442 lines
15 KiB
Python
442 lines
15 KiB
Python
# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
|
|
# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
|
|
# Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php
|
|
# Licensed to PSF under a Contributor Agreement
|
|
"""
|
|
Middleware to check for obedience to the WSGI specification.
|
|
|
|
Some of the things this checks:
|
|
|
|
* Signature of the application and start_response (including that
|
|
keyword arguments are not used).
|
|
|
|
* Environment checks:
|
|
|
|
- Environment is a dictionary (and not a subclass).
|
|
|
|
- That all the required keys are in the environment: REQUEST_METHOD,
|
|
SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,
|
|
wsgi.multithread, wsgi.multiprocess, wsgi.run_once
|
|
|
|
- That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the
|
|
environment (these headers should appear as CONTENT_LENGTH and
|
|
CONTENT_TYPE).
|
|
|
|
- Warns if QUERY_STRING is missing, as the cgi module acts
|
|
unpredictably in that case.
|
|
|
|
- That CGI-style variables (that don't contain a .) have
|
|
(non-unicode) string values
|
|
|
|
- That wsgi.version is a tuple
|
|
|
|
- That wsgi.url_scheme is 'http' or 'https' (@@: is this too
|
|
restrictive?)
|
|
|
|
- Warns if the REQUEST_METHOD is not known (@@: probably too
|
|
restrictive).
|
|
|
|
- That SCRIPT_NAME and PATH_INFO are empty or start with /
|
|
|
|
- That at least one of SCRIPT_NAME or PATH_INFO are set.
|
|
|
|
- That CONTENT_LENGTH is a positive integer.
|
|
|
|
- That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
|
|
be '/').
|
|
|
|
- That wsgi.input has the methods read, readline, readlines, and
|
|
__iter__
|
|
|
|
- That wsgi.errors has the methods flush, write, writelines
|
|
|
|
* The status is a string, contains a space, starts with an integer,
|
|
and that integer is in range (> 100).
|
|
|
|
* That the headers is a list (not a subclass, not another kind of
|
|
sequence).
|
|
|
|
* That the items of the headers are tuples of strings.
|
|
|
|
* That there is no 'status' header (that is used in CGI, but not in
|
|
WSGI).
|
|
|
|
* That the headers don't contain newlines or colons, end in _ or -, or
|
|
contain characters codes below 037.
|
|
|
|
* That Content-Type is given if there is content (CGI often has a
|
|
default content type, but WSGI does not).
|
|
|
|
* That no Content-Type is given when there is no content (@@: is this
|
|
too restrictive?)
|
|
|
|
* That the exc_info argument to start_response is a tuple or None.
|
|
|
|
* That all calls to the writer are with strings, and no other methods
|
|
on the writer are accessed.
|
|
|
|
* That wsgi.input is used properly:
|
|
|
|
- .read() is called with zero or one argument
|
|
|
|
- That it returns a string
|
|
|
|
- That readline, readlines, and __iter__ return strings
|
|
|
|
- That .close() is not called
|
|
|
|
- No other methods are provided
|
|
|
|
* That wsgi.errors is used properly:
|
|
|
|
- .write() and .writelines() is called with a string
|
|
|
|
- That .close() is not called, and no other methods are provided.
|
|
|
|
* The response iterator:
|
|
|
|
- That it is not a string (it should be a list of a single string; a
|
|
string will work, but perform horribly).
|
|
|
|
- That .__next__() returns a string
|
|
|
|
- That the iterator is not iterated over until start_response has
|
|
been called (that can signal either a server or application
|
|
error).
|
|
|
|
- That .close() is called (doesn't raise exception, only prints to
|
|
sys.stderr, because we only know it isn't called when the object
|
|
is garbage collected).
