3 e6@sdZddlZddlmZddlmZddlmZddl m Z ddl m Z dd l mZejr~dd lmZdd lmZdd lmZGd ddeZGdddeZefeeejddddZGdddZGdddZGdddZGdddZGdddZdS)a WSGI Protocol Linter ==================== This module provides a middleware that performs sanity checks on the behavior of the WSGI server and application. It checks that the :pep:`3333` WSGI spec is properly implemented. It also warns on some common HTTP errors such as non-empty responses for 304 status codes. .. autoclass:: LintMiddleware :copyright: 2007 Pallets :license: BSD-3-Clause N) TracebackType)urlparse)warn)Headers)is_entity_header) FileWrapper) StartResponse)WSGIApplication)WSGIEnvironmentc@seZdZdZdS) WSGIWarningz Warning class for WSGI warnings.N)__name__ __module__ __qualname____doc__rrrrrrr9ws$r9c@sneZdZejeejeefej eddddZ ddddZ eddd Z ddd d Z ddd d ZdS)GuardedIteratorN)iterator headers_setr:rcCs(||_t|j|_d|_||_||_dS)NF) _iteratorr(__next___nextclosedrDr:)r rCrDr:rrrr!s  zGuardedIterator.__init__)rcCs|S)Nr)r rrrr)szGuardedIterator.__iter__cCsP|jrtdtdd|j}|js0tdtddtd|t|jjt ||S)Nz Iterated over closed 'app_iter'.r)rz8The application returned before it started the response.zapplication iterator items) rHrr rGrDrr-r:r=r$)r rvrrrrFs zGuardedIterator.__next__cCsd|_t|jdr|jj|jr|j\}}t|j}|jdtd}|dkrx:|D]2\}}|j }|dkrTt |rTt d|d t qTW|rt d t njd |kod kns|d kr|dkrt |dt |rt |dt n|dk o||krt dt dS)NTr*zcontent-length)ri0expirescontent-locationzEntity header z found in 304 response.z#304 responses must not have a body.drz- responses must have an empty content length.z responses must not have a body.zGContent-Length and the number of bytes sent to the client do not match.)rJrK)rHhasattrrEr*rDsumr:getrAlowerrrrr )r status_codeheadersZ bytes_sentcontent_lengthkey_valuerrrr*s6       zGuardedIterator.closec Cs.|js*ytdtWntk r(YnXdS)Nz4Iterator was garbage collected before it was closed.)rHrr Exception)r rrr__del__s  zGuardedIterator.__del__)r rrr+r8r-TuplerArr@r!r)rFr*rYrrrrrBs %rBc@seZdZdZdddddZdddd d Zeejej eefej ej ej e e e fej eefd d d ZeddddZejeddddZejejejedddZdS)LintMiddlewareaWarns about common errors in the WSGI and HTTP behavior of the server and wrapped application. Some of the issues it checks are: - invalid status codes - non-bytes sent to the WSGI server - strings returned from the WSGI application - non-empty conditional responses - unquoted etags - relative URLs in the Location header - unsafe calls to wsgi.input - unclosed iterators Error information is emitted using the :mod:`warnings` module. :param app: The WSGI application to wrap. .. code-block:: python from werkzeug.middleware.lint import LintMiddleware app = LintMiddleware(app) r N)apprcCs ||_dS)N)r\)r r\rrrr!szLintMiddleware.__init__r )environrc Cst|tk rtdtddx*dD]"}||kr td |dtddq W|ddkr`tdtdd|jdd}|jdd}|r|ddkrtd|tdd|r|ddkrtd|tdddS)Nz/WSGI environment is not a standard Python dict.)rREQUEST_METHOD SERVER_NAME SERVER_PORT wsgi.version wsgi.input wsgi.errorswsgi.multithreadwsgi.multiprocess wsgi.run_oncezRequired environment key z not foundrr#rz"Environ is not a WSGI 1.0 environ.Z SCRIPT_NAMEZ PATH_INFO/z+'SCRIPT_NAME' does not start with a slash: z)'PATH_INFO' does not start with a slash: ) r_r`rarbrcrdrerfrg)r#r)rdictrr rQ)r r]rV script_nameZ path_inforrr check_environsD      zLintMiddleware.check_environ)statusrTexc_inforc Csdtd|t|jddd}t|dks2|j r@tdtddt|dksX|ddkrntd |d tddt|}|d krtd tddt|t k rtd tddx||D]t}t|t k st|dkrtdtdd|\}}t|tk st|tk rtdtdd|j dkrtdtddqW|dk rJt |t  rJtdtddt |}|j|||fS)Nrmr#rrz!Status code must be three digits.)rr^ zInvalid value for status zJ. Valid status strings are three digits, a space and a status explanation.rLzStatus code < 100 detected.zHeader list is not a list.rz#Header items must be 2-item tuples.z'Header keys and values must be strings.zFThe status header is not supported due to conflicts with the CGI spec.zInvalid value for exc_info.)rr2splitr$isdigitrr rArlisttuplerR isinstancer check_headers) r rmrTrnZstatus_code_strrSitemnamevaluerrrcheck_start_responses>        z#LintMiddleware.check_start_response)rTrcCs|jd}|dk rv|jd r@|jdr4tdtdd|dd}|dd|ddkobd knsvtd tdd|jd }|dk rt|jstd tdddS)NetagW/w/z)Weak etag indicator should be upper case.r^)rrr#"zUnquoted etag emitted.locationz+Absolute URLs required for location header.)r{r|)rQ startswithrrrnetloc)r rTrzr~rrrruNs$    (  zLintMiddleware.check_headers)app_iterrcCst|trtdtdddS)NzThe application returned a bytestring. The response will send one character at a time to the client, which will kill performance. Return a list or iterable instead.r)r)rtr-rr )r rrrrcheck_iteratoris  zLintMiddleware.check_iterator)r"kwargsrcst|dkrtdtdd|r,tdtdd|d}|dj|t|d|d<t|d|d<t|d <ggtjtjtj t gdfd fd d }j |tj d |}j |t|tj tjttfS)NrzA WSGI app takes two arguments.)rz+A WSGI app does not take keyword arguments.rr#z wsgi.inputz wsgi.errorszwsgi.file_wrapper)r"rrcst|d kr&tdt|dtdd|r4tdt|d}|d}t|dkrX|dnd}j|||dd<t|||S) NrrzInvalid number of arguments: z, expected 2 or 3.)rz1'start_response' does not take keyword arguments.rr#>rr)r$rr ryr9)r"rrmrTrn)r:rDr start_responserrchecking_start_responses  z8LintMiddleware.__call__..checking_start_responser )r$rr rlrr0rr+r.r?r-r\castrrBrZrAr)r r"rr]rrr)r:rDr rrr>ss&   $ zLintMiddleware.__call__)r rrrr!rlr2r+r@rZOptionalType BaseExceptionrrArryrur8r-rr.r>rrrrr[s./ r[) rtypingr+typesr urllib.parserwarningsrZdatastructuresrhttprZwsgirZ TYPE_CHECKINGZ_typeshed.wsgir r r Warningr rr2objectrrrr0r9rBr[rrrrs&          4 P