diff options
| author | Tim Graham <timograham@gmail.com> | 2013-09-17 07:46:38 -0400 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2013-09-18 09:56:01 -0400 |
| commit | 778d4da9cc249839b059e45d90e3a947bb76dd6d (patch) | |
| tree | 1cc08abc54cbe49b2adc520a53e2965975dea3f6 /django | |
| parent | dbad65ded76d571937ce276e15cad2e19e9989fb (diff) | |
[1.6.x] Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict
Thanks simonpercivall for the report and bmispelon for the review.
Backport of 2daada800f from master
Diffstat (limited to 'django')
| -rw-r--r-- | django/views/debug.py | 37 |
1 files changed, 29 insertions, 8 deletions
diff --git a/django/views/debug.py b/django/views/debug.py index b9fe8f2969..21e2eac06b 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -11,6 +11,7 @@ from django.http import (HttpResponse, HttpResponseServerError, HttpResponseNotFound, HttpRequest, build_request_repr) from django.template import Template, Context, TemplateDoesNotExist from django.template.defaultfilters import force_escape, pprint +from django.utils.datastructures import MultiValueDict from django.utils.html import escape from django.utils.encoding import force_bytes, smart_text from django.utils.module_loading import import_by_path @@ -118,6 +119,20 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): """ return settings.DEBUG is False + def get_cleansed_multivaluedict(self, request, multivaluedict): + """ + Replaces the keys in a MultiValueDict marked as sensitive with stars. + This mitigates leaking sensitive POST parameters if something like + request.POST['nonexistent_key'] throws an exception (#21098). + """ + sensitive_post_parameters = getattr(request, 'sensitive_post_parameters', []) + if self.is_active(request) and sensitive_post_parameters: + multivaluedict = multivaluedict.copy() + for param in sensitive_post_parameters: + if param in multivaluedict: + multivaluedict[param] = CLEANSED_SUBSTITUTE + return multivaluedict + def get_post_parameters(self, request): """ Replaces the values of POST parameters marked as sensitive with @@ -143,6 +158,15 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): else: return request.POST + def cleanse_special_types(self, request, value): + if isinstance(value, HttpRequest): + # Cleanse the request's POST parameters. + value = self.get_request_repr(value) + elif isinstance(value, MultiValueDict): + # Cleanse MultiValueDicts (request.POST is the one we usually care about) + value = self.get_cleansed_multivaluedict(request, value) + return value + def get_traceback_frame_variables(self, request, tb_frame): """ Replaces the values of variables marked as sensitive with @@ -173,17 +197,14 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter): for name, value in tb_frame.f_locals.items(): if name in sensitive_variables: value = CLEANSED_SUBSTITUTE - elif isinstance(value, HttpRequest): - # Cleanse the request's POST parameters. - value = self.get_request_repr(value) + else: + value = self.cleanse_special_types(request, value) cleansed[name] = value else: - # Potentially cleanse only the request if it's one of the frame variables. + # Potentially cleanse the request and any MultiValueDicts if they + # are one of the frame variables. for name, value in tb_frame.f_locals.items(): - if isinstance(value, HttpRequest): - # Cleanse the request's POST parameters. - value = self.get_request_repr(value) - cleansed[name] = value + cleansed[name] = self.cleanse_special_types(request, value) if (tb_frame.f_code.co_name == 'sensitive_variables_wrapper' and 'sensitive_variables_wrapper' in tb_frame.f_locals): |
