ih'BSSKrSSKrSSKrSSKrSSKJr SSKJr SSKJr SSKJ r SSKJ r SSKJ r SSK J r SS K Jr SS K Jr SS KJr SS KJr SS KJr Sr\R."\5rSSjrSSjrSSjr"SS\5r"SS5r"SS\5rSr g)N)urlparse) Blueprint) current_app)g)request)session)BadData)SignatureExpired)URLSafeTimedSerializer) BadRequest)ValidationError)CSRF) generate_csrf validate_csrf CSRFProtectcT[US[RSS9n[USSSS9nU[;a|[ USS9nU[ ;a?[ R"[R"S 55R5[ U'UR[ U5n[[X$5 [R"U5$![aZ [ R"[R"S 55R5[ U'UR[ U5nNf=f) aGenerate a CSRF token. The token is cached for a request, so multiple calls to this function will generate the same token. During testing, it might be useful to access the signed token in ``g.csrf_token`` and the raw token in ``session['csrf_token']``. :param secret_key: Used to securely sign the token. Default is ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``. :param token_key: Key where token is stored in session for comparison. Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``. WTF_CSRF_SECRET_KEY%A secret key is required to use CSRF.messageWTF_CSRF_FIELD_NAME csrf_token%A field name is required to use CSRF.wtf-csrf-tokensalt@) _get_configr secret_keyrr rhashlibsha1osurandom hexdigestdumps TypeErrorsetattrget)r token_key field_namestokens Q/home/kali/devsecops-assessor/venv/lib/python3.13/site-packages/flask_wtf/csrf.pyrrs7 J 7 J ":4D E W $"),,rzz"~">"H"H"JGJ  1GGGJ/0E :% 55   1"),,rzz"~">"H"H"JGJ GGGJ/0E 1sCA!D'&D'c[US[RSS9n[USSSS9n[USSS S 9nU(d [S 5eU[;a [S 5e[ US S9nUR XS9n[R"[UU5(d [S5eg![an[S5UeSnAf[an[S5UeSnAff=f)aCheck if the given data is a valid CSRF token. This compares the given signed token to the one stored in the session. :param data: The signed CSRF token to be checked. :param secret_key: Used to securely sign the token. Default is ``WTF_CSRF_SECRET_KEY`` or ``SECRET_KEY``. :param time_limit: Number of seconds that the token is valid. Default is ``WTF_CSRF_TIME_LIMIT`` or 3600 seconds (60 minutes). :param token_key: Key where token is stored in session for comparison. Default is ``WTF_CSRF_FIELD_NAME`` or ``'csrf_token'``. :raises ValidationError: Contains the reason that validation failed. .. versionchanged:: 0.14 Raises ``ValidationError`` with a specific error message rather than returning ``True`` or ``False``. rrrrrrWTF_CSRF_TIME_LIMITF)requiredzThe CSRF token is missing.z"The CSRF session token is missing.rr)max_agezThe CSRF token has expired.NzThe CSRF token is invalid.zThe CSRF tokens do not match.) rrrr rr loadsr r hmaccompare_digest)datar time_limitr)r*r+r,es r-rrBs&7 J 7 J Z)>uUJ :;; BCCz0@AAC1   wz2E : :=>> ; D;URUl[TU] U5$N)metasuper setup_form)selfform __class__s r-rG_FlaskFormCSRF.setup_formsII w!