U (Q^cG@s<dZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZd dlmZd dlm Z!d dl"m#Z#d dl"m$Z$ddZ dZ%ddZ&da'ddZ(Gddde)Z*ddZ+Gddde)Z,dS)z werkzeug.debug ~~~~~~~~~~~~~~ WSGI application traceback debugger. :copyright: 2007 Pallets :license: BSD-3-Clause N)chain)basename)join) text_type)_log) parse_cookie)gen_salt) BaseRequest) BaseResponse)Console) debug_repr)get_current_traceback)render_console_htmlcOs"ddl}|jdtddt||S)Nrz}'debug_repr' has moved to 'werkzeug.debug.repr.debug_repr' as of version 0.7. This old import will be removed in version 1.0.r stacklevel)warningswarnDeprecationWarning _debug_repr)argskwargsrr=/tmp/pip-install-bd4o36v9/Werkzeug/werkzeug/debug/__init__.pyr%sri: cCs0t|tr|dd}t|dddS)Nutf-8replaces shittysalt ) isinstancerencodehashlibmd5 hexdigest)pinrrrhash_pin6s  r$cCs&t}|dk r|Sdd}|a}|S)Nc Ssz td}|}W5QRXWntk r4YnX|dd}|rP|SdD]R}z4t|d }|W5QRWSQRXWqTtk rYqTYqTXqTzRddlm}m}|dd d d d g|d d}t d|}|dk r| dWSWnt t fk rYnXd}z ddl}Wn:t k r`z ddl}Wnt k rZYnXYnX|dk rzp||jdd|j|jBL}||d\} } | |jkr| dW5QRWS| W5QRWSW5QRXWntk rYnXdS)Nz/proc/self/cgroupz/docker/r)z/etc/machine-idz/proc/sys/kernel/random/boot_idrbr)PopenPIPEZioregz-cZIOPlatformExpertDevicez-d2)stdouts"serial-number" = <([^>]+)r zSOFTWARE\Microsoft\CryptographyZ MachineGuidr)openreadlineIOErrorstrip partition subprocessr&r' communicateresearchgroupOSError ImportErrorwinreg_winregOpenKeyHKEY_LOCAL_MACHINEZKEY_READZKEY_WOW64_64KEY QueryValueExREG_SZrZ WindowsError) fvaluefilenamer&r'dumpmatchwrZrkZ machineGuidZwrTyperrr _generateEsd  (          z!get_machine_id.._generate) _machine_id)rvrBrrrget_machine_id?s A rEc@seZdZdZddZdS) _ConsoleFramez]Helper class so that we can reuse the frame console code for the standalone console. cCst||_d|_dS)Nr)r consoleid)self namespacerrr__init__s z_ConsoleFrame.__init__N)__name__ __module__ __qualname____doc__rKrrrrrFsrFc stjd}d}d|dkr dS|dk rJ|ddrJd|krF|}n|t|d|jj}z t }Wnt t fk rd}YnXt j |}||t|d|jjt|d dg}tttg}t}t||D](} | sqt| tr| d } || q|d d |dd } dkrJ|ddt|ddd|dkrdD]DtdkrXdfddtdtD}qqX}|| fS)aQGiven an application object this returns a semi-stable 9 digit pin code and a random key. The hope is that this is stable between restarts to not make debugging particularly frustrating. If the pin was forcefully disabled this returns `None`. Second item in the resulting tuple is the cookie name for remembering. ZWERKZEUG_DEBUG_PINNoff)NN-rMrL__file__rs cookiesaltZ__wzdspinsaltz%09d )rc3s&|]}||dVqdS)0N)rjust).0xZ group_sizenumrr sz*get_pin_and_cookie_name..)osenvirongetrisdigitgetattr __class__rMgetpassgetuserr5KeyErrorsysmodulesrLstruuidZgetnoderEr r!rrrrupdater"intlenrrange) appr#rDmodnameusernamemodZprobably_public_bitsZ private_bitshbitZ cookie_namerr^rget_pin_and_cookie_namesT              rxc@seZdZdZd#ddZd d Zd d ZeeeZ[[ed dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"ZdS)$DebuggedApplicationaQEnables debugging support for a given application:: from werkzeug.debug import DebuggedApplication from myapp import app app = DebuggedApplication(app, evalex=True) The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. .. versionadded:: 0.9 The `lodgeit_url` parameter was deprecated. :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. :param request_key: The key that points to the request object in ths environment. This parameter is ignored in current versions. :param console_path: the URL for a general purpose console. :param console_init_func: the function that is executed before starting the general purpose console. The return value is used as initial namespace. :param show_hidden_frames: by default hidden traceback frames are skipped. You can show them by setting this parameter to `True`. :param pin_security: can be used to disable the pin based security system. :param pin_logging: enables the logging of the pin system. Fwerkzeug.request/consoleNTc Cs|dk r"ddlm} | dtdd|s*d}||_||_i|_i|_||_||_||_ ||_ t d|_ d|_ | |_|rtjddkr| rtd d |jdkrtd d qtd d |jnd|_dS)Nr)rz'lodgeit_url' is no longer used as of version 0.9 and will be removed in version 1.0. Werkzeug uses https://gist.github.com/ instead.rrrTZWERKZEUG_RUN_MAINtruewarningz * Debugger is active!z- * Debugger PIN disabled. DEBUGGER UNSECURED!infoz * Debugger PIN: %s)rrrrrevalexframes tracebacks request_key console_pathconsole_init_funcshow_hidden_framesr secret_failed_pin_auth pin_loggingrarbrcrr#) rIrrrrrrrZ lodgeit_urlZ pin_securityrrrrrrKs6      zDebuggedApplication.