|
|
"""
|
|
__all__ = ['validator']
|
|
|
|
|
|
import re
|
|
import sys
|
|
import warnings
|
|
|
|
header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$')
|
|
bad_header_value_re = re.compile(r'[\000-\037]')
|
|
|
|
class WSGIWarning(Warning):
|
|
"""
|
|
Raised in response to WSGI-spec-related warnings
|
|
"""
|
|
|
|
def assert_(cond, *args):
|
|
if not cond:
|
|
raise AssertionError(*args)
|
|
|
|
def check_string_type(value, title):
|
|
if isinstance(value, str):
|
|
return value
|
|
assert isinstance(value, bytes), \
|
|
"{0} must be a string or bytes object (not {1})".format(title, value)
|
|
return str(value, "iso-8859-1")
|
|
|
|
def validator(application):
|
|
|
|
"""
|
|
When applied between a WSGI server and a WSGI application, this
|
|
middleware will check for WSGI compliancy on a number of levels.
|
|
This middleware does not modify the request or response in any
|
|
way, but will throw an AssertionError if anything seems off
|
|
(except for a failure to close the application iterator, which
|
|
will be printed to stderr -- there's no way to throw an exception
|
|
at that point).
|
|
"""
|
|
|
|
def lint_app(*args, **kw):
|
|
assert_(len(args) == 2, "Two arguments required")
|
|
assert_(not kw, "No keyword arguments allowed")
|
|
environ, start_response = args
|
|
|
|
check_environ(environ)
|
|
|
|
# We use this to check if the application returns without
|
|
# calling start_response:
|
|
start_response_started = []
|
|
|
|
def start_response_wrapper(*args, **kw):
|
|
assert_(len(args) == 2 or len(args) == 3, (
|
|
"Invalid number of arguments: %s" % (args,)))
|
|
assert_(not kw, "No keyword arguments allowed")
|
|
status = args[0]
|
|
headers = args[1]
|
|
if len(args) == 3:
|
|
exc_info = args[2]
|
|
else:
|
|
exc_info = None
|
|
|
|
check_status(status)
|
|
check_headers(headers)
|
|
check_content_type(status, headers)
|
|
check_exc_info(exc_info)
|
|
|
|
start_response_started.append(None)
|
|
return WriteWrapper(start_response(*args))
|
|
|
|
environ['wsgi.input'] = InputWrapper(environ['wsgi.input'])
|
|
environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors'])
|
|
|
|
iterator = application(environ, start_response_wrapper)
|
|
assert_(iterator is not None and iterator != False,
|
|
"The application must return an iterator, if only an empty list")
|
|
|
|
check_iterator(iterator)
|
|
|
|
return IteratorWrapper(iterator, start_response_started)
|
|
|
|
return lint_app
|
|
|
|
class InputWrapper:
|
|
|
|
def __init__(self, wsgi_input):
|
|
self.input = wsgi_input
|
|
|
|
def read(self, *args):
|
|
assert_(len(args) == 1)
|
|
v = self.input.read(*args)
|
|
assert_(isinstance(v, bytes))
|
|
return v
|
|
|
|
def readline(self):
|
|
v = self.input.readline()
|
|
assert_(isinstance(v, bytes))
|
|
return v
|
|
|
|
def readlines(self, *args):
|
|
assert_(len(args) <= 1)
|
|
lines = self.input.readlines(*args)
|
|
assert_(isinstance(lines, list))
|
|
for line in lines:
|
|
assert_(isinstance(line, bytes))
|
|
return lines
|
|
|
|
def __iter__(self):
|
|
while 1:
|
|
line = self.readline()
|
|
if not line:
|
|
return
|
|
yield line
|
|
|
|
def close(self):
|
|
assert_(0, "input.close() must not be called")
|
|
|
|
class ErrorWrapper:
|
|
|
|
def __init__(self, wsgi_errors):
|
|
self.errors = wsgi_errors
|
|
|
|
def write(self, s):
|
|
assert_(isinstance(s, str))
|
|
self.errors.write(s)
|
|
|
|
def flush(self):
|
|
self.errors.flush()
|
|
|
|
def writelines(self, seq):
|
|
for line in seq:
|
|
self.write(line)
|
|
|
|
def close(self):
|
|
assert_(0, "errors.close() must not be called")
|
|
|
|
class WriteWrapper:
|
|
|
|
def __init__(self, wsgi_writer):
|
|
