î i f;;ã@sNdZdgZddlZddlZddlZejdƒZejdƒZGdd„deƒZ dd „Z d d „Z d d„Z Gd d„dƒZ Gdd„dƒZGdd„dƒZGdd„dƒZGdd„dƒZdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Zd#d$„Zd%d&„ZdS)'a& Middleware to check for obedience to the WSGI specification. Some of the things this checks: * Signature of the application and start_response (including that keyword arguments are not used). * Environment checks: - Environment is a dictionary (and not a subclass). - That all the required keys are in the environment: REQUEST_METHOD, SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, wsgi.multithread, wsgi.multiprocess, wsgi.run_once - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the environment (these headers should appear as CONTENT_LENGTH and CONTENT_TYPE). - Warns if QUERY_STRING is missing, as the cgi module acts unpredictably in that case. - That CGI-style variables (that don't contain a .) have (non-unicode) string values - That wsgi.version is a tuple - That wsgi.url_scheme is 'http' or 'https' (@@: is this too restrictive?) - Warns if the REQUEST_METHOD is not known (@@: probably too restrictive). - That SCRIPT_NAME and PATH_INFO are empty or start with / - That at least one of SCRIPT_NAME or PATH_INFO are set. - That CONTENT_LENGTH is a positive integer. - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should be '/'). - That wsgi.input has the methods read, readline, readlines, and __iter__ - That wsgi.errors has the methods flush, write, writelines * The status is a string, contains a space, starts with an integer, and that integer is in range (> 100). * That the headers is a list (not a subclass, not another kind of sequence). * That the items of the headers are tuples of strings. * That there is no 'status' header (that is used in CGI, but not in WSGI). * That the headers don't contain newlines or colons, end in _ or -, or contain characters codes below 037. * That Content-Type is given if there is content (CGI often has a default content type, but WSGI does not). * That no Content-Type is given when there is no content (@@: is this too restrictive?) * That the exc_info argument to start_response is a tuple or None. * That all calls to the writer are with strings, and no other methods on the writer are accessed. * That wsgi.input is used properly: - .read() is called with zero or one argument - That it returns a string - That readline, readlines, and __iter__ return strings - That .close() is not called - No other methods are provided * That wsgi.errors is used properly: - .write() and .writelines() is called with a string - That .close() is not called, and no other methods are provided. * The response iterator: - That it is not a string (it should be a list of a single string; a string will work, but perform horribly). - That .__next__() returns a string - That the iterator is not iterated over until start_response has been called (that can signal either a server or application error). - That .close() is called (doesn't raise exception, only prints to sys.stderr, because we only know it isn't called when the object is garbage collected). Ú validatoréNz^[a-zA-Z][a-zA-Z0-9\-_]*$z [\000-\037]c@seZdZdZdS)Ú WSGIWarningz: Raised in response to WSGI-spec-related warnings N)Ú__name__Ú __module__Ú __qualname__Ú__doc__©rrú5/opt/alt/python34/lib64/python3.4/wsgiref/validate.pyrys rcGs|st|Œ‚ndS)N)ÚAssertionError)ZcondÚargsrrr Úassert_~sr cCs8t|ƒtkr|Stdj|t|ƒƒƒ‚dS)Nz!{0} must be of type str (got {1}))ÚtypeÚstrr ÚformatÚrepr)ÚvalueÚtitlerrr Úcheck_string_type‚srcs‡fdd†}|S)a® When applied between a WSGI server and a WSGI application, this middleware will check for WSGI compliancy on a number of levels. This middleware does not modify the request or response in any way, but will raise an AssertionError if anything seems off (except for a failure to close the application iterator, which will be printed to stderr -- there's no way to raise an exception at that point). csÅtt|ƒdkdƒt| dƒ|\}‰t|ƒg‰‡‡fdd†}t|dƒ|d.lint_app..start_response_wrapperz wsgi.inputz wsgi.errorsFz>The application must return an iterator, if only an empty list)r rÚ check_environÚ InputWrapperÚ ErrorWrapperÚcheck_iteratorÚIteratorWrapper)r rÚenvironr$Úiterator)Ú application)r"r#r Úlint_app”s   zvalidator..lint_appr)r,r-r)r,r rˆs )c@sXeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd S)r&cCs ||_dS)N)Úinput)ÚselfÚ wsgi_inputrrr Ú__init__ÁszInputWrapper.