o f:@sdZdgZddlZddlZddlZedZedZGdddeZ dd Z d d Z d dZ Gd ddZ GdddZGdddZGdddZGdddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&ZdS)'a& Middleware to check for obedience to the WSGI specification. Some of the things this checks: * Signature of the application and start_response (including that keyword arguments are not used). * Environment checks: - Environment is a dictionary (and not a subclass). - That all the required keys are in the environment: REQUEST_METHOD, SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, wsgi.multithread, wsgi.multiprocess, wsgi.run_once - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the environment (these headers should appear as CONTENT_LENGTH and CONTENT_TYPE). - Warns if QUERY_STRING is missing, as the cgi module acts unpredictably in that case. - That CGI-style variables (that don't contain a .) have (non-unicode) string values - That wsgi.version is a tuple - That wsgi.url_scheme is 'http' or 'https' (@@: is this too restrictive?) - Warns if the REQUEST_METHOD is not known (@@: probably too restrictive). - That SCRIPT_NAME and PATH_INFO are empty or start with / - That at least one of SCRIPT_NAME or PATH_INFO are set. - That CONTENT_LENGTH is a positive integer. - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should be '/'). - That wsgi.input has the methods read, readline, readlines, and __iter__ - That wsgi.errors has the methods flush, write, writelines * The status is a string, contains a space, starts with an integer, and that integer is in range (> 100). * That the headers is a list (not a subclass, not another kind of sequence). * That the items of the headers are tuples of strings. * That there is no 'status' header (that is used in CGI, but not in WSGI). * That the headers don't contain newlines or colons, end in _ or -, or contain characters codes below 037. * That Content-Type is given if there is content (CGI often has a default content type, but WSGI does not). * That no Content-Type is given when there is no content (@@: is this too restrictive?) * That the exc_info argument to start_response is a tuple or None. * That all calls to the writer are with strings, and no other methods on the writer are accessed. * That wsgi.input is used properly: - .read() is called with exactly one argument - That it returns a string - That readline, readlines, and __iter__ return strings - That .close() is not called - No other methods are provided * That wsgi.errors is used properly: - .write() and .writelines() is called with a string - That .close() is not called, and no other methods are provided. * The response iterator: - That it is not a string (it should be a list of a single string; a string will work, but perform horribly). - That .__next__() returns a string - That the iterator is not iterated over until start_response has been called (that can signal either a server or application error). - That .close() is called (doesn't raise exception, only prints to sys.stderr, because we only know it isn't called when the object is garbage collected). validatorNz^[a-zA-Z][a-zA-Z0-9\-_]*$z [\000-\037]c@seZdZdZdS) WSGIWarningz: Raised in response to WSGI-spec-related warnings N)__name__ __module__ __qualname____doc__rr'/usr/lib/python3.10/wsgiref/validate.pyrysrcGs|st|dSN)AssertionError)condargsrrr assert_~srcCs$t|tur|Std|t|)Nz!