U HaF@sUddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z ddlmZddlmZddlmZddlmZddlmZdd lmZdd lmZd d lmZd d lmZd dlmZd dlm Z d dlm!Z!e j"r"ddl#m$Z$ddl#m%Z%ddl#m&Z&dZ'e(e(dddZ)da*e j+e j,e(e-fe.d<e j+e j,e(e-fdddZ/GdddZ0de j,e j1e(e(fe j1dfd d!d"Z2Gd#d$d$Z3dS)%N)chain)basename)join)_log) parse_cookie)gen_salt)Request)Response)Console)Frame)get_current_traceback)render_console_html) Traceback) StartResponse)WSGIApplication)WSGIEnvironmenti: )pinreturncCs$t|dddddS)Nz added saltutf-8replace )hashlibsha1encode hexdigest)rr;/tmp/pip-unpacked-wheel-ub1y1qyw/werkzeug/debug/__init__.pyhash_pin$sr _machine_idrcCs4tdk r tStjtjttfddd}|atS)Nr!c Ssd}dD]T}z&t|d}|}W5QRXWntk rJYqYnX|r||7}q^qz4tdd }||dd7}W5QRXWntk rYnX|r|SzTddlm}m}|d d d d d g|dd}t d|}|dk r| dWSWntt fk rYnXz ddl }Wnt k rBYnXzl||jdd|j|jBH} || d\} } | |jkr| dW5QRWS| W5QRWSQRXWntk rYnXdS)N)z/etc/machine-idz/proc/sys/kernel/random/boot_idrbz/proc/self/cgroup/rr)PopenPIPEZioregz-cZIOPlatformExpertDevicez-d2)stdouts"serial-number" = <([^>]+)r zSOFTWARE\Microsoft\CryptographyZ MachineGuidr)openreadlinestripOSError rpartition subprocessr%r& communicateresearchgroup ImportErrorwinregOpenKeyHKEY_LOCAL_MACHINEZKEY_READZKEY_WOW64_64KEY QueryValueExREG_SZr) linuxfilenamefvaluer%r&dumpmatchr4ZrkZguidZ guid_typerrr _generate1sb   (      z!get_machine_id.._generate)r tOptionalUnionstrbytes)r?rrrget_machine_id+s ErEc@s*eZdZdZejeejfdddZdS) _ConsoleFramez]Helper class so that we can reuse the frame console code for the standalone console. ) namespacecCst||_d|_dS)Nr)r consoleid)selfrGrrr__init__s z_ConsoleFrame.__init__N) __name__ __module__ __qualname____doc__r@DictrCAnyrKrrrrrFzsrFrNN)apprc stjd}d}d|dkr dS|dk rJ|ddrJd|krF|}n|t|dtt|j j }z t }Wnt tfk rd}YnXtj|}||t|dt|jt|d dg}tttg}t}t||D](} | sqt| tr| d } || q|d d |dd } dkrV|dt|dddd|dkrdD]Dtdkrdd fddt!dtD}qqd}|| fS)aQGiven an application object this returns a semi-stable 9 digit pin code and a random key. The hope is that this is stable between restarts to not make debugging particularly frustrating. If the pin was forcefully disabled this returns `None`. Second item in the resulting tuple is the cookie name for remembering. ZWERKZEUG_DEBUG_PINNoffrR-rMrL__file__rs cookiesaltZ__wzdspinsaltZ09d )rc3s&|]}||dVqdS)0N)rjust).0xZ group_sizenumrr sz*get_pin_and_cookie_name..)"osenvirongetrisdigitgetattrr@castobject __class__rMgetpassgetuserr3KeyErrorsysmodulestyperLrCuuidZgetnoderErrr isinstancerupdaterintlenrrange) rSrrvmodnameusernamemodZprobably_public_bitsZ private_bitshbitZ cookie_namerrbrget_pin_and_cookie_namesT              rc @sPeZdZUdZeed<eed<d-d eeeejej gej eej ffeeedd d d Z e ejed ddZejeddddZe ed ddZddejedddZeeejeefedddZeedddZeeedd d!Zdejed"d#d$Zdd d%d&Zeedd'd(Zed d)d*Zddej edd+d,Z!dS).DebuggedApplicationaEnables debugging support for a given application:: from werkzeug.debug import DebuggedApplication from myapp import app app = DebuggedApplication(app, evalex=True) The `evalex` keyword argument allows evaluating expressions in a traceback's frame context. :param app: the WSGI application to run debugged. :param evalex: enable exception evaluation feature (interactive debugging). This requires a non-forking server. :param request_key: The key that points to the request object in ths environment. This parameter is ignored in current versions. :param console_path: the URL for a general purpose console. :param console_init_func: the function that is executed before starting the general purpose console. The return value is used as initial namespace. :param show_hidden_frames: by default hidden traceback frames are skipped. You can show them by setting this parameter to `True`. :param pin_security: can be used to disable the pin based security system. :param pin_logging: enables the logging of the pin system. _pin _pin_cookieFwerkzeug.request/consoleNTr) rSevalex request_key console_pathconsole_init_funcshow_hidden_frames pin_security pin_loggingrc Cs|sd}||_||_i|_i|_||_||_||_||_td|_ d|_ ||_ |rt j ddkr|rtdd|jdkrtddqtdd |jnd|_dS) NrXrZWERKZEUG_RUN_MAINtruewarningz * Debugger is active!z- * Debugger PIN disabled. DEBUGGER UNSECURED!infoz * Debugger PIN: %s)rSrframes tracebacksrrrrrsecret_failed_pin_authrrerfrgrr) rJrSrrrrrrrrrrrKs(     zDebuggedApplication.