_C@sdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddl mZddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZd dlmZd dlm Z d dlm!Z!d Z"ddZ#da$ddZ%Gddde&Z'ddZ(Gddde&Z)dS)!z werkzeug.debug ~~~~~~~~~~~~~~ WSGI application traceback debugger. :copyright: 2007 Pallets :license: BSD-3-Clause N)chain)basename)join) text_type)_log) parse_cookie)gen_salt) BaseRequest) BaseResponse)Console)get_current_traceback)render_console_html<cCsBt|tr!|jdd}tj|djddS)Nzutf-8replaces shittysalt ) isinstancerencodehashlibmd5 hexdigest)pinr;/tmp/pip-build-5gj8f0j9/Werkzeug/werkzeug/debug/__init__.pyhash_pin'srcCs)tdk rtSdd}|atS)Nc 3Ss9d}xfdD]^}y/t|d}|jj}WdQRXWntk rYw YnX|r ||7}Pq Wy@tdd*}||jjjdd7}WdQRXWntk rYnX|r|Sypdd lm}m}|d d d d dgd|jd}t j d|}|dk r=|j dSWnt t fk rXYnXyddl}Wn=t k ryddl}Wnt k rd}YnXYnX|dk r5yk|j|jdd|j|jB?} |j| d\} } | |jkr| jdS| SWdQRXWntk r4YnXdS)N/etc/machine-id/proc/sys/kernel/random/boot_idrbz/proc/self/cgroup/rr)PopenPIPEZioregz-cZIOPlatformExpertDevicez-d2stdouts"serial-number" = <([^>]+)r zSOFTWARE\Microsoft\CryptographyZ MachineGuidzutf-8)rr )openreadlinestripIOError rpartition subprocessr#r$ communicateresearchgroupOSError ImportErrorwinreg_winregOpenKeyHKEY_LOCAL_MACHINEZKEY_READZKEY_WOW64_64KEY QueryValueExREG_SZrZ WindowsError) linuxfilenamefvaluer#r$dumpmatchwrZrkZguidZ guid_typerrr _generate6s`   . !      z!get_machine_id.._generate) _machine_id)r@rrrget_machine_id0s   E rBc@s"eZdZdZddZdS) _ConsoleFramez]Helper class so that we can reuse the frame console code for the standalone console. cCst||_d|_dS)Nr)r consoleid)self namespacerrr__init__sz_ConsoleFrame.__init__N)__name__ __module__ __qualname____doc__rHrrrrrCs rCc sKtjjd}d}d|dkr.dS|dk rm|jddjrmd|krg|}n|t|d|jj}ytj }Wnt t fk rd}YnXt j j|}||t|d|jjt|ddg}ttjtg}tj}xKt||D]:} | s>q/t| tr\| jd } |j| q/W|jd d |jdd } dkr|jd dt|jddd|dkrAxbdD]TtdkrdjfddtdtD}PqW}|| fS)aQGiven an application object this returns a semi-stable 9 digit pin code and a random key. The hope is that this is stable between restarts to not make debugging particularly frustrating. If the pin was forcefully disabled this returns `None`. Second item in the resulting tuple is the cookie name for remembering. ZWERKZEUG_DEBUG_PINNoff-rJrI__file__zutf-8s cookiesaltZ__wzdspinsaltz%09d rc3s/|]%}||jdVqdS)0N)rjust).0x) group_sizenumrr sz*get_pin_and_cookie_name..)NN)rTrUrV)osenvirongetrisdigitgetattr __class__rJgetpassgetuserr2KeyErrorsysmodulesrIstruuidgetnoderBrrrrrrupdaterintlenrrange) apprrvmodnameusernamemodZprobably_public_bitsZ private_bitshbitZ cookie_namer)r[r\rget_pin_and_cookie_namesR $       #  rwc @seZdZdZdddddddddZed d Zejd d Zed d ZddZ ddZ ddZ ddZ ddZ ddZddZddZddZd d!ZdS)"DebuggedApplicationaEnables debugging support for a given application:: from werkzeug.debug import DebuggedApplication from myapp import app app = DebuggedApplication(app, evalex=True) The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. :param request_key: The key that