upstream/ipython Commit - r19156:d3e620f5

1

"""Tornado handlers for security logging."""

1

"""Tornado handlers for security logging."""

2

3

# Copyright (c) IPython Development Team.

3

# Copyright (c) IPython Development Team.

4

# Distributed under the terms of the Modified BSD License.

4

# Distributed under the terms of the Modified BSD License.

5

6

from tornado import gen, web

6

from tornado import gen, web

7

8

from ...base.handlers import IPythonHandler, json_errors

8

from ...base.handlers import IPythonHandler, json_errors

9

from . import csp_report_uri

9

from . import csp_report_uri

10

11

class CSPReportHandler(IPythonHandler):

11

class CSPReportHandler(IPythonHandler):

12

'''Accepts a content security policy violation report'''

12

'''Accepts a content security policy violation report'''

13

@web.authenticated

13

@web.authenticated

14

@json_errors

14

@json_errors

15

def post(self):

15

def post(self):

16

'''Log a content security policy violation report'''

16

'''Log a content security policy violation report'''

17

csp_report = self.get_json_body()

17

csp_report = self.get_json_body()

18

self.log.warn(csp_report)

18

self.log.warn("Content security violation: %s",

19

self.request.body.decode('utf8', 'replace'))

19

20

default_handlers = [

21

default_handlers = [

21

(csp_report_uri, CSPReportHandler)

22

(csp_report_uri, CSPReportHandler)

22

]

23

]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             """Tornado handlers for security logging."""
             # Copyright (c) IPython Development Team.
             # Distributed under the terms of the Modified BSD License.
             from tornado import gen, web
             from ...base.handlers import IPythonHandler, json_errors
             from . import csp_report_uri
             class CSPReportHandler(IPythonHandler):
                 '''Accepts a content security policy violation report'''
                 @web.authenticated
                 @json_errors
                 def post(self):
                     '''Log a content security policy violation report'''
                     csp_report = self.get_json_body()
-                    self.log.warn(csp_report)
+                    self.log.warn("Content security violation: %s",
+                                  self.request.body.decode('utf8', 'replace'))
             default_handlers = [
                 (csp_report_uri, CSPReportHandler)
             ]