{0} must be of type str (got {1}))typestrr formatrepr)valuetitlerrr check_string_types rcsfdd}|S)a When applied between a WSGI server and a WSGI application, this middleware will check for WSGI compliance on a number of levels. This middleware does not modify the request or response in any way, but will raise an AssertionError if anything seems off (except for a failure to close the application iterator, which will be printed to stderr -- there's no way to raise an exception at that point). cstt|dkdt| d|\}t|gfdd}t|d|d<t|d|d<||}t|duo=|dkd t|t|S) NzTwo arguments requiredNo keyword arguments allowedcstt|dkp t|dkd|ft| d|d}|d}t|dkr+|d}nd}t|t|t||t|dt|S)NrzInvalid number of arguments: %srr)rlen check_status check_headerscheck_content_typecheck_exc_infoappend WriteWrapper)r kwstatusheadersexc_infostart_responsestart_response_startedrr start_response_wrappers      z;validator..lint_app..start_response_wrapper wsgi.input wsgi.errorsFz>The application must return an iterator, if only an empty list)rr check_environ InputWrapper ErrorWrappercheck_iteratorIteratorWrapper)r r!environr(iterator applicationr%r lint_apps   zvalidator..lint_appr)r3r4rr2r rs )c@s<eZdZddZddZddZddZd d Zd d Zd S)r,cC ||_dSr )input)self wsgi_inputrrr __init__ zInputWrapper.__init__cGs0tt|dk|jj|}tt|tu|SNr)rrr6readrbytesr7r vrrr r< zInputWrapper.readcGs0tt|dk|jj|}tt|tu|Sr;)rrr6readlinerr=r>rrr rAr@zInputWrapper.readlinecGsJtt|dk|jj|}tt|tu|D] }tt|tuq|Sr;)rrr6 readlinesrlistr=)r7r lineslinerrr rBs  zInputWrapper.readlinesccs |}|s dS|Vqr )rA)r7rErrr __iter__szInputWrapper.__iter__cCtdddS)Nrz input.close() must not be calledrr7rrr closezInputWrapper.closeN) rrrr9r<rArBrFrJrrrr r,s r,c@4eZdZddZddZddZddZd d Zd S) r-cCr5r )errors)r7 wsgi_errorsrrr r9r:zErrorWrapper.__init__cCs tt|tu|j|dSr )rrrrMwriter7srrr rOszErrorWrapper.writecCs|jdSr )rMflushrIrrr rRrKzErrorWrapper.flushcCs|D]}||qdSr )rO)r7seqrErrr writeliness zErrorWrapper.writelinescCrG)Nrz!errors.close() must not be calledrHrIrrr rJrKzErrorWrapper.closeN)rrrr9rOrRrTrJrrrr r-s  r-c@eZdZddZddZdS)r cCr5r )writer)r7 wsgi_writerrrr r9r:zWriteWrapper.__init__cCstt|tu||dSr )rrr=rVrPrrr __call__szWriteWrapper.__call__N)rrrr9rXrrrr r  r c@rU)PartialIteratorWrappercCr5r r1)r7 wsgi_iteratorrrr r9r:zPartialIteratorWrapper.__init__cCs t|jdSr )r/r1rIrrr rFs zPartialIteratorWrapper.__iter__N)rrrr9rFrrrr rZrYrZc@rL) r/cCs ||_t||_d|_||_dS)NF)original_iteratoriterr1closedcheck_start_response)r7r\r`rrr r9 s  zIteratorWrapper.__init__cCs|Sr rrIrrr rFszIteratorWrapper.__iter__cCsTt|j dt|j}t|turtdd|f|jdur(t|jdd|_|S)NzIterator read after closedFz$Iterator yielded non-bytestring (%r)zjThe application returns and we started iterating over its body, but start_response has not yet been called)rr_nextr1rr=r`)r7r?rrr __next__s   zIteratorWrapper.__next__cCs$d|_t|jdr|jdSdS)NTrJ)r_hasattrr]rJrIrrr rJs zIteratorWrapper.closecCs"|js tjdt|jddS)Nz/Iterator garbage collected without being closed)r_sysstderrrOrrIrrr __del__#szIteratorWrapper.__del__N)rrrr9rFrbrJrfrrrr r/s  r/cCstt|tudt||fdD] }t||vd|fqdD]}t||vd||ddfq d|vrtdd|dSdS) Nrrr)i0rz content-typezJContent-Type header found in a %s response, which must not return content.z,No Content-Type header found in headers (%s))rrrrr)r"r#codeNO_MESSAGE_BODYrrrrr rs    rcCs*t|dup t|tud|t|fdS)Nz exc_info (%r) is not a tuple: %r)rrr)r$rrr rsrcCstt|ttf ddS)NzwYou should not return a string as your application iterator, instead return a single-item list containing a bytestring.)r isinstancerr=r[rrr r.sr.)r__all__rerdrcompilerrWarningrrrrr,r-r rZr/r+rrrrrrr.rrrr s0j  7#  #A