self.writer = wsgi_writer
|
|
|
|
def __call__(self, s):
|
|
assert_(isinstance(s, (str, bytes)))
|
|
self.writer(s)
|
|
|
|
class PartialIteratorWrapper:
|
|
|
|
def __init__(self, wsgi_iterator):
|
|
self.iterator = wsgi_iterator
|
|
|
|
def __iter__(self):
|
|
# We want to make sure __iter__ is called
|
|
return IteratorWrapper(self.iterator, None)
|
|
|
|
class IteratorWrapper:
|
|
|
|
def __init__(self, wsgi_iterator, check_start_response):
|
|
self.original_iterator = wsgi_iterator
|
|
self.iterator = iter(wsgi_iterator)
|
|
self.closed = False
|
|
self.check_start_response = check_start_response
|
|
|
|
def __iter__(self):
|
|
return self
|
|
|
|
def __next__(self):
|
|
assert_(not self.closed,
|
|
"Iterator read after closed")
|
|
v = next(self.iterator)
|
|
if self.check_start_response is not None:
|
|
assert_(self.check_start_response,
|
|
"The application returns and we started iterating over its body, but start_response has not yet been called")
|
|
self.check_start_response = None
|
|
return v
|
|
|
|
def close(self):
|
|
self.closed = True
|
|
if hasattr(self.original_iterator, 'close'):
|
|
self.original_iterator.close()
|
|
|
|
def __del__(self):
|
|
if not self.closed:
|
|
sys.stderr.write(
|
|
"Iterator garbage collected without being closed")
|
|
assert_(self.closed,
|
|
"Iterator garbage collected without being closed")
|
|
|
|
def check_environ(environ):
|
|
assert_(isinstance(environ, dict),
|
|
"Environment is not of the right type: %r (environment: %r)"
|
|
% (type(environ), environ))
|
|
|
|
for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT',
|
|
'wsgi.version', 'wsgi.input', 'wsgi.errors',
|
|
'wsgi.multithread', 'wsgi.multiprocess',
|
|
'wsgi.run_once']:
|
|
assert_(key in environ,
|
|
"Environment missing required key: %r" % (key,))
|
|
|
|
for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']:
|
|
assert_(key not in environ,
|
|
"Environment should not have the key: %s "
|
|
"(use %s instead)" % (key, key[5:]))
|
|
|
|
if 'QUERY_STRING' not in environ:
|
|
warnings.warn(
|
|
'QUERY_STRING is not in the WSGI environment; the cgi '
|
|
'module will use sys.argv when this variable is missing, '
|
|
'so application errors are more likely',
|
|
WSGIWarning)
|
|
|
|
for key in environ.keys():
|
|
if '.' in key:
|
|
# Extension, we don't care about its type
|
|
continue
|
|
assert_(isinstance(environ[key], str),
|
|
"Environmental variable %s is not a string: %r (value: %r)"
|
|
% (key, type(environ[key]), environ[key]))
|
|
|
|
assert_(isinstance(environ['wsgi.version'], tuple),
|
|
"wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],))
|
|
assert_(environ['wsgi.url_scheme'] in ('http', 'https'),
|
|
"wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme'])
|
|
|
|
check_input(environ['wsgi.input'])
|
|
check_errors(environ['wsgi.errors'])
|
|
|
|
# @@: these need filling out:
|
|
if environ['REQUEST_METHOD'] not in (
|
|
'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'):
|
|
warnings.warn(
|
|
"Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'],
|
|
WSGIWarning)
|
|
|
|
assert_(not environ.get('SCRIPT_NAME')
|
|
or environ['SCRIPT_NAME'].startswith('/'),
|
|
"SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME'])
|
|
assert_(not environ.get('PATH_INFO')
|
|
or environ['PATH_INFO'].startswith('/'),
|
|
"PATH_INFO doesn't start with /: %r" % environ['PATH_INFO'])
|
|
if environ.get('CONTENT_LENGTH'):
|
|
assert_(int(environ['CONTENT_LENGTH']) >= 0,
|
|
"Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH'])
|
|
|
|
if not environ.get('SCRIPT_NAME'):
|
|
assert_('PATH_INFO' in environ,
|
|
"One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO "
|
|
"should at least be '/' if SCRIPT_NAME is empty)")
|
|
assert_(environ.get('SCRIPT_NAME') != '/',
|
|
"SCRIPT_NAME cannot be '/'; it should instead be '', and "
|
|
"PATH_INFO should be '/'")
|
|
|
|
def check_input(wsgi_input):
|
|
for attr in ['read', 'readline', 'readlines', '__iter__']:
|
|
assert_(hasattr(wsgi_input, attr),
|
|
"wsgi.input (%r) doesn't have the attribute %s"
|
|
% (wsgi_input, attr))
|
|
|
|
def check_errors(wsgi_errors):
|
|
for attr in ['flush', 'write', 'writelines']:
|
|
assert_(hasattr(wsgi_errors, attr),
|
|
"wsgi.errors (%r) doesn't have the attribute %s"
|
|
% (wsgi_errors, attr))
|
|
|
|
def check_status(status):
|
|
status = check_string_type(status, "Status")
|
|
# Implicitly check that we can turn it into an integer:
|
|
status_code = status.split(None, 1)[0]
|
|
assert_(len(status_code) == 3,
|
|
"Status codes must be three characters: %r" % status_code)
|
|
status_int = int(status_code)
|
|
assert_(status_int >= 100, "Status code is invalid: %r" % status_int)
|
|
if len(status) < 4 or status[3] != ' ':
|
|
warnings.warn(
|
|
"The status string (%r) should be a three-digit integer "
|
|
"followed by a single space and a status explanation"
|
|
% status, WSGIWarning)
|
|
|
|
def check_headers(headers):
|
|
assert_(isinstance(headers, list),
|
|
"Headers (%r) must be of type list: %r"
|
|
% (headers, type(headers)))
|
|
header_names = {}
|
|
for item in headers:
|
|
assert_(isinstance(item, tuple),
|
|
"Individual headers (%r) must be of type tuple: %r"
|
|
% (item, type(item)))
|
|
assert_(len(item) == 2)
|
|
name, value = item
|
|
name = check_string_type(name, "Header name")
|
|
value = check_string_type(value, "Header value")
|
|
assert_(name.lower() != 'status',
|
|
"The Status header cannot be used; it conflicts with CGI "
|
|
"script, and HTTP status is not given through headers "
|
|
"(value: %r)." % value)
|
|
header_names[name.lower()] = None
|
|
assert_('\n' not in name and ':' not in name,
|
|
"Header names may not contain ':' or '\\n': %r" % name)
|
|
assert_(header_re.search(name), "Bad header name: %r" % name)
|
|
assert_(not name.endswith('-') and not name.endswith('_'),
|
|
"Names may not end in '-' or '_': %r" % name)
|
|
if bad_header_value_re.search(value):
|
|
assert_(0, "Bad header value: %r (bad char: %r)"
|
|
% (value, bad_header_value_re.search(value).group(0)))
|
|
|
|
def check_content_type(status, headers):
|
|
status = check_string_type(status, "Status")
|
|
code = int(status.split(None, 1)[0])
|
|
# @@: need one more person to verify this interpretation of RFC 2616
|
|
# http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
|
|
NO_MESSAGE_BODY = (204, 304)
|
|
for name, value in headers:
|
|
name = check_string_type(name, "Header name")
|
|
if name.lower() == 'content-type':
|
|
if code not in NO_MESSAGE_BODY:
|
|
return
|
|
assert_(0, ("Content-Type header found in a %s response, "
|
|
"which must not return content.") % code)
|
|
if code not in NO_MESSAGE_BODY:
|
|
assert_(0, "No Content-Type header found in headers (%s)" % headers)
|
|
|
|
def check_exc_info(exc_info):
|
|
assert_(exc_info is None or isinstance(exc_info, tuple),
|
|
"exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info)))
|
|
# More exc_info checks?
|
|
|
|
def check_iterator(iterator):
|
|
# Technically a string is legal, which is why it's a really bad
|
|
# idea, because it may cause the response to be returned
|
|
# character-by-character
|
|
assert_(not isinstance(iterator, (str, bytes)),
|
|
"You should not return a string as your application iterator, "
|
|
"instead return a single-item list containing that string.")
|