Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cubicweb/pyramid/debug_source_code.py
changeset 12773 3a38f779bed5
parent 12772 a2b8c201727f
child 12774 e6bf15a69ea0
equal deleted inserted replaced
12772:a2b8c201727f 12773:3a38f779bed5 
    31 from cubicweb.misc.source_highlight import highlight_html, generate_css, has_pygments
 
    31 from cubicweb.misc.source_highlight import highlight_html, generate_css, has_pygments
 
    32 
    32 
    33 
    33 
    34 DEBUG_DISPLAY_SOURCE_CODE_PATH = '_debug_display_source_code'
 
    34 DEBUG_DISPLAY_SOURCE_CODE_PATH = '_debug_display_source_code'
 
    35 
    35 
       
    36 FILES_WHITE_LIST = set()
 
       
    37 
    36 
    38 
    37 def source_code_url(object_or_class):
 
    39 def source_code_url(object_or_class):
 
    38     if object_or_class is None:
 
    40     if object_or_class is None:
 
    39         return ""
 
    41         return ""
 
    40 
    42 
    44     try:
 
    46     try:
 
    45         file_path = inspect.getsourcefile(object_or_class)
 
    47         file_path = inspect.getsourcefile(object_or_class)
 
    46     except TypeError:
 
    48     except TypeError:
 
    47         logging.debug("Error while trying to source code of '%s'" % object_or_class)
 
    49         logging.debug("Error while trying to source code of '%s'" % object_or_class)
 
    48         return ""
 
    50         return ""
 
       
    51 
       
    52     FILES_WHITE_LIST.add(file_path)
 
    49 
    53 
    50     try:
 
    54     try:
 
    51         source_code, line = inspect.getsourcelines(object_or_class)
 
    55         source_code, line = inspect.getsourcelines(object_or_class)
 
    52     except OSError:  # when we couldn't read the source code/line
 
    56     except OSError:  # when we couldn't read the source code/line
 
    53         return '<a href="../%s?file=%s" target="_blank">&lt;&gt;</a>' % (
 
    57         return '<a href="../%s?file=%s" target="_blank">&lt;&gt;</a>' % (
 
    79     source_code_file = request.params["file"]
 
    83     source_code_file = request.params["file"]
 
    80 
    84 
    81     if not os.path.exists(source_code_file):
 
    85     if not os.path.exists(source_code_file):
 
    82         return Response("Error: file '%s' doesn't exist on the filesystem." % source_code_file)
 
    86         return Response("Error: file '%s' doesn't exist on the filesystem." % source_code_file)
 
    83 
    87 
       
    88     # security
 
       
    89     if source_code_file not in FILES_WHITE_LIST:
 
       
    90         return Response("Error: access to file is not authorized")
 
       
    91 
    84     try:
 
    92     try:
 
    85         content = open(source_code_file, "r").read()
 
    93         content = open(source_code_file, "r").read()
 
    86     except Exception as e:
 
    94     except Exception as e:
 
    87         return Response("Error: while opening file '%s' got the error: %s" % (source_code_file, e))
 
    95         return Response("Error: while opening file '%s' got the error: %s" % (source_code_file, e))
 
    88 
    96
cubicweb