U ”¼pdû:ã@sèdZdgZddlZddlZddlZe d¡Ze d¡ZGdd„deƒZ dd „Z d d „Z d d„Z Gd d„dƒZ Gdd„dƒZGdd„dƒZGdd„dƒZGdd„dƒZdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„ZdS)'a& Middleware to check for obedience to the WSGI specification. Some of the things this checks: * Signature of the application and start_response (including that keyword arguments are not used). * Environment checks: - Environment is a dictionary (and not a subclass). - That all the required keys are in the environment: REQUEST_METHOD, SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, wsgi.multithread, wsgi.multiprocess, wsgi.run_once - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the environment (these headers should appear as CONTENT_LENGTH and CONTENT_TYPE). - Warns if QUERY_STRING is missing, as the cgi module acts unpredictably in that case. - That CGI-style variables (that don't contain a .) have (non-unicode) string values - That wsgi.version is a tuple - That wsgi.url_scheme is 'http' or 'https' (@@: is this too restrictive?) - Warns if the REQUEST_METHOD is not known (@@: probably too restrictive). - That SCRIPT_NAME and PATH_INFO are empty or start with / - That at least one of SCRIPT_NAME or PATH_INFO are set. - That CONTENT_LENGTH is a positive integer. - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should be '/'). - That wsgi.input has the methods read, readline, readlines, and __iter__ - That wsgi.errors has the methods flush, write, writelines * The status is a string, contains a space, starts with an integer, and that integer is in range (> 100). * That the headers is a list (not a subclass, not another kind of sequence). * That the items of the headers are tuples of strings. * That there is no 'status' header (that is used in CGI, but not in WSGI). * That the headers don't contain newlines or colons, end in _ or -, or contain characters codes below 037. * That Content-Type is given if there is content (CGI often has a default content type, but WSGI does not). * That no Content-Type is given when there is no content (@@: is this too restrictive?) * That the exc_info argument to start_response is a tuple or None. * That all calls to the writer are with strings, and no other methods on the writer are accessed. * That wsgi.input is used properly: - .read() is called with exactly one argument - That it returns a string - That readline, readlines, and __iter__ return strings - That .close() is not called - No other methods are provided * That wsgi.errors is used properly: - .write() and .writelines() is called with a string - That .close() is not called, and no other methods are provided. * The response iterator: - That it is not a string (it should be a list of a single string; a string will work, but perform horribly). - That .__next__() returns a string - That the iterator is not iterated over until start_response has been called (that can signal either a server or application error). - That .close() is called (doesn't raise exception, only prints to sys.stderr, because we only know it isn't called when the object is garbage collected). Ú validatoréNz^[a-zA-Z][a-zA-Z0-9\-_]*$z [\000-\037]c@seZdZdZdS)Ú WSGIWarningz: Raised in response to WSGI-spec-related warnings N)Ú__name__Ú __module__Ú __qualname__Ú__doc__©rrú&/usr/lib/python3.8/wsgiref/validate.pyrysrcGs|s t|Ž‚dS©N)ÚAssertionError)ZcondÚargsrrr Úassert_~sr cCs(t|ƒtkr|Std |t|ƒ¡ƒ‚dS)Nz!