OwlCyberSecurity - MANAGER

Edit File: validate.cpython-36.pyc

3 � \;;������������������@���s����d�Z�d
g
Z
ddlZddlZddlZejd�
Zejd�
ZG�dd��de�Z dd ��Z d d��Zdd
��ZG�d d��d�Z G�dd��d�ZG�dd��d�ZG�dd��d�ZG�dd��d�Zdd��Zdd��Zdd��Zdd��Zdd ��Zd!d"��Zd#d$��Zd%d&��ZdS�)'a&�� Middleware to check for obedience to the WSGI specification. Some of the things this checks: * Signature of the application and start_response (including that keyword arguments are not used). * Environment checks: - Environment is a dictionary (and not a subclass). - That all the required keys are in the environment: REQUEST_METHOD, SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, wsgi.multithread, wsgi.multiprocess, wsgi.run_once - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the environment (these headers should appear as CONTENT_LENGTH and CONTENT_TYPE). - Warns if QUERY_STRING is missing, as the cgi module acts unpredictably in that case. - That CGI-style variables (that don't contain a .) have (non-unicode) string values - That wsgi.version is a tuple - That wsgi.url_scheme is 'http' or 'https' (@@: is this too restrictive?) - Warns if the REQUEST_METHOD is not known (@@: probably too restrictive). - That SCRIPT_NAME and PATH_INFO are empty or start with / - That at least one of SCRIPT_NAME or PATH_INFO are set. - That CONTENT_LENGTH is a positive integer. - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should be '/'). - That wsgi.input has the methods read, readline, readlines, and __iter__ - That wsgi.errors has the methods flush, write, writelines * The status is a string, contains a space, starts with an integer, and that integer is in range (> 100). * That the headers is a list (not a subclass, not another kind of sequence). * That the items of the headers are tuples of strings. * That there is no 'status' header (that is used in CGI, but not in WSGI). * That the headers don't contain newlines or colons, end in _ or -, or contain characters codes below 037. * That Content-Type is given if there is content (CGI often has a default content type, but WSGI does not). * That no Content-Type is given when there is no content (@@: is this too restrictive?) * That the exc_info argument to start_response is a tuple or None. * That all calls to the writer are with strings, and no other methods on the writer are accessed. * That wsgi.input is used properly: - .read() is called with zero or one argument - That it returns a string - That readline, readlines, and __iter__ return strings - That .close() is not called - No other methods are provided * That wsgi.errors is used properly: - .write() and .writelines() is called with a string - That .close() is not called, and no other methods are provided. * The response iterator: - That it is not a string (it should be a list of a single string; a string will work, but perform horribly). - That .__next__() returns a string - That the iterator is not iterated over until start_response has been called (that can signal either a server or application error). - That .close() is called (doesn't raise exception, only prints to sys.stderr, because we only know it isn't called when the object is garbage collected). � validator�����Nz^[a-zA-Z][a-zA-Z0-9\-_]*$z[\000-\037]c������������
���@���s���e�Z
d�Zd
ZdS�)�WSGIWarningz: Raised in response to WSGI-spec-related warnings N)�__name__� __module__�__qualname__�__doc__��r���r����(/usr/lib64/python3.6/wsgiref/validate.pyr���y���s���r���c
�������������G���s���|�st�|
���
d�S�)
N)
�AssertionError)Zcond�argsr���r���r ����assert_~���s����

r���c�������������C���s(���t�|��
t
kr|�S�td
j|
t|��
��
�
d�S�)Nz!{0} must be of type str (got {1}))�type�strr ����format�repr)�value�titler���r���r ����check_string_type����s����



r���c
����������������s�����f
d
d�}
|
S�)a�
�� When applied between a WSGI server and a WSGI application, this middleware will check for WSGI compliancy on a number of levels. This middleware does not modify the request or response in any way, but will raise an AssertionError if anything seems off (except for a failure to close the application iterator, which will be printed to stderr -- there's no way to raise an exception at that point). c�����������������s����t�t
|��
d
kd�
�t�|
�d�
�|�\}��t|�

�g��
���
fdd�}t|d��
|d<�t|d��
|d<��||�}t�|d�k oz|dkd �
�t|�

�t|�
�S�) N����zTwo arguments requiredzNo keyword arguments allowedc�����������������s����t�t
|��
d
kpt
|��
dkd|�f
��
�t�|
�d�
�|�d�}|�d�}t
|��
dkrV|�d
�}nd�}t|�

�t|�

�t||�
�t|�

��
jd��

�t��|����
S�)Nr�������zInvalid number of arguments: %szNo keyword arguments allowedr����
���)r����len�check_status� check_headers�check_content_type�check_exc_info�append�WriteWrapper)r����kw�status�headers�exc_info)�start_response�start_response_startedr���r ����start_response_wrapper����s����










z;validator.<locals>.lint_app.<locals>.start_response_wrapperz wsgi.inputzwsgi.errorsFz>The application must return an iterator, if only an empty list)r���r���� check_environ�InputWrapper�ErrorWrapper�check_iterator�IteratorWrapper)r���r����environr$����iterator)
�application)r"���r#���r ����lint_app����s����





zvalidator.<locals>.lint_appr���)r,���r-���r���)
r,���r ���r
�������s����)c���������������@���s<���e�Z
d�Zd
d��Zdd��Zdd��Zdd��Zd d ��Zdd��Zd S�)r&���c�������������C���s ���|
|�_�d�S�)
N)
�input)�self� wsgi_inputr���r���r ����__init__����s����
zInputWrapper.__init__c
�������������G���s0���t�t
|
�
d
k�

�|�jj|
��}t�t|�
tk�

�|S�)Nr���)r���r���r.����readr ����bytes)r/���r����
vr���r���r ���r2�������s����



zInputWrapper.readc
�������������G���s0���t�t
|
�
d
k
�

�|�jj|
��}t�t|�
tk�

�|S�)Nr���)r���r���r.����readliner ���r3���)r/���r���r4���r���r���r ���r5�������s����



zInputWrapper.readlinec
�������������G���sN���t�t
|
�
d
k
�

�|�jj|
��}t�t|�
tk�

�x|D�]}t�t|�
tk�

�q2W�|S�)Nr���)r���r���r.���� readlinesr ����listr3���)r/���r����lines�liner���r���r ���r6�������s����





zInputWrapper.readlinesc
����������
���c���s ���x|�j���}
|
sd�S�|
V�
�qW�d�S�)
N)
r5���)r/���r9���r���r���r ����__iter__����s ����




zInputWrapper.__iter__c
�������
������C���s���t�d
d�
�d�S�)Nr���z input.close() must not be called)
r���)
r/���r���r���r ����close����s����
zInputWrapper.closeN) r���r���r���r1���r2���r5���r6���r:���r;���r���r���r���r ���r&�������s���r&���c���������������@���s4���e�Z
d�Zd
d��Zdd��Zdd��Zdd��Zd d ��ZdS�)r'���c�������������C���s ���|
|�_�d�S�)
N)
�errors)r/����wsgi_errorsr���r���r ���r1�������s����
zErrorWrapper.__init__c�������������C���s ���t�t
|
�
tk�

�|�jj|
�

�d�S�)
N)r���r ���r���r<����write)r/����
sr���r���r ���r>�������s����

zErrorWrapper.writec
�������
���
���C���s���|�j�j
��
�d�S�)
N)r<����flush)
r/���r���r���r ���r@�������s����
zErrorWrapper.flushc�������������C���s���x|
D�]}|�j�|�

�qW�d�S�)
N)
r>���)r/����seqr9���r���r���r ���� writelines����s����

zErrorWrapper.writelinesc
�������
������C���s���t�d
d�
�d�S�)Nr���z!errors.close() must not be called)
r���)
r/���r���r���r ���r;�������s����
zErrorWrapper.closeN)r���r���r���r1���r>���r@���rB���r;���r���r���r���r ���r'�������s ���r'���c���������������@���s���e�Z
d�Zd
d��Zdd��ZdS�)r���c�������������C���s ���|
|�_�d�S�)
N)
�writer)r/���Zwsgi_writerr���r���r ���r1�������s����
zWriteWrapper.__init__c�������������C���s���t�t
|
�
tk�

�|�j|
�

�d�S�)
N)r���r ���r3���rC���)r/���r?���r���r���r ����__call__����s����

zWriteWrapper.__call__N)r���r���r���r1���rD���r���r���r���r ���r�������s���r���c���������������@���s���e�Z
d�Zd
d��Zdd��ZdS�)�PartialIteratorWrapperc�������������C���s ���|
|�_�d�S�)
N)
r+���)r/���� wsgi_iteratorr���r���r ���r1����
��s����
zPartialIteratorWrapper.__init__c
�������
������C���s���t�|�j
d��S�)
N)r)���r+���)
r/���r���r���r ���r:���
��s����zPartialIteratorWrapper.__iter__N)r���r���r���r1���r:���r���r���r���r ���rE�������s���rE���c���������������@���s4���e�Z
d�Zd
d��Zdd��Zdd��Zdd��Zd d ��ZdS�)r)���c�������������C���s ���|
|�_�t
|
�
|�_d
|�_||�_d�S�)NF)�original_iterator�iterr+����closed�check_start_response)r/���rF���rJ���r���r���r ���r1���
��s����



zIteratorWrapper.__init__c
�������
���
���C���s���|�S�)
Nr���)
r/���r���r���r ���r:���
��s����
zIteratorWrapper.__iter__c
�������������C���sT���t�|�j
�d
�
�t|�j�
}
t|
�
tk r4t�dd|
f
��
�|�jd�k rPt�|�jd�
�d�|�_|
S�)NzIterator read after closedFz$Iterator yielded non-bytestring (%r)zjThe application returns and we started iterating over its body, but start_response has not yet been called)r���rI����nextr+���r ���r3���rJ���)r/���r4���r���r���r ����__next__
��s����









zIteratorWrapper.__next__c
�������
������C���s ���d
|�_�t
|�jd�r|�jj��
�d�S�)NTr;���)rI����hasattrrG���r;���)
r/���r���r���r ���r;���
��s����


zIteratorWrapper.closec
�������
������C���s"���|�j�st
jjd
�

�t|�j�d
�
�d�S�)Nz/Iterator garbage collected without being closed)rI����sys�stderrr>���r���)
r/���r���r���r ����__del__#
��s ����




zIteratorWrapper.__del__N)r���r���r���r1���r:���rL���r;���rP���r���r���r���r ���r)���
��s ���r)���c
���������� ���C���s�
��t�t
|��
tkd
t
|��
|�f��
�x d,D�]}
t�|
|�kd|
f
��
�q$W�x*d-D�]"}
t�|
|�kd|
|
dd���f��
�qFW�d|�kr�tjdt�
�xF|�j��D�]:}
d|
kr�q�t�t
|�|
��
tkd|
t
|�|
��
|�|
�f��
�q�W�t�t
|�d��
tkd|�d�f
��
�t�|�d�d.kd|�d���
�t |�d��

�t |�d��

�|�d�d/k�
r<tjd!|�d��t�
�t�|�jd"�
��
pX|�d"�jd#�
d$|�d"���
�t�|�jd%�
��
p�|�d%�jd#�
d&|�d%���
�|�jd'�
�
r�t�t |�d'��
d(kd)|�d'���
�|�jd"�
�
s�t�d%|�kd*�
�t�|�jd"�
d#kd+�
�d�S�)0Nz:Environment is not of the right type: %r (environment: %r)�REQUEST_METHOD�SERVER_NAME�SERVER_PORT�wsgi.version� wsgi.input�wsgi.errors�wsgi.multithread�wsgi.multiprocess� wsgi.run_oncez$Environment missing required key: %r�HTTP_CONTENT_TYPE�HTTP_CONTENT_LENGTHz8Environment should not have the key: %s (use %s instead)����ZQUERY_STRINGz�QUERY_STRING is not in the WSGI environment; the cgi module will use sys.argv when this variable is missing, so application errors are more likely�
.z9Environmental variable %s is not a string: %r (value: %r)z#wsgi.version should be a tuple (%r)zwsgi.url_scheme�http�httpszwsgi.url_scheme unknown: %r�GET�HEAD�POST�OPTIONS�PATCH�PUT�DELETE�TRACEzUnknown REQUEST_METHOD: %rZSCRIPT_NAME�
/z$SCRIPT_NAME doesn't start with /: %rZ PATH_INFOz"PATH_INFO doesn't start with /: %rZCONTENT_LENGTHr���zInvalid CONTENT_LENGTH: %rzgOne of SCRIPT_NAME or PATH_INFO are required (PATH_INFO should at least be '/' if SCRIPT_NAME is empty)zOSCRIPT_NAME cannot be '/'; it should instead be '', and PATH_INFO should be '/') rQ���rR���rS���rT���rU���rV���rW���rX���rY���)rZ���r[���)r^���r_���)r`���ra���rb���rc���rd���re���rf���rg���)r���r ����dict�warnings�warnr����keysr����tuple�check_input�check_errors�get� startswith�int)r*����keyr���r���r ���r%���*
��s`����



�
�






























r%���c
�������������C���s*���x$dD�]}
t�t
|�|
�d|�|
f��
�qW�d�S�)Nr2���r5���r6���r:���z-wsgi.input (%r) doesn't have the attribute %s)r2���r5���r6���r:���)r���rM���)r0����attrr���r���r ���rn���k
��s����



rn���c
�������������C���s*���x$dD�]}
t�t
|�|
�d|�|
f��
�qW�d�S�)Nr@���r>���rB���z.wsgi.errors (%r) doesn't have the attribute %s)r@���r>���rB���)r���rM���)r=���rt���r���r���r ���ro���q
��s����



ro���c
�������������C���sv���t�|�d
�}�|�j
d�d�d�}
tt|
�
dkd|
��
�t|
�
}t|dkd|��
�t|��
dk�sb|�d�d krrtjd |��t�
�d�S�)N�Statusr���r���r���z)Status codes must be three characters: %r�d���zStatus code is invalid: %r�����
zjThe status string (%r) should be a three-digit integer followed by a single space and a status explanation)r����splitr���r���rr���rj���rk���r���)r���Zstatus_codeZ status_intr���r���r ���r���w
��s����







r���c
�������������C���s
��t�t
|��
tkd
|�t
|��
f��
�i�}
x�|�D�]�}t�t
|�
tkd|t
|�
f��
�t�t|�
dk�

�|\}}t|d�}t|d�}t�|j��dkd|��
�d�|
|j��<�t�d|ko�d |kd |��
�t�tj|�
d|��
�t�|j d�
�o�|j d �
�d|��
�t j|�
r(t�dd|t j|�
jd�
f��
�q(W�d�S�)Nz%Headers (%r) must be of type list: %rz1Individual headers (%r) must be of type tuple: %rr���zHeader namezHeader valuer���zyThe Status header cannot be used; it conflicts with CGI script, and HTTP status is not given through headers (value: %r).�
�
:z,Header names may not contain ':' or '\n': %rzBad header name: %r�
-�
_z#Names may not end in '-' or '_': %rr���z#Bad header value: %r (bad char: %r))r���r ���r7���rm���r���r����lower� header_re�search�endswith�bad_header_value_re�group)r ���Zheader_names�item�namer���r���r���r ���r����
��s0����






















r���c�������������C���s~���t�|�d
�}�t
|�jd�d�d��
}d }x@|
D�]8\}}t�|d�}|j��dkr(||krRd�S�tdd|��
�q(W�||krztdd |
��
�d�S�)Nru���r���r���������0
��zHeader namezcontent-typezJContent-Type header found in a %s response, which must not return content.z,No Content-Type header found in headers (%s))r����r����)r���rr���ry���r~���r���)r���r ����codeZNO_MESSAGE_BODYr����r���r���r���r ���r����
��s����










r���c
�������
������C���s*���t�|�d�kpt
|��
tkd
|�t
|��
f��
�d�S�)Nz exc_info (%r) is not a tuple: %r)r���r ���rm���)
r!���r���r���r ���r����
��s����

r���c
�������
������C���s���t�t
|�ttf��d
�
�d�S�)NzwYou should not return a string as your application iterator, instead return a single-item list containing a bytestring.)r���� isinstancer���r3���)
r+���r���r���r ���r(����
��s����
r(���)r����__all__�rerN���rj����compiler���r�����Warningr���r���r���r
���r&���r'���r���rE���r)���r%���rn���ro���r���r���r���r���r(���r���r���r���r ����<module>n���s.���



7#  #A