with the pin.FNT rrZr[r)auth exhaustedzapplication/json)rrZStrict)httponlyZsamesitesecure)rrkrFrorIrrrargsr.rr jsondumps set_cookierr{rr!Z is_secureZ delete_cookie) rPrrrtrustr bad_cookieZ entered_pinr~rrr pin_auths<     zDebuggedApplication.pin_authcCs0|jr(|jdk r(tddtdd|jtdS)zLog the pin if needed.Nrz= * To enable the debugger you need to enter the security pin:z * Debugger pin code: %sr[)rrrr )rPrrr log_pin_requests z#DebuggedApplication.log_pin_requestc Cst|}|j}|jjddkr|jjd}|jjd}|jjd}|jj|jjdtd}|dkrt|rt|j||}nr|d kr||jkr|j|}nT|d kr||jkr|j }n8|j r|d k r|d k r|j|kr|j |r|j |||}n,|j r|j d k r|j|j kr|j|}|||S) zDispatch the requests.Z __debugger__yescmdr@sZfrm)rvresourceZpinauthZprintpinN)r rrrlrr{rrrrrrrrpathr) rPrkrrresponserargrrrrr __call__s0          zDebuggedApplication.__call__)FrrNFTT)#rRrSrTrUrIrrrrFrGCallablerVrWrQpropertyrsetterrIteratorrJrr rHr rLr rrrrrrrIterablerrrrr rs: .1 3 riiQi: )NN)3rrrrrrjrr3r7rtypingrFrw itertoolsros.pathrrZ _internalrhttprsecurityrZwrappers.requestr Zwrappers.responser rNr Ztbtoolsr rrrZ TYPE_CHECKINGZ_typeshed.wsgirrrrrIr!rErGrHrJrKrLTuplerrrrrr sH                M (T