Commit 317c3556 authored by Kostas Papadimitriou's avatar Kostas Papadimitriou
Browse files

Merge branch 'cleanse-settings' into devel-0.12

parents 0fc85a36 a1e1e488
from log import LoggingConfigMiddleware
from secure import SecureMiddleware
from remoteaddr import RemoteAddrMiddleware
from cleanse import CleanseSettingsMiddleware
# Copyright 2011-2012 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above
# copyright notice, this list of conditions and the following
# disclaimer.
#
# 2. Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials
# provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
from django.conf import settings
from django.core.exceptions import MiddlewareNotUsed
from django.core import mail
from django.views import debug
import re
def mail_admins_safe(subject, message, fail_silently=False, connection=None):
'''
Wrapper function to cleanse email body from sensitive content before
sending it
'''
HIDDEN_ALL = settings.HIDDEN_SETTINGS + "|" + settings.HIDDEN_COOKIES
message = re.sub("((\S+)?(%s)(\S+)?(:|\=)( )?)('|\"?)\S+('|\"?)" \
% HIDDEN_ALL, r"\1*******", message)
return mail.mail_admins_plain(subject, message, fail_silently, connection)
class CleanseSettingsMiddleware(object):
def __init__(self):
'''
Prevent django from printing sensitive information (paswords, tokens
etc), when handling server errors (for both DEBUG and no-DEBUG
deployments.
'''
debug.HIDDEN_SETTINGS = re.compile(settings.HIDDEN_SETTINGS)
mail.mail_admins_plain = mail.mail_admins
mail.mail_admins = mail_admins_safe
raise MiddlewareNotUsed('cleanse settings')
......@@ -66,7 +66,8 @@ MIDDLEWARE_CLASSES = (
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'synnefo.lib.middleware.LoggingConfigMiddleware'
'synnefo.lib.middleware.LoggingConfigMiddleware',
'synnefo.lib.middleware.CleanseSettingsMiddleware'
)
MIDDLEWARE_CLASSES = extend_list_from_entry_point(MIDDLEWARE_CLASSES, \
'synnefo', 'web_middleware')
......
......@@ -16,3 +16,7 @@ SECRET_KEY = 'ly6)mw6a7x%n)-e#zzk4jo6f2=uqu!1o%)2-(7lo+f9yd^k^bg'
# preference to the Host header. This should only be enabled if a proxy which
# sets this header is in use.
USE_X_FORWARDED_HOST = True
# Settings / cookies that should be 'cleansed'
HIDDEN_SETTINGS = 'SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE|AMQP_HOSTS|PRIVATE_KEY|DB_CONNECTION'
HIDDEN_COOKIES = '_pithos2_a|token|sessionid|shibstate|shibsession|CSRF_COOKIE'
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment