|
1 # (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org) |
|
2 # Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php |
|
3 # Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php |
|
4 # Licensed to PSF under a Contributor Agreement |
|
5 """ |
|
6 Middleware to check for obedience to the WSGI specification. |
|
7 |
|
8 Some of the things this checks: |
|
9 |
|
10 * Signature of the application and start_response (including that |
|
11 keyword arguments are not used). |
|
12 |
|
13 * Environment checks: |
|
14 |
|
15 - Environment is a dictionary (and not a subclass). |
|
16 |
|
17 - That all the required keys are in the environment: REQUEST_METHOD, |
|
18 SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, |
|
19 wsgi.multithread, wsgi.multiprocess, wsgi.run_once |
|
20 |
|
21 - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the |
|
22 environment (these headers should appear as CONTENT_LENGTH and |
|
23 CONTENT_TYPE). |
|
24 |
|
25 - Warns if QUERY_STRING is missing, as the cgi module acts |
|
26 unpredictably in that case. |
|
27 |
|
28 - That CGI-style variables (that don't contain a .) have |
|
29 (non-unicode) string values |
|
30 |
|
31 - That wsgi.version is a tuple |
|
32 |
|
33 - That wsgi.url_scheme is 'http' or 'https' (@@: is this too |
|
34 restrictive?) |
|
35 |
|
36 - Warns if the REQUEST_METHOD is not known (@@: probably too |
|
37 restrictive). |
|
38 |
|
39 - That SCRIPT_NAME and PATH_INFO are empty or start with / |
|
40 |
|
41 - That at least one of SCRIPT_NAME or PATH_INFO are set. |
|
42 |
|
43 - That CONTENT_LENGTH is a positive integer. |
|
44 |
|
45 - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should |
|
46 be '/'). |
|
47 |
|
48 - That wsgi.input has the methods read, readline, readlines, and |
|
49 __iter__ |
|
50 |
|
51 - That wsgi.errors has the methods flush, write, writelines |
|
52 |
|
53 * The status is a string, contains a space, starts with an integer, |
|
54 and that integer is in range (> 100). |
|
55 |
|
56 * That the headers is a list (not a subclass, not another kind of |
|
57 sequence). |
|
58 |
|
59 * That the items of the headers are tuples of strings. |
|
60 |
|
61 * That there is no 'status' header (that is used in CGI, but not in |
|
62 WSGI). |
|
63 |
|
64 * That the headers don't contain newlines or colons, end in _ or -, or |
|
65 contain characters codes below 037. |
|
66 |
|
67 * That Content-Type is given if there is content (CGI often has a |
|
68 default content type, but WSGI does not). |
|
69 |
|
70 * That no Content-Type is given when there is no content (@@: is this |
|
71 too restrictive?) |
|
72 |
|
73 * That the exc_info argument to start_response is a tuple or None. |
|
74 |
|
75 * That all calls to the writer are with strings, and no other methods |
|
76 on the writer are accessed. |
|
77 |
|
78 * That wsgi.input is used properly: |
|
79 |
|
80 - .read() is called with zero or one argument |
|
81 |
|
82 - That it returns a string |
|
83 |
|
84 - That readline, readlines, and __iter__ return strings |
|
85 |
|
86 - That .close() is not called |
|
87 |
|
88 - No other methods are provided |
|
89 |
|
90 * That wsgi.errors is used properly: |
|
91 |
|
92 - .write() and .writelines() is called with a string |
|
93 |
|
94 - That .close() is not called, and no other methods are provided. |
|
95 |
|
96 * The response iterator: |
|
97 |
|
98 - That it is not a string (it should be a list of a single string; a |
|
99 string will work, but perform horribly). |
|
100 |
|
101 - That .next() returns a string |
|
102 |
|
103 - That the iterator is not iterated over until start_response has |
|
104 been called (that can signal either a server or application |
|
105 error). |
|
106 |
|
107 - That .close() is called (doesn't raise exception, only prints to |
|
108 sys.stderr, because we only know it isn't called when the object |
|
109 is garbage collected). |
|
110 """ |
|
111 __all__ = ['validator'] |
|
112 |
|
113 |
|
114 import re |
|
115 import sys |
|
116 from types import DictType, StringType, TupleType, ListType |
|
117 import warnings |
|
118 |
|
119 header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$') |
|
120 bad_header_value_re = re.compile(r'[\000-\037]') |
|
121 |
|
122 class WSGIWarning(Warning): |
|
123 """ |
|
124 Raised in response to WSGI-spec-related warnings |
|
125 """ |
|
126 |
|
127 def assert_(cond, *args): |
|
128 if not cond: |
|
129 raise AssertionError(*args) |
|
130 |
|
131 def validator(application): |
|
132 |
|
133 """ |
|
134 When applied between a WSGI server and a WSGI application, this |
|
135 middleware will check for WSGI compliancy on a number of levels. |
|
136 This middleware does not modify the request or response in any |
|
137 way, but will throw an AssertionError if anything seems off |
|
138 (except for a failure to close the application iterator, which |
|
139 will be printed to stderr -- there's no way to throw an exception |
|
140 at that point). |
|
141 """ |
|
142 |
|
143 def lint_app(*args, **kw): |
|
144 assert_(len(args) == 2, "Two arguments required") |
|
145 assert_(not kw, "No keyword arguments allowed") |
|
146 environ, start_response = args |
|
147 |
|
148 check_environ(environ) |
|
149 |
|
150 # We use this to check if the application returns without |
|
151 # calling start_response: |
|
152 start_response_started = [] |
|
153 |
|
154 def start_response_wrapper(*args, **kw): |
|
155 assert_(len(args) == 2 or len(args) == 3, ( |
|
156 "Invalid number of arguments: %s" % (args,))) |
|
157 assert_(not kw, "No keyword arguments allowed") |
|
158 status = args[0] |
|
159 headers = args[1] |
|
160 if len(args) == 3: |
|
161 exc_info = args[2] |
|
162 else: |
|
163 exc_info = None |
|
164 |
|
165 check_status(status) |
|
166 check_headers(headers) |
|
167 check_content_type(status, headers) |
|
168 check_exc_info(exc_info) |
|
169 |
|
170 start_response_started.append(None) |
|
171 return WriteWrapper(start_response(*args)) |
|
172 |
|
173 environ['wsgi.input'] = InputWrapper(environ['wsgi.input']) |
|
174 environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors']) |
|
175 |
|
176 iterator = application(environ, start_response_wrapper) |
|
177 assert_(iterator is not None and iterator != False, |
|
178 "The application must return an iterator, if only an empty list") |
|
179 |
|
180 check_iterator(iterator) |
|
181 |
|
182 return IteratorWrapper(iterator, start_response_started) |
|
183 |
|
184 return lint_app |
|
185 |
|
186 class InputWrapper: |
|
187 |
|
188 def __init__(self, wsgi_input): |
|
189 self.input = wsgi_input |
|
190 |
|
191 def read(self, *args): |
|
192 assert_(len(args) <= 1) |
|
193 v = self.input.read(*args) |
|
194 assert_(type(v) is type("")) |
|
195 return v |
|
196 |
|
197 def readline(self): |
|
198 v = self.input.readline() |
|
199 assert_(type(v) is type("")) |
|
200 return v |
|
201 |
|
202 def readlines(self, *args): |
|
203 assert_(len(args) <= 1) |
|
204 lines = self.input.readlines(*args) |
|
205 assert_(type(lines) is type([])) |
|
206 for line in lines: |
|
207 assert_(type(line) is type("")) |
|
208 return lines |
|
209 |
|
210 def __iter__(self): |
|
211 while 1: |
|
212 line = self.readline() |
|
213 if not line: |
|
214 return |
|
215 yield line |
|
216 |
|
217 def close(self): |
|
218 assert_(0, "input.close() must not be called") |
|
219 |
|
220 class ErrorWrapper: |
|
221 |
|
222 def __init__(self, wsgi_errors): |
|
223 self.errors = wsgi_errors |
|
224 |
|
225 def write(self, s): |
|
226 assert_(type(s) is type("")) |
|
227 self.errors.write(s) |
|
228 |
|
229 def flush(self): |
|
230 self.errors.flush() |
|
231 |
|
232 def writelines(self, seq): |
|
233 for line in seq: |
|
234 self.write(line) |
|
235 |
|
236 def close(self): |
|
237 assert_(0, "errors.close() must not be called") |
|
238 |
|
239 class WriteWrapper: |
|
240 |
|
241 def __init__(self, wsgi_writer): |
|
242 self.writer = wsgi_writer |
|
243 |
|
244 def __call__(self, s): |
|
245 assert_(type(s) is type("")) |
|
246 self.writer(s) |
|
247 |
|
248 class PartialIteratorWrapper: |
|
249 |
|
250 def __init__(self, wsgi_iterator): |
|
251 self.iterator = wsgi_iterator |
|
252 |
|
253 def __iter__(self): |
|
254 # We want to make sure __iter__ is called |
|
255 return IteratorWrapper(self.iterator, None) |
|
256 |
|
257 class IteratorWrapper: |
|
258 |
|
259 def __init__(self, wsgi_iterator, check_start_response): |
|
260 self.original_iterator = wsgi_iterator |
|
261 self.iterator = iter(wsgi_iterator) |
|
262 self.closed = False |
|
263 self.check_start_response = check_start_response |
|
264 |
|
265 def __iter__(self): |
|
266 return self |
|
267 |
|
268 def next(self): |
|
269 assert_(not self.closed, |
|
270 "Iterator read after closed") |
|
271 v = self.iterator.next() |
|
272 if self.check_start_response is not None: |
|
273 assert_(self.check_start_response, |
|
274 "The application returns and we started iterating over its body, but start_response has not yet been called") |
|
275 self.check_start_response = None |
|
276 return v |
|
277 |
|
278 def close(self): |
|
279 self.closed = True |
|
280 if hasattr(self.original_iterator, 'close'): |
|
281 self.original_iterator.close() |
|
282 |
|
283 def __del__(self): |
|
284 if not self.closed: |
|
285 sys.stderr.write( |
|
286 "Iterator garbage collected without being closed") |
|
287 assert_(self.closed, |
|
288 "Iterator garbage collected without being closed") |
|
289 |
|
290 def check_environ(environ): |
|
291 assert_(type(environ) is DictType, |
|
292 "Environment is not of the right type: %r (environment: %r)" |
|
293 % (type(environ), environ)) |
|
294 |
|
295 for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT', |
|
296 'wsgi.version', 'wsgi.input', 'wsgi.errors', |
|
297 'wsgi.multithread', 'wsgi.multiprocess', |
|
298 'wsgi.run_once']: |
|
299 assert_(key in environ, |
|
300 "Environment missing required key: %r" % (key,)) |
|
301 |
|
302 for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']: |
|
303 assert_(key not in environ, |
|
304 "Environment should not have the key: %s " |
|
305 "(use %s instead)" % (key, key[5:])) |
|
306 |
|
307 if 'QUERY_STRING' not in environ: |
|
308 warnings.warn( |
|
309 'QUERY_STRING is not in the WSGI environment; the cgi ' |
|
310 'module will use sys.argv when this variable is missing, ' |
|
311 'so application errors are more likely', |
|
312 WSGIWarning) |
|
313 |
|
314 for key in environ.keys(): |
|
315 if '.' in key: |
|
316 # Extension, we don't care about its type |
|
317 continue |
|
318 assert_(type(environ[key]) is StringType, |
|
319 "Environmental variable %s is not a string: %r (value: %r)" |
|
320 % (key, type(environ[key]), environ[key])) |
|
321 |
|
322 assert_(type(environ['wsgi.version']) is TupleType, |
|
323 "wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],)) |
|
324 assert_(environ['wsgi.url_scheme'] in ('http', 'https'), |
|
325 "wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme']) |
|
326 |
|
327 check_input(environ['wsgi.input']) |
|
328 check_errors(environ['wsgi.errors']) |
|
329 |
|
330 # @@: these need filling out: |
|
331 if environ['REQUEST_METHOD'] not in ( |
|
332 'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'): |
|
333 warnings.warn( |
|
334 "Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'], |
|
335 WSGIWarning) |
|
336 |
|
337 assert_(not environ.get('SCRIPT_NAME') |
|
338 or environ['SCRIPT_NAME'].startswith('/'), |
|
339 "SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME']) |
|
340 assert_(not environ.get('PATH_INFO') |
|
341 or environ['PATH_INFO'].startswith('/'), |
|
342 "PATH_INFO doesn't start with /: %r" % environ['PATH_INFO']) |
|
343 if environ.get('CONTENT_LENGTH'): |
|
344 assert_(int(environ['CONTENT_LENGTH']) >= 0, |
|
345 "Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH']) |
|
346 |
