d6 ldZddlZddlmZddlmZddlmZddl m Z ddl m Z dd l mZejrdd lmZdd lmZdd lmZGd deZGddeZefdededejddfdZGddZGddZGddZGddZGddZdS) a WSGI Protocol Linter ==================== This module provides a middleware that performs sanity checks on the behavior of the WSGI server and application. It checks that the :pep:`3333` WSGI spec is properly implemented. It also warns on some common HTTP errors such as non-empty responses for 304 status codes. .. autoclass:: LintMiddleware :copyright: 2007 Pallets :license: BSD-3-Clause N) TracebackType)urlparse)warn)Headers)is_entity_header) FileWrapper) StartResponse)WSGIApplication)WSGIEnvironmentceZdZdZdS) WSGIWarningz Warning class for WSGI warnings.N__name__ __module__ __qualname____doc__8lib/python3.11/site-packages/werkzeug/middleware/lint.pyrr****rrceZdZdZdS) HTTPWarningz Warning class for HTTP warnings.Nrrrrrr"rrrcontextobjneedreturnc t||ur9t|d|jdt|jdtddSdS)Nz requires z, got . stacklevel)typerrr)rrrs r check_typer$&sm Cyy   R RDM R R499;M R R R         rceZdZdejeddfdZdejdefdZdejdefdZ dej efdZ d d Z dS) InputStreamstreamrNc||_dSN_streamselfr's r__init__zInputStream.__init__0  rargsct|dkrtdtdn*t|dkrtdtd|jj|S)NrzWSGI does not guarantee an EOF marker on the input stream, thus making calls to 'wsgi.input.read()' unsafe. Conforming servers may never return from this call.rr!z2Too many parameters passed to 'wsgi.input.read()'.)lenrrr+readr-r0s rr4zInputStream.read3s t99>  *      YY!^  D     !t| $''rct|dkrtdtdn:t|dkrtdtdntd|jj|S)Nrz_Calls to 'wsgi.input.readline()' without arguments are unsafe. Use 'wsgi.input.read()' instead.rr!r2z~'wsgi.input.readline()' was called with a size hint. WSGI does not support this, although it's available on all major servers.z5Too many arguments passed to 'wsgi.input.readline()'.)r3rr TypeErrorr+readliner5s rr8zInputStream.readlineDs t99> U 0       YY!^ U O      STT T$t|$d++rc t|jS#t$r)tdtdtdcYSwxYw)Nz'wsgi.input' is not iterable.rr!r)iterr+r7rrr-s r__iter__zInputStream.__iter__WsW  %% %    0+! L L L L88OOO s0A A cftdtd|jdS)Nz(The application closed the input stream!rr!rrr+closer;s rr?zInputStream.close^3 7QRSSSS rrN) rrrtIObytesr.Anyr4r8Iteratorr<r?rrrr&r&/sqtE{t(!%(E((((",ae,,,,,&!*U+rr&czeZdZdejeddfdZdeddfdZd dZdej eddfd Z d d Z dS) ErrorStreamr'rNc||_dSr)r*r,s rr.zErrorStream.__init__dr/rscftd|t|j|dS)Nzwsgi.error.write())r$strr+writer-rJs rrMzErrorStream.writegs1'C000 1rc8|jdSr))r+flushr;s rrPzErrorStream.flushks rseqc:|D]}||dSr))rM)r-rQlines r writelineszErrorStream.writelinesns0  D JJt      rcftdtd|jdS)Nz(The application closed the error stream!rr!r>r;s rr?zErrorStream.closerr@rrA) rrrrBrCrLr.rMrPIterablerTr?rrrrHrHcsqtCyTstajo$rrHcdeZdZdejegefdejeddfdZ deddfdZ dS) GuardedWriterMchunksrNc"||_||_dSr))_write_chunks)r-rMrYs rr.zGuardedWrite.