__init__r!cCs&t|ds t|j}|\|_|_|jS)NrhasattrrrSrrrJZ pin_cookierrrrs   zDebuggedApplication.pin)r<rcCs ||_dS)N)r)rJr<rrrr#scCs&t|ds t|j}|\|_|_|jS)zThe name of the pin cookie.rrrrrrpin_cookie_name's   z#DebuggedApplication.pin_cookie_namerr)rfstart_responserc csd}z,|||}|EdHt|dr.|Wntk rt|drR|td|jdd}|jD]}||j|j<qh||j|j<z|dddgWn"tk r|d  d Yn.Xt | |}|j |j ||jd d d V||d YnXdS)z6Run the application and conserve the traceback frames.Ncloser T)skiprZignore_system_exceptionsz500 INTERNAL SERVER ERROR)z Content-Typeztext/html; charset=utf-8)zX-XSS-Protectionr^z wsgi.errorszpDebugging middleware caught exception in streamed response at a point where response headers were already sent. )revalex_trustedrrr)rSrr ExceptionrrrrIrwriteboolcheck_pin_trustZ render_fullrrrlog)rJrfrZapp_iter tracebackframe is_trustedrrrdebug_application/sL         z%DebuggedApplication.debug_application)requestcommandrrcCst|j|ddS)zExecute a command in a console. text/htmlmimetype)r rHeval)rJrrrrrrexecute_commandasz#DebuggedApplication.execute_command)rrcCshd|jkrB|jdkri}n t|}|d|jt||jd<t||j}t t |j |dddS)zDisplay a standalone shell.rNrS)rrrr) rrdict setdefaultrSrFrrrfr rr)rJrnsrrrrdisplay_consolegs    z#DebuggedApplication.display_console)rr:rcCsjtdt|}ztt|}Wntk r6d}YnX|dk r^t|dpPd}t||dStdddS) z0Return a static resource from the shared folder.ZsharedNrzapplication/octet-streamrz Not Foundi)status) rrpkgutilget_data __package__r, mimetypes guess_typer )rJrr:datarrrr get_resourcevs  z DebuggedApplication.get_resource)rfrcCsp|jdkrdSt||j}|r*d|kr.dS|dd\}}|sJdS|t|jkr\dSttt |kS)a!Checks if the request passed the pin test. This returns `True` if the request is trusted on a pin/cookie basis and returns `False` if not. Additionally if the cookie's stored pin hash is wrong it will return `None` so that appropriate action can be taken. NT|Fr ) rrrgrsplitrhrtimePIN_TIMErv)rJrfvaltsZpin_hashrrrrs  z#DebuggedApplication.check_pin_trustcCs*t|jdkrdnd|jd7_dS)Nr[g@g?r )rsleeprrJrrr_fail_pin_authsz"DebuggedApplication._fail_pin_authc Csd}d}||j}tt|j}d}|dkr<|d}nT|rFd}nJ|jdkrVd}n:|jd}| dd| ddkrd|_d}n|t t ||d d d }|r|j|jttd t|dd dn|r||j|S)zAuthenticates with the pin.FNT rrUrVr)auth exhaustedzapplication/jsonrrNone)httponlysamesite)rrfr@rjrCrrrargsr+rr jsondumps set_cookierrvrrZ delete_cookie) rJrrrtrustr bad_cookieZ entered_pinryrrrpin_auths>    zDebuggedApplication.pin_authcCs0|jr(|jdk r(tddtdd|jtdS)zLog the pin if needed.Nrz= * To enable the debugger you need to enter the security pin:z * Debugger pin code: %srV)rrrr rrrrlog_pin_requestsz#DebuggedApplication.log_pin_requestc Cst|}|j}|jddkr|jd}|jd}|jd}|j|jjdtd}|dkrt|rt|||}nr|d kr||jkr||}nT|d kr||jkr| }n8|j r|d k r|d k r|j|kr| |r| |||}n,|j r|j d k r|j|j kr||}|||S) zDispatch the requests.Z __debugger__yescmdr;sfrm)rrresourceZpinauthZprintpinN)r rrrgrrvrrrrrrrrpathr) rJrfrrresponserargrrrrr__call__s@        zDebuggedApplication.__call__)FrrNFTT)"rLrMrNrOrC__annotations__rr@rACallablerPrQrKpropertyrsetterrIteratorrDrr rBr rFr rrrrrrrIterablerrrrrrs\  $ 3   2 r)4rmrrrrerr0rprtypingr@rs itertoolsros.pathrr _internalrhttprsecurityrZwrappers.requestr Zwrappers.responser rHr Ztbtoolsr rrr TYPE_CHECKINGZ_typeshed.wsgirrrrrCrr rArBrDrrErFTuplerrrrrrsJ                O  V