Fix OWASP-BLT#428: Added debug toolbar for debugging. (OWASP-BLT#430)

* Added debug toolbar for debugging. OWASP-BLT#428

* Minor changes.

* Minor changes.

* Minor changes.

* Minor changes.

bugheist/settings.py

@@ -10,9 +10,10 @@
 """
 
 import os
+import sys
+
 import dj_database_url
 from django.http import Http404
-import sys
 from django.utils.translation import ugettext_lazy as _
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
@@ -67,8 +68,36 @@
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'rollbar.contrib.django.middleware.RollbarNotifierMiddleware',
+    'debug_toolbar.middleware.DebugToolbarMiddleware',
 )
 
+TESTING = len(sys.argv) > 1 and sys.argv[1] == 'test'
+
+if DEBUG and not TESTING:
+    DEBUG_TOOLBAR_PANELS = [
+        'debug_toolbar.panels.versions.VersionsPanel',
+        'debug_toolbar.panels.timer.TimerPanel',
+        'debug_toolbar.panels.settings.SettingsPanel',
+        'debug_toolbar.panels.headers.HeadersPanel',
+        'debug_toolbar.panels.request.RequestPanel',
+        'debug_toolbar.panels.sql.SQLPanel',
+        'debug_toolbar.panels.staticfiles.StaticFilesPanel',
+        'debug_toolbar.panels.templates.TemplatesPanel',
+        'debug_toolbar.panels.cache.CachePanel',
+        'debug_toolbar.panels.signals.SignalsPanel',
+        'debug_toolbar.panels.logging.LoggingPanel',
+        'debug_toolbar.panels.redirects.RedirectsPanel',
+    ]
+
+    DEBUG_TOOLBAR_CONFIG = {
+        'INTERCEPT_REDIRECTS': False,
+        "SHOW_TOOLBAR_CALLBACK": lambda request: True,
+    }
+
+    INSTALLED_APPS += ('debug_toolbar',)
+
+    MIDDLEWARE_CLASSES += ('rollbar.contrib.django.middleware.RollbarNotifierMiddleware',)
+
 ROOT_URLCONF = 'bugheist.urls'
 
 TEMPLATES = [

bugheist/urls.py

@@ -1,66 +1,73 @@
-import website.views
-import comments.views
-from django.conf.urls import include, url
 from django.conf import settings
+from django.conf.urls import include, url
+from django.conf.urls.static import static
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
+from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView
+from django.views.generic.base import RedirectView
+
+import comments.views
+import website.views
 from website.views import (UserProfileDetailView, IssueCreate, UploadCreate, EmailDetailView,
                            InboundParseWebhookView, LeaderboardView, IssueView, AllIssuesView,
                            HuntCreate, DomainDetailView, StatsDetailView, InviteCreate, CreateInviteFriend,
                            ScoreboardView)
-from django.contrib.auth.decorators import login_required
-from django.views.generic.base import RedirectView
-from django.conf.urls.static import static
-from django.views.decorators.csrf import csrf_exempt
 
 favicon_view = RedirectView.as_view(url='/static/favicon.ico', permanent=True)
 
 admin.autodiscover()
 