|
347 if not environ.get('SCRIPT_NAME'): |
|
348 assert_(environ.has_key('PATH_INFO'), |
|
349 "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO " |
|
350 "should at least be '/' if SCRIPT_NAME is empty)") |
|
351 assert_(environ.get('SCRIPT_NAME') != '/', |
|
352 "SCRIPT_NAME cannot be '/'; it should instead be '', and " |
|
353 "PATH_INFO should be '/'") |
|
354 |
|
355 def check_input(wsgi_input): |
|
356 for attr in ['read', 'readline', 'readlines', '__iter__']: |
|
357 assert_(hasattr(wsgi_input, attr), |
|
358 "wsgi.input (%r) doesn't have the attribute %s" |
|
359 % (wsgi_input, attr)) |
|
360 |
|
361 def check_errors(wsgi_errors): |
|
362 for attr in ['flush', 'write', 'writelines']: |
|
363 assert_(hasattr(wsgi_errors, attr), |
|
364 "wsgi.errors (%r) doesn't have the attribute %s" |
|
365 % (wsgi_errors, attr)) |
|
366 |
|
367 def check_status(status): |
|
368 assert_(type(status) is StringType, |
|
369 "Status must be a string (not %r)" % status) |
|
370 # Implicitly check that we can turn it into an integer: |
|
371 status_code = status.split(None, 1)[0] |
|
372 assert_(len(status_code) == 3, |
|
373 "Status codes must be three characters: %r" % status_code) |
|
374 status_int = int(status_code) |
|
375 assert_(status_int >= 100, "Status code is invalid: %r" % status_int) |
|
376 if len(status) < 4 or status[3] != ' ': |
|
377 warnings.warn( |
|
378 "The status string (%r) should be a three-digit integer " |
|
379 "followed by a single space and a status explanation" |
|
380 % status, WSGIWarning) |
|
381 |
|
382 def check_headers(headers): |
|
383 assert_(type(headers) is ListType, |
|
384 "Headers (%r) must be of type list: %r" |
|
385 % (headers, type(headers))) |
|
386 header_names = {} |
|
387 for item in headers: |
|
388 assert_(type(item) is TupleType, |
|
389 "Individual headers (%r) must be of type tuple: %r" |
|
390 % (item, type(item))) |
|
391 assert_(len(item) == 2) |
|
392 name, value = item |
|
393 assert_(name.lower() != 'status', |
|
394 "The Status header cannot be used; it conflicts with CGI " |
|
395 "script, and HTTP status is not given through headers " |
|
396 "(value: %r)." % value) |
|
397 header_names[name.lower()] = None |
|
398 assert_('\n' not in name and ':' not in name, |
|
399 "Header names may not contain ':' or '\\n': %r" % name) |
|
400 assert_(header_re.search(name), "Bad header name: %r" % name) |
|
401 assert_(not name.endswith('-') and not name.endswith('_'), |
|
402 "Names may not end in '-' or '_': %r" % name) |
|
403 if bad_header_value_re.search(value): |
|
404 assert_(0, "Bad header value: %r (bad char: %r)" |
|
405 % (value, bad_header_value_re.search(value).group(0))) |
|
406 |
|
407 def check_content_type(status, headers): |
|
408 code = int(status.split(None, 1)[0]) |
|
409 # @@: need one more person to verify this interpretation of RFC 2616 |
|
410 # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html |
|
411 NO_MESSAGE_BODY = (204, 304) |
|
412 for name, value in headers: |
|
413 if name.lower() == 'content-type': |
|
414 if code not in NO_MESSAGE_BODY: |
|
415 return |
|
416 assert_(0, ("Content-Type header found in a %s response, " |
|
417 "which must not return content.") % code) |
|
418 if code not in NO_MESSAGE_BODY: |
|
419 assert_(0, "No Content-Type header found in headers (%s)" % headers) |
|
420 |
|
421 def check_exc_info(exc_info): |
|
422 assert_(exc_info is None or type(exc_info) is type(()), |
|
423 "exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info))) |
|
424 # More exc_info checks? |
|
425 |
|
426 def check_iterator(iterator): |
|
427 # Technically a string is legal, which is why it's a really bad |
|
428 # idea, because it may cause the response to be returned |
|
429 # character-by-character |
|
430 assert_(not isinstance(iterator, str), |
|
431 "You should not return a string as your application iterator, " |
|
432 "instead return a single-item list containing that string.") |