diff --git a/config b/config index 4cab70c6..743bc93e 100644 --- a/config +++ b/config @@ -120,6 +120,9 @@ # Don't include passwords in logs #mask_passwords = True +# Log bad PUT request content +#bad_put_request_content = False + [headers] diff --git a/radicale/app/__init__.py b/radicale/app/__init__.py index 37ab6a5e..27465794 100644 --- a/radicale/app/__init__.py +++ b/radicale/app/__init__.py @@ -3,6 +3,7 @@ # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2017-2019 Unrud +# Copyright © 2024-2024 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -80,6 +81,7 @@ class Application(ApplicationPartDelete, ApplicationPartHead, """ super().__init__(configuration) self._mask_passwords = configuration.get("logging", "mask_passwords") + self._bad_put_request_content = configuration.get("logging", "bad_put_request_content") self._auth_delay = configuration.get("auth", "delay") self._internal_server = configuration.get("server", "_internal_server") self._max_content_length = configuration.get( diff --git a/radicale/app/base.py b/radicale/app/base.py index e946bffc..55e8e191 100644 --- a/radicale/app/base.py +++ b/radicale/app/base.py @@ -1,5 +1,6 @@ # This file is part of Radicale - CalDAV and CardDAV server # Copyright © 2020 Unrud +# Copyright © 2024-2024 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -48,6 +49,7 @@ class ApplicationBase: self._rights = rights.load(configuration) self._web = web.load(configuration) self._encoding = configuration.get("encoding", "request") + self._log_bad_put_request_content = configuration.get("logging", "bad_put_request_content") self._hook = hook.load(configuration) def _read_xml_request_body(self, environ: types.WSGIEnviron diff --git a/radicale/app/put.py b/radicale/app/put.py index ec433db2..d013c5d5 100644 --- a/radicale/app/put.py +++ b/radicale/app/put.py @@ -3,6 +3,7 @@ # Copyright © 2008 Pascal Halter # Copyright © 2008-2017 Guillaume Ayoub # Copyright © 2017-2018 Unrud +# Copyright © 2024-2024 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -146,6 +147,8 @@ class ApplicationPartPut(ApplicationBase): except Exception as e: logger.warning( "Bad PUT request on %r (read_components): %s", path, e, exc_info=True) + if self._log_bad_put_request_content: + logger.warning("Bad PUT request content of %r:\n%s", path, content) return httputils.BAD_REQUEST (prepared_items, prepared_tag, prepared_write_whole_collection, prepared_props, prepared_exc_info) = prepare( diff --git a/radicale/config.py b/radicale/config.py index b1aa9bf6..4cf3e2ce 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -3,6 +3,7 @@ # Copyright © 2008 Nicolas Kandel # Copyright © 2008 Pascal Halter # Copyright © 2017-2019 Unrud +# Copyright © 2024-2024 Peter Bieringer # # This library is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -247,6 +248,10 @@ DEFAULT_CONFIG_SCHEMA: types.CONFIG_SCHEMA = OrderedDict([ "value": "info", "help": "threshold for the logger", "type": logging_level}), + ("bad_put_request_content", { + "value": "False", + "help": "log bad PUT request content", + "type": bool}), ("mask_passwords", { "value": "True", "help": "mask passwords in logs", diff --git a/setup.py b/setup.py index e6b8b91d..f5d906a2 100644 --- a/setup.py +++ b/setup.py @@ -40,7 +40,7 @@ install_requires = ["defusedxml", "passlib", "vobject>=0.9.6", "pika>=1.1.0", "setuptools; python_version<'3.9'"] bcrypt_requires = ["bcrypt"] -test_requires = ["pytest>=7", "typeguard>=4", "waitress", *bcrypt_requires] +test_requires = ["pytest>=7", "typeguard<4.3", "waitress", *bcrypt_requires] setup( name="Radicale",