{0} must be of type str (got {1}))ÚtypeÚstrr ÚformatÚrepr)ÚvalueÚtitlerrr Úcheck_string_type‚s  ÿrcs‡fdd„}|S)a® When applied between a WSGI server and a WSGI application, this middleware will check for WSGI compliancy on a number of levels. This middleware does not modify the request or response in any way, but will raise an AssertionError if anything seems off (except for a failure to close the application iterator, which will be printed to stderr -- there's no way to raise an exception at that point). cs’tt|ƒdkdƒt| dƒ|\}‰t|ƒg‰‡‡fdd„}t|dƒ|d<t|dƒ|d<ˆ||ƒ}t|dk oz|dkd ƒt|ƒt|ˆƒS) NézTwo arguments requiredúNo keyword arguments allowedcs’tt|ƒdkpt|ƒdkd|fƒt| dƒ|d}|d}t|ƒdkrV|d}nd}t|ƒt|ƒt||ƒt|ƒˆ d¡tˆ|ŽƒS)NrézInvalid number of arguments: %srré)r ÚlenÚ check_statusÚ check_headersÚcheck_content_typeÚcheck_exc_infoÚappendÚ WriteWrapper)r ÚkwÚstatusÚheadersÚexc_info©Zstart_responseZstart_response_startedrr Ústart_response_wrapperŸsÿ     z;validator..lint_app..start_response_wrapperú wsgi.inputú wsgi.errorsFz>The application must return an iterator, if only an empty list)r rÚ check_environÚ InputWrapperÚ ErrorWrapperÚcheck_iteratorÚIteratorWrapper)r r Úenvironr%Úiterator©Ú applicationr$r Úlint_app”s  ÿzvalidator..lint_appr)r0r1rr/r rˆs )c@s<eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)r)cCs ||_dSr )Úinput)ÚselfÚ wsgi_inputrrr Ú__init__ÁszInputWrapper.__init__cGs0tt|ƒdkƒ|jj|Ž}tt|ƒtkƒ|S©Nr)r rr2ÚreadrÚbytes©r3r Úvrrr r7Äs zInputWrapper.readcGs0tt|ƒdkƒ|jj|Ž}tt|ƒtkƒ|Sr6)r rr2Úreadlinerr8r9rrr r;Ês zInputWrapper.readlinecGsJtt|ƒdkƒ|jj|Ž}tt|ƒtkƒ|D]}tt|ƒtkƒq0|Sr6)r rr2Ú readlinesrÚlistr8)r3r ÚlinesÚlinerrr r<Ðs  zInputWrapper.readlinesccs| ¡}|sdS|VqdSr )r;)r3r?rrr Ú__iter__ØszInputWrapper.__iter__cCstddƒdS)Nrz input.close() must not be called©r ©r3rrr ÚcloseßszInputWrapper.closeN) rrrr5r7r;r<r@rCrrrr r)¿s r)c@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) r*cCs ||_dSr )Úerrors)r3Ú wsgi_errorsrrr r5äszErrorWrapper.__init__cCs tt|ƒtkƒ|j |¡dSr )r rrrDÚwrite©r3Úsrrr rFçszErrorWrapper.writecCs|j ¡dSr )rDÚflushrBrrr rIëszErrorWrapper.flushcCs|D]}| |¡qdSr )rF)r3Úseqr?rrr Ú writelinesîszErrorWrapper.writelinescCstddƒdS)Nrz!errors.close() must not be calledrArBrrr rCòszErrorWrapper.closeN)rrrr5rFrIrKrCrrrr r*âs r*c@seZdZdd„Zdd„ZdS)rcCs ||_dSr )Úwriter)r3Z wsgi_writerrrr r5÷szWriteWrapper.__init__cCstt|ƒtkƒ| |¡dSr )r rr8rLrGrrr Ú__call__úszWriteWrapper.__call__N)rrrr5rMrrrr rõsrc@seZdZdd„Zdd„ZdS)ÚPartialIteratorWrappercCs ||_dSr ©r.)r3Ú wsgi_iteratorrrr r5szPartialIteratorWrapper.__init__cCs t|jdƒSr )r,r.rBrrr r@szPartialIteratorWrapper.__iter__N)rrrr5r@rrrr rNþsrNc@s4eZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) r,cCs ||_t|ƒ|_d|_||_dS)NF)Úoriginal_iteratorÚiterr.ÚclosedÚcheck_start_response)r3rPrTrrr r5 s zIteratorWrapper.__init__cCs|Sr rrBrrr r@szIteratorWrapper.__iter__cCsTt|j dƒt|jƒ}t|ƒtk r4tdd|fƒ|jdk rPt|jdƒd|_|S)NzIterator read after closedFz$Iterator yielded non-bytestring (%r)zjThe application returns and we started iterating over its body, but start_response has not yet been called)r rSÚnextr.rr8rT)r3r:rrr Ú__next__sÿ   ÿzIteratorWrapper.