ih JSSKJr SSKJr Sr"SS\5r"SS5rg) ) HiddenField)ValidationError)CSRFTokenFieldCSRFcN^\rSrSrSrSrU4SjrSrSrSr U4Sjr S r U=r $) ra) A subclass of HiddenField designed for sending the CSRF token that is used for most CSRF protection schemes. Notably different from a normal field, this field always renders the current token regardless of the submitted value, and also will not be populated over to object data via populate_obj NcR>URS5Ul[TU] "U0UD6 g)N csrf_impl)popr super__init__)selfargskw __class__s T/home/kali/devsecops-assessor/venv/lib/python3.13/site-packages/wtforms/csrf/core.pyr CSRFTokenField.__init__s% , $%"%cUR$)zm We want to always return the current token on render, regardless of whether a good or bad token was passed. ) current_token)rs r_valueCSRFTokenField._values !!!rcg)z, Don't populate objects with the CSRF token N)rrs r populate_objCSRFTokenField.populate_objs rc:URRX5 g)z( Handle validation of this token field. N)r validate_csrf_token)rforms r pre_validateCSRFTokenField.pre_validate$s **46rcf>[TU]"U0UD6 URRU5Ulg)N)r processr generate_csrf_tokenr)rrkwargsrs rr#CSRFTokenField.process*s+ ((!^^??Er)r r) __name__ __module__ __qualname____firstlineno____doc__rr rrr r#__static_attributes__ __classcell__)rs@rrrs/M&" 7 FFrrc*\rSrSr\rSrSrSrSr g)r/cZURnURnURSUS9nX44/$)av Receive the form we're attached to and set up fields. The default implementation creates a single field of type :attr:`field_class` with name taken from the ``csrf_field_name`` of the class meta. :param form: The form instance we're attaching to. :return: A sequence of `(field_name, unbound_field)` 2-tuples which are unbound fields to be added to the form. z CSRF Token)labelr )metacsrf_field_name field_class)rrr2 field_name unbound_fields r setup_formCSRF.setup_form2s9yy)) ((|t(L +,,rc[5e)a Implementations must override this to provide a method with which one can get a CSRF token for this form. A CSRF token is usually a string that is generated deterministically based on some sort of user data, though it can be anything which you can validate on a subsequent request. :param csrf_token_field: The field which is being used for CSRF. :return: A generated CSRF string. )NotImplementedError)rcsrf_token_fields rr$CSRF.generate_csrf_tokenEs "##rclURUR:wa[URS55eg)a Override this method to provide custom CSRF validation logic. The default CSRF validation logic simply checks if the recently generated token equals the one we received as formdata. :param form: The form which has this CSRF token. :param field: The CSRF token field. zInvalid CSRF Token.N)rdatargettext)rrfields rrCSRF.validate_csrf_tokenUs0   %** ,!%--0E"FG G -rrN) r'r(r)r*rr4r7r$rr,rrrrr/s K-&$ HrrN)wtforms.fieldsrwtforms.validatorsr__all__rrrrrrEs+&. $%F[%FP1H1Hr