__init__cCs"t|dst|j\|_|_|jS)N_pinhasattrrxrrr _pin_cookierIrrr_get_pin4s zDebuggedApplication._get_pincCs ||_dS)N)r)rIr=rrr_set_pin9szDebuggedApplication._set_pincCs"t|dst|j\|_|_|jS)zThe name of the pin cookie.rrrrrrpin_cookie_name?s z#DebuggedApplication.pin_cookie_namec csd}z2|||}|D] }|Vqt|dr4|Wntk rt|drZ|td|jdd}|jD]}||j|j<qp||j|j<z|dddgWn"tk r|d  d Yn.Xt | |}|j |j ||jd d d V||d YnXdS)z6Run the application and conserve the traceback frames.Ncloser T)skiprZignore_system_exceptionsz500 INTERNAL SERVER ERROR)z Content-Typeztext/html; charset=utf-8)zX-XSS-ProtectionrZz wsgi.errorszpDebugging middleware caught exception in streamed response at a point where response headers were already sent. )revalex_trustedrrr)rrrr ExceptionrrrrHrwriteboolcheck_pin_trustZ render_fullrrrlog)rIrbstart_responseZapp_iteritem tracebackframe is_trustedrrrdebug_applicationFsN        z%DebuggedApplication.debug_applicationcCst|j|ddS)zExecute a command in a console. text/htmlmimetype)ResponserGeval)rIrequestcommandrrrrexecute_commandwsz#DebuggedApplication.execute_commandcCshd|jkrB|jdkri}n t|}|d|jt||jd<t||j}t t |j |dddS)zDisplay a standalone shell.rNrr)rrrr) rrdict setdefaultrrrFrrrbrrr)rIrnsrrrrdisplay_console{s    z#DebuggedApplication.display_consolecCs|}tt|ddS)z/Paste the traceback and return a JSON response.application/jsonr)pasterjsondumps)rIrrrDrrrpaste_tracebacksz#DebuggedApplication.paste_tracebackcCsjtdt|}ztt|}Wntk r6d}YnX|dk r^t|dpPd}t||dStdddS) z0Return a static resource from the shared folder.ZsharedNrzapplication/octet-streamrz Not Foundi)status) rrpkgutilget_data __package__r4 mimetypes guess_typer)rIrr>datarrrr get_resources  z DebuggedApplication.get_resourcecCsp|jdkrdSt||j}|r*d|kr.dS|dd\}}|sJdS|t|jkr\dSttt |kS)a!Checks if the request passed the pin test. This returns `True` if the request is trusted on a pin/cookie basis and returns `False` if not. Additionally if the cookie's stored pin hash is wrong it will return `None` so that appropriate action can be taken. NT|Fr ) r#rrcrsplitrdr$timePIN_TIMEro)rIrbvaltsZpin_hashrrrrs  z#DebuggedApplication.check_pin_trustcCs*t|jdkrdnd|jd7_dS)NrWg@g?r )rsleeprrrrr_fail_pin_authsz"DebuggedApplication._fail_pin_authcCsd}d}||j}d}|dkr.|d}nX|r8d}nN|jdkrHd}n>|jd}|dd|jddkr~d|_d}n|t t ||d d d }|r|j |j d ttt|jfdd n|r||j |S)zAuthenticates with the pin.FNT r#rQrRr)auth exhaustedrrz%s|%s)httponly)rrbrrrrcr-rr#rrr set_cookierrorr$Z delete_cookie)rIrrrtrust bad_cookieZ entered_pinrDrrrpin_auths:    zDebuggedApplication.pin_authcCs2|jr*|jdk r*tddtdd|jtdS)zLog the pin if needed.Nr~z= * To enable the debugger you need to enter the security pin:z * Debugger pin code: %srR)rr#rrrrrrlog_pin_requestsz#DebuggedApplication.log_pin_requestc Csjt|}|j}|jddkr4|jd}|jd}|jd}|j|jjdtd}|j|jjdtd} |d kr|r|||}n|d kr|d k r||jkr| ||}n||d kr||jkr| |}n^|d kr||jkr| }nB|j r`|d k r`| d k r`|j|kr`| |r`|||| }n,|j r`|jd k r`|j|jkr`||}|||S)zDispatch the requests.Z __debugger__yescmdr<stb)typefrmresourcerNZpinauthZprintpin)Requestrrrcrrorrrrrrrrrrpathr) rIrbrrresponserargrrrrrr__call__sF        zDebuggedApplication.__call__)Frzr{NFNTT)rLrMrNrOrKrrpropertyr#rrrrrrrrrrrrrrrrys4  /  1 / ry)-rOrgr rrrarr1rjrrm itertoolsros.pathrr_compatr _internalrhttprsecurityr wrappersr rr rrGr reprrrZtbtoolsrrrr$rCrEobjectrFrxryrrrrs>              K S