summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-09-17 07:46:38 -0400
committerTim Graham <timograham@gmail.com>2013-09-18 09:56:01 -0400
commit778d4da9cc249839b059e45d90e3a947bb76dd6d (patch)
tree1cc08abc54cbe49b2adc520a53e2965975dea3f6 /django
parentdbad65ded76d571937ce276e15cad2e19e9989fb (diff)
[1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict
Thanks simonpercivall for the report and bmispelon for the review. Backport of 2daada800f from master
Diffstat (limited to 'django')
-rw-r--r--django/views/debug.py37
1 files changed, 29 insertions, 8 deletions
diff --git a/django/views/debug.py b/django/views/debug.py
index b9fe8f2969..21e2eac06b 100644
--- a/django/views/debug.py
+++ b/django/views/debug.py
@@ -11,6 +11,7 @@ from django.http import (HttpResponse, HttpResponseServerError,
HttpResponseNotFound, HttpRequest, build_request_repr)
from django.template import Template, Context, TemplateDoesNotExist
from django.template.defaultfilters import force_escape, pprint
+from django.utils.datastructures import MultiValueDict
from django.utils.html import escape
from django.utils.encoding import force_bytes, smart_text
from django.utils.module_loading import import_by_path
@@ -118,6 +119,20 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter):
"""
return settings.DEBUG is False
+ def get_cleansed_multivaluedict(self, request, multivaluedict):
+ """
+ Replaces the keys in a MultiValueDict marked as sensitive with stars.
+ This mitigates leaking sensitive POST parameters if something like
+ request.POST['nonexistent_key'] throws an exception (#21098).
+ """
+ sensitive_post_parameters = getattr(request, 'sensitive_post_parameters', [])
+ if self.is_active(request) and sensitive_post_parameters:
+ multivaluedict = multivaluedict.copy()
+ for param in sensitive_post_parameters:
+ if param in multivaluedict:
+ multivaluedict[param] = CLEANSED_SUBSTITUTE
+ return multivaluedict
+
def get_post_parameters(self, request):
"""
Replaces the values of POST parameters marked as sensitive with
@@ -143,6 +158,15 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter):
else:
return request.POST
+ def cleanse_special_types(self, request, value):
+ if isinstance(value, HttpRequest):
+ # Cleanse the request's POST parameters.
+ value = self.get_request_repr(value)
+ elif isinstance(value, MultiValueDict):
+ # Cleanse MultiValueDicts (request.POST is the one we usually care about)
+ value = self.get_cleansed_multivaluedict(request, value)
+ return value
+
def get_traceback_frame_variables(self, request, tb_frame):
"""
Replaces the values of variables marked as sensitive with
@@ -173,17 +197,14 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter):
for name, value in tb_frame.f_locals.items():
if name in sensitive_variables:
value = CLEANSED_SUBSTITUTE
- elif isinstance(value, HttpRequest):
- # Cleanse the request's POST parameters.
- value = self.get_request_repr(value)
+ else:
+ value = self.cleanse_special_types(request, value)
cleansed[name] = value
else:
- # Potentially cleanse only the request if it's one of the frame variables.
+ # Potentially cleanse the request and any MultiValueDicts if they
+ # are one of the frame variables.
for name, value in tb_frame.f_locals.items():
- if isinstance(value, HttpRequest):
- # Cleanse the request's POST parameters.
- value = self.get_request_repr(value)
- cleansed[name] = value
+ cleansed[name] = self.cleanse_special_types(request, value)
if (tb_frame.f_code.co_name == 'sensitive_variables_wrapper'
and 'sensitive_variables_wrapper' in tb_frame.f_locals):