kleinhenzes60188
/
social_media_platform
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Development of an internal social media platform with personalised dashboards for students
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 Commits
2 Branches
Tree: 7d0350d452
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7d0350d452'
${ noResults }
social_media_platform/thesisenv/lib/python3.6/site-packages/debug_toolbar/panels/sql/forms.py

forms.py 2.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. from __future__ import absolute_import, unicode_literals

  2. 

  3. import hashlib

  4. import hmac

  5. import json

  6. 

  7. from django import forms

  8. from django.conf import settings

  9. from django.core.exceptions import ValidationError

  10. from django.db import connections

  11. from django.utils.crypto import constant_time_compare

  12. from django.utils.encoding import force_bytes

  13. from django.utils.functional import cached_property

  14. 

  15. from debug_toolbar.panels.sql.utils import reformat_sql

  16. 

  17. 

  18. class SQLSelectForm(forms.Form):

  19.     """

  20.     Validate params

  21. 

  22.         sql: The sql statement with interpolated params

  23.         raw_sql: The sql statement with placeholders

  24.         params: JSON encoded parameter values

  25.         duration: time for SQL to execute passed in from toolbar just for redisplay

  26.         hash: the hash of (secret + sql + params) for tamper checking

  27.     """

  28.     sql = forms.CharField()

  29.     raw_sql = forms.CharField()

  30.     params = forms.CharField()

  31.     alias = forms.CharField(required=False, initial='default')

  32.     duration = forms.FloatField()

  33.     hash = forms.CharField()

  34. 

  35.     def __init__(self, *args, **kwargs):

  36.         initial = kwargs.get('initial', None)

  37. 

  38.         if initial is not None:

  39.             initial['hash'] = self.make_hash(initial)

  40. 

  41.         super(SQLSelectForm, self).__init__(*args, **kwargs)

  42. 

  43.         for name in self.fields:

  44.             self.fields[name].widget = forms.HiddenInput()

  45. 

  46.     def clean_raw_sql(self):

  47.         value = self.cleaned_data['raw_sql']

  48. 

  49.         if not value.lower().strip().startswith('select'):

  50.             raise ValidationError("Only 'select' queries are allowed.")

  51. 

  52.         return value

  53. 

  54.     def clean_params(self):

  55.         value = self.cleaned_data['params']

  56. 

  57.         try:

  58.             return json.loads(value)

  59.         except ValueError:

  60.             raise ValidationError('Is not valid JSON')

  61. 

  62.     def clean_alias(self):

  63.         value = self.cleaned_data['alias']

  64. 

  65.         if value not in connections:

  66.             raise ValidationError("Database alias '%s' not found" % value)

  67. 

  68.         return value

  69. 

  70.     def clean_hash(self):

  71.         hash = self.cleaned_data['hash']

  72. 

  73.         if not constant_time_compare(hash, self.make_hash(self.data)):

  74.             raise ValidationError('Tamper alert')

  75. 

  76.         return hash

  77. 

  78.     def reformat_sql(self):

  79.         return reformat_sql(self.cleaned_data['sql'])

  80. 

  81.     def make_hash(self, data):

  82.         m = hmac.new(key=force_bytes(settings.SECRET_KEY), digestmod=hashlib.sha1)

  83.         for item in [data['sql'], data['params']]:

  84.             m.update(force_bytes(item))

  85.         return m.hexdigest()

  86. 

  87.     @property

  88.     def connection(self):

  89.         return connections[self.cleaned_data['alias']]

  90. 

  91.     @cached_property

  92.     def cursor(self):

  93.         return self.connection.cursor()