$''r?cf[URRURRS9$)N)rr))rrE csrf_secretcsrf_field_name)rHcsrf_token_fields r-generate_csrf_token"_FlaskFormCSRF.generate_csrf_tokens(yy,, 8Q8Q  r?cR[R"SS5(ag[URURR URR URR5 g![a(n[RURS5 eSnAff=f)N csrf_validFr) rr(rr6rErMcsrf_time_limitrNr loggerinfoargs)rHrIfieldr8s r-validate_csrf_token"_FlaskFormCSRF.validate_csrf_tokensz 55u % %     %% )) ))     KKq "  sAA44 B&>#B!!B&)rE) __name__ __module__ __qualname____firstlineno__rGrPrY__static_attributes__ __classcell__)rJs@r-rArAs( r?rAc@\rSrSrSrS SjrSrSrSrSr S r S r g) ra;Enable CSRF protection globally for a Flask app. :: app = Flask(__name__) csrf = CSRFProtect(app) Checks the ``csrf_token`` field sent with forms, or the ``X-CSRFToken`` header sent with JavaScript requests. Render the token in templates using ``{{ csrf_token() }}``. See the :ref:`csrf` documentation. Ncr[5Ul[5UlU(aURU5 ggrD)set _exempt_views_exempt_blueprintsinit_app)rHapps r-__init__CSRFProtect.__init__s* U"%%  MM#  r?cl^^TTRS'TRRSS5 TRRSS5 [TRR S/SQ55TRS'TRRSS5 TRRS S S /5 TRRS S 5 TRRSS5 [ TR RS'TRS5 TRUU4Sj5ng)NcsrfWTF_CSRF_ENABLEDTWTF_CSRF_CHECK_DEFAULTWTF_CSRF_METHODS)POSTPUTPATCHDELETErrWTF_CSRF_HEADERSz X-CSRFTokenz X-CSRF-Tokenr/r0WTF_CSRF_SSL_STRICTcS[0$)Nr)rr?r-&CSRFProtect.init_app..s |]&Cr?c>TRS(dgTRS(dg[RTRS;ag[R(dgTRR [R 5TR;agTRR [R5nURSUR3nUTR;agTR5 g)Nrmrnro.) r:rmethodendpoint blueprintsr( blueprintrfview_functionsr\r[reprotect)viewdestrhrHs r- csrf_protect*CSRFProtect.init_app..csrf_protects::01::67~~SZZ0B%CC##~~!!'"3"348O8OO%%))'*:*:;Doo&a 7Dt))) LLNr?) extensionsr: setdefaultrdr(r jinja_envglobalscontext_processorbefore_request)rHrhrs`` r-rgCSRFProtect.init_apps!%v 0$7 6=), JJNN-/Q R*  %& 3\B 0=.2QR 3T: 3T:.; l+ CD     r?c[RSn[RR U5nU(aU$[RH9nUR U5(dM[RUnU(dM7Us $ [RSH-n[R R U5nU(dM+Us $ g)Nrrt)rr:rrIr(endswithheaders)rHr* base_tokenkeyr header_names r-_get_csrf_tokenCSRFProtect._get_csrf_tokens ''(=> \\%%j1  <>!3!34F!G G  , $..0 1   !3!34I!J##$$%FG&w||nA6Mw//??$$%LM  , KKq "   + + ,sC$$ D8.AD33D8c[U[5(aURRU5 U$[U[5(aUnO'SR UR UR45nURRU5 U$)zMark a view or blueprint to be excluded from CSRF protection. :: @app.route('/some-view', methods=['POST']) @csrf.exempt def some_view(): ... :: bp = Blueprint(...) csrf.exempt(bp) r{) isinstancerrfaddstrjoinr\r[re)rHr view_locations r-exemptCSRFProtect.exemptsp" dI & &  # # ' ' -K dC  MHHdoot}}%EFM }- r?c[U5erD) CSRFError)rHreasons r-rCSRFProtect._error_response2s r?)rfrerD) r[r\r]r^__doc__rirgrrrrr_rwr?r-rrs& 'R2*: r?rc\rSrSrSrSrSrg)ri6zRaise if the client sends invalid CSRF data with the request. Generates a 400 Bad Request response with the failure reason by default. Customize the response by registering a handler with :meth:`flask.Flask.errorhandler`. zCSRF validation failed.rwN)r[r\r]r^r descriptionr_rwr?r-rr6s,Kr?rc[U5n[U5nURUR:H=(a9 URUR:H=(a URUR:H$rD)rschemehostnameport) current_uri compare_uricurrentcompares r-rrAs[{#G{#G '..( )    0 0 0 ) LLGLL (r?)NN)NNN)NTzCSRF is not configured.)!r r4loggingr" urllib.parserflaskrrrrr itsdangerousr r r werkzeug.exceptionsr wtformsr wtforms.csrf.corer__all__ getLoggerr[rUrrrrArrrrwr?r-rs  ! )/*#" ;   8 $(V1?j>W.T6K K \, ,r?