__init__cGsBtt|ƒdkƒ|jj|Œ}tt|ƒtkƒ|S)Nr)r rr.Úreadr Úbytes)r/r Úvrrr r2ÄszInputWrapper.readcGsBtt|ƒdkƒ|jj|Œ}tt|ƒtkƒ|S)Nr)r rr.Úreadliner r3)r/r r4rrr r5ÊszInputWrapper.readlinecGsitt|ƒdkƒ|jj|Œ}tt|ƒtkƒx$|D]}tt|ƒtkƒqEW|S)Nr)r rr.Ú readlinesr Úlistr3)r/r ÚlinesÚlinerrr r6Ðs  zInputWrapper.readlinesccs&x|jƒ}|sdS|VqWdS)N)r5)r/r9rrr Ú__iter__Øs  zInputWrapper.__iter__cCstddƒdS)Nrz input.close() must not be called)r )r/rrr ÚcloseßszInputWrapper.closeN) rrrr1r2r5r6r:r;rrrr r&¿s      r&c@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) r'cCs ||_dS)N)Úerrors)r/Ú wsgi_errorsrrr r1äszErrorWrapper.__init__cCs*tt|ƒtkƒ|jj|ƒdS)N)r r rr<Úwrite)r/Úsrrr r>çszErrorWrapper.writecCs|jjƒdS)N)r<Úflush)r/rrr r@ëszErrorWrapper.flushcCs"x|D]}|j|ƒqWdS)N)r>)r/Úseqr9rrr Ú writelinesîs zErrorWrapper.writelinescCstddƒdS)Nrz!errors.close() must not be called)r )r/rrr r;òszErrorWrapper.closeN)rrrr1r>r@rBr;rrrr r'âs     r'c@s(eZdZdd„Zdd„ZdS)rcCs ||_dS)N)Úwriter)r/Z wsgi_writerrrr r1÷szWriteWrapper.__init__cCs'tt|ƒtkƒ|j|ƒdS)N)r r r3rC)r/r?rrr Ú__call__úszWriteWrapper.__call__N)rrrr1rDrrrr rõs  rc@s(eZdZdd„Zdd„ZdS)ÚPartialIteratorWrappercCs ||_dS)N)r+)r/Ú wsgi_iteratorrrr r1szPartialIteratorWrapper.__init__cCst|jdƒS)N)r)r+)r/rrr r:szPartialIteratorWrapper.__iter__N)rrrr1r:rrrr rEþs  rEc@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd S) r)cCs.||_t|ƒ|_d|_||_dS)NF)Úoriginal_iteratorÚiterr+ÚclosedÚcheck_start_response)r/rFrJrrr r1 s  zIteratorWrapper.__init__cCs|S)Nr)r/rrr r:szIteratorWrapper.__iter__cCsxt|j dƒt|jƒ}t|ƒtk rItdd|fƒn|jdk rtt|jdƒd|_n|S)NzIterator read after closedFz$Iterator yielded non-bytestring (%r)zjThe application returns and we started iterating over its body, but start_response has not yet been called)r rIÚnextr+r r3rJ)r/r4rrr Ú__next__s   zIteratorWrapper.__next__cCs/d|_t|jdƒr+|jjƒndS)NTr;)rIÚhasattrrGr;)r/rrr r;s zIteratorWrapper.closecCs0|jstjjdƒnt|jdƒdS)Nz/Iterator garbage collected without being closed)rIÚsysÚstderrr>r )r/rrr Ú__del__#s     zIteratorWrapper.__del__N)rrrr1r:rLr;rPrrrr r)s    r)c Cs›tt|ƒtkdt|ƒ|fƒxCdddddddd d g D] }t||kd |fƒqKWx;d d gD]-}t||kd||dd…fƒq|Wd|krÌtjdtƒnx^|jƒD]P}d|krñqÙntt||ƒtkd|t||ƒ||fƒqÙWtt|dƒtkd|dfƒt|dd,kd|dƒt |dƒt |dƒ|dd-kr»tjd!|dtƒnt|j d"ƒ pÞ|d"j d#ƒd$|d"ƒt|j d%ƒ p|d%j d#ƒd&|d%ƒ|j d'ƒrVtt |d'ƒd(kd)|d'ƒn|j d"ƒs{td%|kd*ƒnt|j d"ƒd#kd+ƒdS).Nz:Environment is not of the right type: %r (environment: %r)ZREQUEST_METHODZ SERVER_NAMEZ SERVER_PORTz wsgi.versionz wsgi.inputz wsgi.errorszwsgi.multithreadzwsgi.multiprocessz wsgi.run_oncez$Environment missing required key: %rZHTTP_CONTENT_TYPEZHTTP_CONTENT_LENGTHz8Environment should not have the key: %s (use %s instead)éZ QUERY_STRINGz’QUERY_STRING is not in the WSGI environment; the cgi module will use sys.argv when this variable is missing, so application errors are more likelyÚ.z9Environmental variable %s is not a string: %r (value: %r)z#wsgi.version should be a tuple (%r)zwsgi.url_schemeÚhttpÚhttpszwsgi.url_scheme unknown: %rÚGETÚHEADÚPOSTÚOPTIONSÚPATCHÚPUTÚDELETEÚTRACEzUnknown REQUEST_METHOD: %rZ SCRIPT_NAMEú/z$SCRIPT_NAME doesn't start with /: %rZ PATH_INFOz"PATH_INFO doesn't start with /: %rZCONTENT_LENGTHrzInvalid CONTENT_LENGTH: %rzgOne of SCRIPT_NAME or PATH_INFO are required (PATH_INFO should at least be '/' if SCRIPT_NAME is empty)zOSCRIPT_NAME cannot be '/'; it should instead be '', and PATH_INFO should be '/')rSrT)rUrVrWrXrYrZr[r\)r r ÚdictÚwarningsÚwarnrÚkeysrÚtupleÚ check_inputÚ check_errorsÚgetÚ startswithÚint)r*Úkeyrrr r%*s`        #     r%cCsAx:ddddgD]&}tt||ƒd||fƒqWdS)Nr2r5r6r:z-wsgi.input (%r) doesn't have the attribute %s)r rM)r0Úattrrrr rcksrccCs>x7dddgD]&}tt||ƒd||fƒqWdS)Nr@r>rBz.wsgi.errors (%r) doesn't have the attribute %s)r rM)r=rirrr rdqsrdcCs¢t|dƒ}|jddƒd}tt|ƒdkd|ƒt|ƒ}t|dkd|ƒt|ƒdks‡|dd kržtjd |tƒndS) NÚStatusrrrz)Status codes must be three characters: %rédzStatus code is invalid: %réú zjThe status string (%r) should be a three-digit integer followed by a single space and a status explanation)rÚsplitr rrgr_r`r)rZ status_codeZ status_intrrr rws  "rcCs}tt|ƒtkd|t|ƒfƒi}xG|D]?}tt|ƒtkd|t|ƒfƒtt|ƒdkƒ|\}}t|dƒ}t|dƒ}t|jƒdkd|ƒd||jƒns.       7#  # A