Add .prof File Download Support to Profiling Panel#2146
Add .prof File Download Support to Profiling Panel#2146andoriyaprashant wants to merge 2 commits intodjango-commons:mainfrom
Conversation
|
I’ve started working on the enhancement Download profiling results (Issue #1798) and have implemented the backend and template changes to support .prof file download. However, I’m currently getting the following error: django.urls.exceptions.NoReverseMatch: Reverse for 'debug_toolbar_download_prof_file' not found.I’ve defined the download_prof_file view in views.py, but I suspect the issue might be with how I registered it in urls.py or the namespace being used by the toolbar. Since this involves integrating a custom view into the debug toolbar's internal URLs, I’ve kept the PR in draft so you could please review my approach and suggest how I can resolve this. Thank you! |
matthiask
left a comment
matthiask
left a comment
There was a problem hiding this comment.
Can you explain more what we can do with the .prof file?
Also, I wonder if we shouldn't just write profile files always to a configured path (in the settings) and not make this a part of the interface? (Not saying that's a better idea, just thinking out loud.)
|
|
||
| root_func = cProfile.label(super().process_request.__code__) | ||
| prof_file_path = os.path.join( | ||
| tempfile.gettempdir(), next(tempfile._get_candidate_names()) + ".prof" |
There was a problem hiding this comment.
_get_candidate_names() isn't documented? I think we should only enable this feature when users provide a path where we can store profiles, because we have to ensure we're only serving files from this very path and not arbitrary files.
| try: | ||
| return self.db.ops.last_executed_query(self.cursor, sql, sample_params) | ||
| except Exception: | ||
| return sql |
There was a problem hiding this comment.
This looks like an unrelated change?
| {% load i18n %} | ||
|
|
||
| {% if prof_file_path %} | ||
| <div style="margin-bottom: 10px;"> |
There was a problem hiding this comment.
We do not have any inline styles in templates until now, if we need styles add them to the toolbar.css file.
| debug_toolbar_views.download_prof_file, | ||
| name="debug_toolbar_download_prof_file", | ||
| ), | ||
| ] |
There was a problem hiding this comment.
You should add the URL pattern to get_urls(), not here.
|
|
||
| {% if prof_file_path %} | ||
| <div style="margin-bottom: 10px;"> | ||
| <a href="{% url 'debug_toolbar_download_prof_file' %}?path={{ prof_file_path|urlencode }}" class="djDebugButton"> |
There was a problem hiding this comment.
The toolbar uses the djdt: namespace for URLs; search the code base for reverse( calls to see how that can be used. (See git grep -C3 'reverse(')
| def download_prof_file(request): | ||
| file_path = request.GET.get("path") | ||
| print("Serving .prof file:", file_path) | ||
| if not file_path or not os.path.exists(file_path): |
There was a problem hiding this comment.
This can trivially be exploited by using something like
...?path=/etc/passwd
This view serves arbitrary files which are readable by the webserver process: Either you have to use signing (django.core.signing, also used in the templates panel) to ensure that paths cannot be tampered with and/or use a known root where you put files, and ensure that you only serve files from this root. This isn't totally straightforward because you have to protect against path traversal attacks.
|
@andoriyaprashant do you have time to pick this back up? If not, @robhudson could ask a Djangonaut from the next session of Djangonaut Space to get it over the finish line. |
Hey @tim-schilling Thanks for checking in! At the moment I’m unable to give this PR the focus it needs, so I’m fine with someone else picking it up and taking it forward Thank you |
|
@tim-schilling I would like to pick this up |
|
Following up here. We're going to hold this in reserve for a few more weeks for Djangonaut Space. |
|
@JohananOppongAmoateng please feel free to work on this |
|
@tim-schilling noted |
|
Replaced by #2286 |
4 participants
Description
This PR adds a feature to download the raw .prof file generated by cProfile via the Django Debug Toolbar profiling panel.
Users can now export the profiling results to visualize or analyze them externally.
Status: Draft - encountering a NoReverseMatch error related to debug_toolbar_download_prof_file. Likely an issue with urls.py configuration. Seeking guidance on the correct integration approach.
Fixes #1798
Checklist:
docs/changes.rst.