-
 urlpatterns = [
-    url(r'^$', website.views.index, name='index'),
-    url(r'^' + settings.ADMIN_URL + '/', include(admin.site.urls)),
-    url(r'^issue/edit/$', website.views.IssueEdit),
-    url(r'^issue/update/$', website.views.UpdateIssue),
-    url(r'^issue/(?P<slug>\w+)/$', IssueView.as_view(), name="issue_view"),
-    url(r'^all_activity/$', AllIssuesView.as_view(), name="all_activity"),
-    url(r'^leaderboard/$', LeaderboardView.as_view(), name="leaderboard"),
-    url(r'^scoreboard/$', ScoreboardView.as_view(), name="scoreboard"),
-    url(r'^issue/$', IssueCreate.as_view(), name="issue"),
-    url(r'^upload/(?P<time>[^/]+)/(?P<hash>[^/]+)/',
-        UploadCreate.as_view(), name="upload"),
-    url(r'^profile/(?P<slug>[^/]+)/$',
-        UserProfileDetailView.as_view(), name="profile"),
-    url(r'^domain/(?P<slug>[^/]+)/$',
-        DomainDetailView.as_view(), name="domain"),
-    url(r'^email/(?P<slug>[^/]+)/$', EmailDetailView.as_view(), name="email"),
-    url(r'^.well-known/acme-challenge/(?P<token>[^/]+)/$',
-        website.views.find_key, name="find_key"),
-    url(r'^accounts/profile/', website.views.profile),
-    url(r'^delete_issue/(?P<id>\w+)/$', website.views.delete_issue),
-    url(r'^accounts/', include('allauth.urls')),
-    url(r'^start/$', TemplateView.as_view(template_name="hunt.html")),
-    url(r'^hunt/$', login_required(HuntCreate.as_view()), name="hunt"),
-    url(r'^invite/$', InviteCreate.as_view(template_name="invite.html")),
-    url(r'^invite-friend/$', login_required(CreateInviteFriend.as_view()),
-        name='invite_friend'),
-    url(r'^terms/$', TemplateView.as_view(template_name="terms.html")),
-    url(r'^about/$', TemplateView.as_view(template_name="about.html")),
-    url(r'^stats/$', StatsDetailView.as_view()),
-    url(r'^favicon\.ico$', favicon_view),
-    url(r'^sendgrid_webhook/$', csrf_exempt(InboundParseWebhookView.as_view()),
-        name='inbound_event_webhook_callback'),
-    url(r'^issue/comment/add/$', comments.views.add_comment, name='add_comment'),
-    url(r'^issue/comment/delete/$',
-        comments.views.delete_comment, name='delete_comment'),
-    url(r'^comment/autocomplete/$',
-        comments.views.autocomplete, name='autocomplete'),
-    url(r'^issue/(?P<pk>\d+)/comment/edit/$',
-        comments.views.edit_comment, name='edit_comment'),
-    url(r'^social/$', TemplateView.as_view(template_name="social.html")),
-    url(r'^search/$', website.views.search),
-    url(r'^report/$', TemplateView.as_view(template_name="report.html")),
-    url(r'^i18n/', include('django.conf.urls.i18n')),
-    url(r'^domain_check/$', website.views.domain_check),
-] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+                  url(r'^$', website.views.index, name='index'),
+                  url(r'^' + settings.ADMIN_URL + '/', include(admin.site.urls)),
+                  url(r'^issue/edit/$', website.views.IssueEdit),
+                  url(r'^issue/update/$', website.views.UpdateIssue),
+                  url(r'^issue/(?P<slug>\w+)/$', IssueView.as_view(), name="issue_view"),
+                  url(r'^all_activity/$', AllIssuesView.as_view(), name="all_activity"),
+                  url(r'^leaderboard/$', LeaderboardView.as_view(), name="leaderboard"),
+                  url(r'^scoreboard/$', ScoreboardView.as_view(), name="scoreboard"),
+                  url(r'^issue/$', IssueCreate.as_view(), name="issue"),
+                  url(r'^upload/(?P<time>[^/]+)/(?P<hash>[^/]+)/',
+                      UploadCreate.as_view(), name="upload"),
+                  url(r'^profile/(?P<slug>[^/]+)/$',
+                      UserProfileDetailView.as_view(), name="profile"),
+                  url(r'^domain/(?P<slug>[^/]+)/$',
+                      DomainDetailView.as_view(), name="domain"),
+                  url(r'^email/(?P<slug>[^/]+)/$', EmailDetailView.as_view(), name="email"),
+                  url(r'^.well-known/acme-challenge/(?P<token>[^/]+)/$',
+                      website.views.find_key, name="find_key"),
+                  url(r'^accounts/profile/', website.views.profile),
+                  url(r'^delete_issue/(?P<id>\w+)/$', website.views.delete_issue),
+                  url(r'^accounts/', include('allauth.urls')),
+                  url(r'^start/$', TemplateView.as_view(template_name="hunt.html")),
+                  url(r'^hunt/$', login_required(HuntCreate.as_view()), name="hunt"),
+                  url(r'^invite/$', InviteCreate.as_view(template_name="invite.html")),
+                  url(r'^invite-friend/$', login_required(CreateInviteFriend.as_view()),
+                      name='invite_friend'),
+                  url(r'^terms/$', TemplateView.as_view(template_name="terms.html")),
+                  url(r'^about/$', TemplateView.as_view(template_name="about.html")),
+                  url(r'^stats/$', StatsDetailView.as_view()),
+                  url(r'^favicon\.ico$', favicon_view),
+                  url(r'^sendgrid_webhook/$', csrf_exempt(InboundParseWebhookView.as_view()),
+                      name='inbound_event_webhook_callback'),
+                  url(r'^issue/comment/add/$', comments.views.add_comment, name='add_comment'),
+                  url(r'^issue/comment/delete/$',
+                      comments.views.delete_comment, name='delete_comment'),
+                  url(r'^comment/autocomplete/$',
+                      comments.views.autocomplete, name='autocomplete'),
+                  url(r'^issue/(?P<pk>\d+)/comment/edit/$',
+                      comments.views.edit_comment, name='edit_comment'),
+                  url(r'^social/$', TemplateView.as_view(template_name="social.html")),
+                  url(r'^search/$', website.views.search),
+                  url(r'^report/$', TemplateView.as_view(template_name="report.html")),
+                  url(r'^i18n/', include('django.conf.urls.i18n')),
+                  url(r'^domain_check/$', website.views.domain_check),
+              ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+
+if settings.DEBUG:
+    import debug_toolbar
+
+    urlpatterns = [
+                      url(r'^__debug__/', include(debug_toolbar.urls)),
+                  ] + urlpatterns

requirements.txt

@@ -37,3 +37,4 @@ Unidecode==0.4.19
 user-agents==1.0.1
 virtualenv==15.0.1
 whitenoise==2.0.6
+django-debug-toolbar==1.8