__next__cCs d|_t|jdƒr|j ¡dS)NTrC)rSÚhasattrrQrCrBrrr rCs zIteratorWrapper.closecCs"|jstj d¡t|jdƒdS)Nz/Iterator garbage collected without being closed)rSÚsysÚstderrrFr rBrrr Ú__del__#sÿÿzIteratorWrapper.__del__N)rrrr5r@rVrCrZrrrr r,s  r,cCsàtt|ƒtkdt|ƒ|fƒdD]}t||kd|fƒq"dD]"}t||kd||dd…fƒq@d|krxt dt¡| ¡D]:}d |krŽq€tt||ƒtkd |t||ƒ||fƒq€tt|d ƒtkd |d fƒt|d dkd|d ƒt |dƒt |dƒ|ddkr0t d|dt¡t|  d¡ pL|d  d¡d|dƒt|  d¡ pv|d  d¡d|dƒ|  d¡r®tt |dƒdkd|dƒ|  d¡sÈtd|kdƒt|  d¡dkdƒdS)Nz:Environment is not of the right type: %r (environment: %r)) ÚREQUEST_METHODZ SERVER_NAMEZ SERVER_PORTú wsgi.versionr&r'zwsgi.multithreadzwsgi.multiprocessz wsgi.run_oncez$Environment missing required key: %r)ZHTTP_CONTENT_TYPEZHTTP_CONTENT_LENGTHz8Environment should not have the key: %s (use %s instead)éZ QUERY_STRINGz’QUERY_STRING is not in the WSGI environment; the cgi module will use sys.argv when this variable is missing, so application errors are more likelyÚ.z9Environmental variable %s is not a string: %r (value: %r)r\z#wsgi.version should be a tuple (%r)zwsgi.url_scheme)ZhttpZhttpszwsgi.url_scheme unknown: %rr&r'r[)ZGETZHEADZPOSTZOPTIONSZPATCHZPUTZDELETEZTRACEzUnknown REQUEST_METHOD: %rZ SCRIPT_NAMEú/z$SCRIPT_NAME doesn't start with /: %rZ PATH_INFOz"PATH_INFO doesn't start with /: %rZCONTENT_LENGTHrzInvalid CONTENT_LENGTH: %rzgOne of SCRIPT_NAME or PATH_INFO are required (PATH_INFO should at least be '/' if SCRIPT_NAME is empty)zOSCRIPT_NAME cannot be '/'; it should instead be '', and PATH_INFO should be '/')r rÚdictÚwarningsÚwarnrÚkeysrÚtupleÚ check_inputÚ check_errorsÚgetÚ startswithÚint)r-Úkeyrrr r(*sx  ÿÿÿÿÿü ÿÿ ÿ  ÿ   þ  þ  þ  ÿ ÿÿr(cCs&dD]}tt||ƒd||fƒqdS)N)r7r;r<r@z-wsgi.input (%r) doesn't have the attribute %s©r rW)r4Úattrrrr reks  ÿÿrecCs&dD]}tt||ƒd||fƒqdS)N)rIrFrKz.wsgi.errors (%r) doesn't have the attribute %srk)rErlrrr rfqs  ÿÿrfcCsvt|dƒ}| dd¡d}tt|ƒdkd|ƒt|ƒ}t|dkd|ƒt|ƒdksb|dd krrt d |t¡dS) NÚStatusrrrz)Status codes must be three characters: %rédzStatus code is invalid: %réú zjThe status string (%r) should be a three-digit integer followed by a single space and a status explanation)rÚsplitr rrirarbr)r!Z status_codeZ status_intrrr rws  ÿþýrcCstt|ƒtkd|t|ƒfƒ|D]Ü}tt|ƒtkd|t|ƒfƒtt|ƒdkƒ|\}}t|dƒ}t|dƒ}t| ¡dkd|ƒtd|ko–d |kd |ƒtt |¡d |ƒt|  d ¡ oÌ|  d ¡ d|ƒt  |¡r"tdd|t  |¡  d¡fƒq"dS)Nz%Headers (%r) must be of type list: %rz1Individual headers (%r) must be of type tuple: %rrú Header namez Header valuer!zyThe Status header cannot be used; it conflicts with CGI script, and HTTP status is not given through headers (value: %r).Ú ú:z,Header names may not contain ':' or '\n': %rzBad header name: %rú-Ú_z#Names may not end in '-' or '_': %rrz#Bad header value: %r (bad char: %r)) r rr=rdrrÚlowerÚ header_reÚsearchÚendswithÚbad_header_value_reÚgroup)r"ÚitemÚnamerrrr r…s>  ÿÿ  ÿÿ   þÿÿÿ ÿrcCs|t|dƒ}t| dd¡dƒ}d}|D]:\}}t|dƒ}| ¡dkr&||krRdStdd|ƒq&||krxtdd|ƒdS) Nrmrr)éÌi0rrz content-typezJContent-Type header found in a %s response, which must not return content.z,No Content-Type header found in headers (%s))rrirqrwr )r!r"ÚcodeZNO_MESSAGE_BODYr~rrrr ržs    ÿrcCs*t|dkpt|ƒtkd|t|ƒfƒdS)Nz exc_info (%r) is not a tuple: %r)r rrd)r#rrr r®sÿrcCstt|ttfƒ dƒdS)NzwYou should not return a string as your application iterator, instead return a single-item list containing a bytestring.)r Ú isinstancerr8rOrrr r+³sÿr+)rÚ__all__ÚrerXraÚcompilerxr{ÚWarningrr rrr)r*rrNr,r(rerfrrrrr+rrrr Ús.j  7#  #A