__init__xs  rrJctd|t|||jt |dS)Nzwrite())r$rDr[r\appendr3rNs r__call__zGuardedWrite.__call__|sE9a''' A CFF#####r) rrrrBCallablerDobjectListintr.r_rrrrXrXwssaj%&916#;SW$%$D$$$$$$rrXceZdZdejedejeefdej eddfdZ d dZ defdZ d d Z d d ZdS) GuardedIteratoriterator headers_setrYrNcp||_t|j|_d|_||_||_dS)NF) _iteratorr:__next___nextclosedrgrY)r-rfrgrYs rr.zGuardedIterator.__init__s5 "(^^,  & rc|Sr)rr;s rr<zGuardedIterator.__iter__s rc |jrtdtd|}|jstdtdt d|t |jt||S)Nz Iterated over closed 'app_iter'.rr!z8The application returned before it started the response.zapplication iterator items) rlrrrkrgr$rDrYr^r3)r-rvs rrjzGuardedIterator.__next__s ; P 3[Q O O O O ZZ\\  J     /U;;; 3r77### rcd|_t|jdr|j|jr|j\}}t |j}|dt}|dkrc|D]E\}}| }|dvr(t|rtd|dtF|rtd tdSdSd |cxkrd ksn|d kr<|d krt|dt|rt|dtdSdS|||krtdtdSdSdSdS)NTr?zcontent-length)r#i0)expireszcontent-locationzEntity header z found in 304 response.z#304 responses must not have a body.drz- responses must have an empty content length.z responses must not have a body.zGContent-Length and the number of bytes sent to the client do not match.)rlhasattrrir?rgsumrYgetrclowerrrrr)r- status_codeheaders bytes_sentcontent_lengthkey_values rr?zGuardedIterator.closes 4>7 + + # N " " "   #'#3 KT[))J$[[)9[DDNc! #*KC))++C"AAFVGGKSKKK[M> LLLLLMM    c    [C-? !Q&&UUU#XKIII;WWWWWXX *0L ,3  0    rcf|js) tdtdS#t$rYdSwxYwdS)Nz4Iterator was garbage collected before it was closed.)rlrr Exceptionr;s r__del__zGuardedIterator.__del__s`{  JK       s  ..)rrerA)rrrrBrVrDTuplercrrbr.r<rjr?rrrrreres *U# WS'\* s      %"####Jrrec @eZdZdZddZdd Zd ed ejej eefd ej ej ej e e e fdej eeffd Zd eddfdZdejeddfdZdejdejdejefdZdS)LintMiddlewareaWarns about common errors in the WSGI and HTTP behavior of the server and wrapped application. Some of the issues it checks are: - invalid status codes - non-bytes sent to the WSGI server - strings returned from the WSGI application - non-empty conditional responses - unquoted etags - relative URLs in the Location header - unsafe calls to wsgi.input - unclosed iterators Error information is emitted using the :mod:`warnings` module. :param app: The WSGI application to wrap. .. code-block:: python from werkzeug.middleware.lint import LintMiddleware app = LintMiddleware(app) appr rNc||_dSr))r)r-rs rr.zLintMiddleware.__init__s renvironr ct|turtdtddD]!