points to the request object in ths environment. This parameter is ignored in current versions. :param console_path: the URL for a general purpose console. :param console_init_func: the function that is executed before starting the general purpose console. The return value is used as initial namespace. :param show_hidden_frames: by default hidden traceback frames are skipped. You can show them by setting this parameter to `True`. :param pin_security: can be used to disable the pin based security system. :param pin_logging: enables the logging of the pin system. Fzwerkzeug.requestz/consoleNTc Cs|s d}||_||_i|_i|_||_||_||_||_td|_ d|_ ||_ |rt j jddkr|rtdd|jdkrtddqtdd |jn d|_dS) NrQrZWERKZEUG_RUN_MAINtruewarningz * Debugger is active!z- * Debugger PIN disabled. DEBUGGER UNSECURED!infoz * Debugger PIN: %s)rpevalexframes tracebacks request_key console_pathconsole_init_funcshow_hidden_framesr secret_failed_pin_auth pin_loggingr^r_r`rr) rFrpr|rrrrZ pin_securityrrrrrHs(            zDebuggedApplication.__init__cCs1t|ds*t|j\|_|_|jS)N_pin)hasattrrwrpr _pin_cookie)rFrrrrszDebuggedApplication.pincCs ||_dS)N)r)rFr<rrrr!scCs1t|ds*t|j\|_|_|jS)zThe name of the pin cookie.r)rrwrprr)rFrrrpin_cookie_name%sz#DebuggedApplication.pin_cookie_nameccsad}yE|j||}x|D] }|Vq"Wt|drJ|jWntk r\t|drt|jtddd|jdd}x!|jD]}||j|jd|krBdS|jdd\}}|jsjdS|t|jkrdStjtt |kS)a!Checks if the request passed the pin test. This returns `True` if the request is trusted on a pin/cookie basis and returns `False` if not. Additionally if the cookie's stored pin hash is wrong it will return `None` so that appropriate action can be taken. NT|Fr ) rrr`rsplitrartimePIN_TIMErm)rFr_valtsZpin_hashrrrrs z#DebuggedApplication.check_pin_trustcCs5tj|jdkrdnd|jd7_dS)NrTg@g?r )rsleepr)rFrrr_fail_pin_auths"z"DebuggedApplication._fail_pin_authcCsGd}d}|j|j}d}|dkrC|jd}n|rRd}ns|jdkrjd}n[|jjd}|jjdd|jjddkrd|_d}n |jt t j d |d |id d }|r-|j |j d ttjt|jfddn|rC|j|j |S)zAuthenticates with the pin.FNT rrNrOrauth exhaustedrzapplication/jsonz%s|%shttponly)rr_rrargsr`r)rrrrr set_cookierrmrrZ delete_cookie)rFrrrtrust bad_cookieZ entered_pinrqrrrpin_auths6     -    % zDebuggedApplication.pin_authcCsC|jr9|jdk r9tddtdd|jtdS)zLog the pin if needed.Nr{z= * To enable the debugger you need to enter the security pin:z * Debugger pin code: %srO)rrrr)rFrrrlog_pin_requests  z#DebuggedApplication.log_pin_requestc Cst|}|j}|jjddkr|jjd}|jjd}|jjd}|jj|jjddt}|jj|jjddt} |d kr|r|j||}q|d kr|d k r||jkr|j ||}q|d kr;||jkr;|j |}q|d kre||jkre|j }q|j r|d k r| d k r|j|kr|j |r|j||| }n9|j r|jd k r|j|jkr|j|}|||S)zDispatch the requests.Z __debugger__yescmdr;stbtypeZfrmresourcerNZpinauthZprintpin)Requestrrr`r~rmr}rrrrrr|rrrpathr) rFr_rrresponserargrrrrrr__call__s6  $$'    zDebuggedApplication.__call__)rIrJrKrLrHpropertyrsetterrrrrrrrrrrrrrrrrxs*  1      / rxiiQi: )*rLrdrrrr^rr.rgrrj itertoolsros.pathrr_compatrZ _internalrhttprsecurityr Zwrappersr rr rrDr ZtbtoolsrrrrrArBobjectrCrwrxrrrr s:            O S