U Aޫ^C@s(dZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZd dlmZd dlm Z d dlm!Z!dZ"ddZ#da$ddZ%Gddde&Z'ddZ(Gddde&Z)dS)z werkzeug.debug ~~~~~~~~~~~~~~ WSGI application traceback debugger. :copyright: 2007 Pallets :license: BSD-3-Clause N)chain)basename)join) text_type)_log) parse_cookie)gen_salt) BaseRequest) BaseResponse)Console)get_current_traceback)render_console_htmli: cCs0t|tr|dd}t|dddS)Nutf-8replaces shittysalt ) isinstancerencodehashlibmd5 hexdigest)pinr;/tmp/pip-unpacked-wheel-74fb410_/werkzeug/debug/__init__.pyhash_pin's  rcCstdk r tSdd}|atS)Nc Ssd}dD]T}z&t|d}|}W5QRXWntk rJYqYnX|r||7}q^qz4tdd }||dd7}W5QRXWntk rYnX|r|SzTddlm}m}|d d d d d g|dd}t d|}|dk r| dWSWnt t fk rYnXz ddl}Wn>t k rjz ddl}Wnt k rdd}YnXYnX|dk rzl||jdd|j|jBH} || d\} } | |jkr| dW5QRWS| W5QRWSQRXWntk rYnXdS)N)z/etc/machine-idz/proc/sys/kernel/random/boot_idrbz/proc/self/cgroup/rr)PopenPIPEZioregz-cZIOPlatformExpertDevicez-d2)stdouts"serial-number" = <([^>]+)r zSOFTWARE\Microsoft\CryptographyZ MachineGuidr)openreadlinestripIOError rpartition subprocessrr communicateresearchgroupOSError ImportErrorwinreg_winregOpenKeyHKEY_LOCAL_MACHINEZKEY_READZKEY_WOW64_64KEY QueryValueExREG_SZrZ WindowsError) linuxfilenamefvaluerr dumpmatchwrZrkZguidZ guid_typerrr _generate6sh   (        z!get_machine_id.._generate) _machine_id)r<rrrget_machine_id0s Er>c@seZdZdZddZdS) _ConsoleFramez]Helper class so that we can reuse the frame console code for the standalone console. cCst||_d|_dS)Nr)r consoleid)self namespacerrr__init__s z_ConsoleFrame.__init__N)__name__ __module__ __qualname____doc__rDrrrrr?sr?c stjd}d}d|dkr dS|dk rJ|ddrJd|krF|}n|t|d|jj}z t }Wnt t fk rd}YnXt j |}||t|d|jjt|d dg}tttg}t}t||D](} | sqt| tr| d } || q|d d |dd } dkrJ|ddt|ddd|dkrdD]DtdkrXdfddtdtD}qqX}|| fS)aQGiven an application object this returns a semi-stable 9 digit pin code and a random key. The hope is that this is stable between restarts to not make debugging particularly frustrating. If the pin was forcefully disabled this returns `None`. Second item in the resulting tuple is the cookie name for remembering. ZWERKZEUG_DEBUG_PINNoff)NN-rFrE__file__rs cookiesaltZ__wzdspinsaltz%09d )rc3s&|]}||dVqdS)0N)rjust).0xZ group_sizenumrr sz*get_pin_and_cookie_name..)osenvirongetrisdigitgetattr __class__rFgetpassgetuserr.KeyErrorsysmodulesrEstruuidZgetnoder>rrrrrrupdaterintlenrrange) apprrvmodnameusernamemodZprobably_public_bitsZ private_bitshbitZ cookie_namerrWrget_pin_and_cookie_namesT              rrc@seZdZdZd"ddZed d Zejd d Zed d ZddZ ddZ ddZ ddZ ddZ ddZddZddZddZd d!ZdS)#DebuggedApplicationaEnables debugging support for a given application:: from werkzeug.debug import DebuggedApplication from myapp import app app = DebuggedApplication(app, evalex=True) The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. :param request_key: The key that points to the request object in ths environment. This parameter is ignored in current versions. :param console_path: the URL for a general purpose console. :param console_init_func: the function that is executed before starting the general purpose console. The return value is used as initial namespace. :param show_hidden_frames: by default hidden traceback frames are skipped. You can show them by setting this parameter to `True`. :param pin_security: can be used to disable the pin based security system. :param pin_logging: enables the logging of the pin system. Fwerkzeug.request/consoleNTc Cs|sd}||_||_i|_i|_||_||_||_||_td|_ d|_ ||_ |rt j ddkr|rtdd|jdkrtddqtdd |jnd|_dS) NrMrZWERKZEUG_RUN_MAINtruewarningz * Debugger is active!z- * Debugger PIN disabled. DEBUGGER UNSECURED!infoz * Debugger PIN: %s)rkevalexframes tracebacks request_key console_pathconsole_init_funcshow_hidden_framesr secret_failed_pin_auth pin_loggingrZr[r\rr) rBrkryr|r}r~rZ pin_securityrrrrrDs(     zDebuggedApplication.