1# Copyright 2015 The Chromium Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5"""A helper request handler for request handlers that receive data.""" 6 7import logging 8 9from dashboard import request_handler 10from dashboard import utils 11 12 13class PostDataHandler(request_handler.RequestHandler): 14 """Helper class to handle common functionality for dealing with slaves.""" 15 16 def post(self): 17 """Checks the IP of the request against the white list. 18 19 Real sub-class handlers should override this and use 20 _CheckIpAgainstWhitelist; this is provided here for convenience in tests. 21 """ 22 self._CheckIpAgainstWhitelist() 23 24 def _CheckIpAgainstWhitelist(self): 25 """Checks the remote address of the request against the IP whitelist. 26 27 Returns: 28 True if whitelisted, False otherwise. 29 """ 30 whitelist = utils.GetIpWhitelist() 31 if not whitelist or self.request.remote_addr in whitelist: 32 return True 33 # Try to log some info about the post data that is not whitelisted. 34 # This could be totally bogus data, so ignore huge postdata and swallow 35 # exceptions. 36 try: 37 data_param = self.request.get('data') 38 if data_param and len(data_param) < 10000: 39 # Log the start of the data; it may give clues about who is sending 40 # the data and who to contact. 41 logging.warn('Received data: %s...', data_param[:200]) 42 except Exception: # pylint: disable=broad-except 43 pass 44 self.ReportError( 45 'IP address %s not in IP whitelist!' % self.request.remote_addr, 403) 46 return False 47