__init__cCs"t|dst|j\|_|_|jS)N_pinhasattrrrrkr _pin_cookierBrrrrs zDebuggedApplication.pincCs ||_dS)N)r)rBr8rrrr!scCs"t|dst|j\|_|_|jS)zThe name of the pin cookie.rrrrrrpin_cookie_name%s z#DebuggedApplication.pin_cookie_namec csd}z2|||}|D] }|Vqt|dr4|Wntk rt|drZ|td|jdd}|jD]}||j|j<qp||j|j<z|dddgWn"tk r|d  d Yn.Xt | |}|j |j ||jd d d V||d YnXdS)z6Run the application and conserve the traceback frames.Ncloser T)skiprZignore_system_exceptionsz500 INTERNAL SERVER ERROR)z Content-Typeztext/html; charset=utf-8)zX-XSS-ProtectionrSz wsgi.errorszpDebugging middleware caught exception in streamed response at a point where response headers were already sent. )ryevalex_trustedrrr)rkrr ExceptionrrrzrAr{writeboolcheck_pin_trustZ render_fullryrrlog)rBr[start_responseZapp_iteritem tracebackframe is_trustedrrrdebug_application,sN        z%DebuggedApplication.debug_applicationcCst|j|ddS)zExecute a command in a console. text/htmlmimetype)Responser@eval)rBrequestcommandrrrrexecute_command]sz#DebuggedApplication.execute_commandcCshd|jkrB|jdkri}n t|}|d|jt||jd<t||j}t t |j |dddS)zDisplay a standalone shell.rNrk)rrrr) rzr~dict setdefaultrkr?rrr[rrr)rBrnsrrrrdisplay_consoleas    z#DebuggedApplication.display_consolecCs|}tt|ddS)z/Paste the traceback and return a JSON response.application/jsonr)pasterjsondumps)rBrrrlrrrpaste_tracebackpsz#DebuggedApplication.paste_tracebackcCsjtdt|}ztt|}Wntk r6d}YnX|dk r^t|dpPd}t||dStdddS) z0Return a static resource from the shared folder.ZsharedNrzapplication/octet-streamrz Not Foundi)status) rrpkgutilget_data __package__r- mimetypes guess_typer)rBrr6datarrrr get_resourceus  z DebuggedApplication.get_resourcecCsp|jdkrdSt||j}|r*d|kr.dS|dd\}}|sJdS|t|jkr\dSttt |kS)a!Checks if the request passed the pin test. This returns `True` if the request is trusted on a pin/cookie basis and returns `False` if not. Additionally if the cookie's stored pin hash is wrong it will return `None` so that appropriate action can be taken. NT|Fr ) rrr\rsplitr]rtimePIN_TIMErh)rBr[valtsZpin_hashrrrrs  z#DebuggedApplication.check_pin_trustcCs*t|jdkrdnd|jd7_dS)NrPg@g?r )rsleeprrrrr_fail_pin_authsz"DebuggedApplication._fail_pin_authcCsd}d}||j}d}|dkr.|d}nX|r8d}nN|jdkrHd}n>|jd}|dd|jddkr~d|_d}n|t t ||d d d }|r|j |j d ttt|jfdd n|r||j |S)zAuthenticates with the pin.FNT rrJrKr)auth exhaustedrrz%s|%s)httponly)rr[rrargsr\r%rrrrr set_cookierrhrrZ delete_cookie)rBrrrtrust bad_cookieZ entered_pinrlrrrpin_auths:    zDebuggedApplication.pin_authcCs2|jr*|jdk r*tddtdd|jtdS)zLog the pin if needed.Nrxz= * To enable the debugger you need to enter the security pin:z * Debugger pin code: %srK)rrrrrrrrlog_pin_requestsz#DebuggedApplication.log_pin_requestc Csjt|}|j}|jddkr4|jd}|jd}|jd}|j|jjdtd}|j|jjdtd} |d kr|r|||}n|d kr|d k r||jkr| ||}n||d kr||jkr| |}n^|d kr||jkr| }nB|j r`|d k r`| d k r`|j|kr`| |r`|||| }n,|j r`|jd k r`|j|jkr`||}|||S)zDispatch the requests.Z __debugger__yescmdr7stb)typefrmresourcerNZpinauthZprintpin)Requestrrr\r{rhrzrrrrrryrrr}pathr) rBr[rrresponserargrrrrrr__call__sF        zDebuggedApplication.__call__)FrtruNFTT)rErFrGrHrDpropertyrsetterrrrrrrrrrrrrrrrrss2 $   1 / rs)*rHr`rrrrZrr*rcrrf itertoolsros.pathrr_compatr _internalrhttprsecurityr wrappersr rr rr@r Ztbtoolsrrrrr=r>objectr?rrrsrrrrs:             O S