}||vrtd|dtd"|dd krtd td|d d }|d d }|r&|ddkrtd|td|r(|ddkrtd|tddSdSdS)Nz/WSGI environment is not a standard Python dict.r!) REQUEST_METHOD SERVER_NAME SERVER_PORT wsgi.version wsgi.input wsgi.errorszwsgi.multithreadzwsgi.multiprocessz wsgi.run_oncezRequired environment key z not foundr r)r2rz"Environ is not a WSGI 1.0 environ. SCRIPT_NAME PATH_INFOr/z+'SCRIPT_NAME' does not start with a slash: z)'PATH_INFO' does not start with a slash: )r#dictrrrw)r-rr} script_name path_infos r check_environzLintMiddleware.check_environsr == $  A        C'! AAAA  > "f , R 5{q Q Q Q Qkk-44 KK R00  ;q>S0  MkMM      1,  IIII          rstatusrzexc_infoc,td|t|ddd}t|dks|st dt dt|dks |ddkrt d |d t dt|}|d krt d t dt|turt d t d|D]}t|tust|dkrt dt d|\}}t|tust|turt dt d| dkrt dt d|,t|tst dt dt|}||||fS)Nrr2rr z!Status code must be three digits.r!r zInvalid value for status zJ. Valid status strings are three digits, a space and a status explanation.rrzStatus code < 100 detected.zHeader list is not a list.rz#Header items must be 2-item tuples.z'Header keys and values must be strings.zFThe status header is not supported due to conflicts with the CGI spec.zInvalid value for exc_info.)r$rLsplitr3 isdecimalrrrcr#listtuplerx isinstancer check_headers) r-rrzrstatus_code_strryitemnamevalues rcheck_start_responsez#LintMiddleware.check_start_responsesR 8VS))) ,,tQ//2   1 $ QO,E,E,G,G Q 4ka P P P P v;;? fQi3.  =F===     /**   K .  J J J J == $ J -{q I I I I  DDzz& W#d))q. W:KTUVVVVKD%Dzz$ U 3(> ={WXzz||x' 4   K 8U(C(C K .  J J J J'"" 7###G##rc|d}||dr6|drtdtd|dd}|dd|d dcxkrd ksntd td|d }|-t |jstd tddSdSdS)Netag)zW/w/rz)Weak etag indicator should be upper case.rr!rr2"zUnquoted etag emitted.locationz+Absolute URLs required for location header.)rw startswithrrrnetloc)r-rzrrs rrzLintMiddleware.check_headersNs:{{6""  J|,, ??4((C##$ ABBx!HRSS  J J J JS J J J J-{qIIII;;z**  H%%, A     rapp_itercbt|trtdtddSdS)NzThe application returned a bytestring. The response will send one character at a time to the client, which will kill performance. Return a list or iterable instead.r r!)rrDrr)r-rs rcheck_iteratorzLintMiddleware.check_iteratorisL h & &  6         rr0kwargsct|dkrtdtd|rtdtd|d}|d|t |d|d<t |d|d<t |d <ggd tjd tjd tj tgdfffd } |tj d|} |t|tj tjt t"fS)NrzA WSGI app takes two arguments.r!z+A WSGI app does not take keyword arguments.rr2rrzwsgi.file_wrapperr0rrclt|dvr(tdt|dtd|rtdt|d}|d}t|d kr|dnd}|||dd<t |||S) N>rr zInvalid number of arguments: z, expected 2 or 3.rr!z1'start_response' does not take keyword arguments.rr2r )r3rrrrX) r0rrrzrrYrgr-start_responses rchecking_start_responsez8LintMiddleware.__call__..checking_start_responses4yy& QCIIQQQ   WH+VVVq'F15aG IIN4a "66vwQQKNvw I I6RR Rrr )r3rrrr&rHr rBrEr`rDrcastrrerrcr) r-r0rrrrrYrgrs ` @@@rr_zLintMiddleware.__call__ss t99> O 2KA N N N N   ={WX    &*!W*.q' 7### +GL,A B B !,W]-C!D!D (3#$%'   S5 S$%E S Z & S S S S S S S S S,88GQVO=T%U%UVV H%%% afQWS'\2K@@&   r)rr rN)rr rN)rrrrr.rrLrBrbrOptionalType BaseExceptionrrcrrrrVrDrrEr_rrrrrs=,****X4$4$S)*4$* GAF=)=-G H 4$ g 4$4$4$4$lW6qz%'8T1 ae1 qu1 E9J1 1 1 1 1 1 rr) rtypingrBtypesr urllib.parserwarningsrdatastructuresrhttprwsgir TYPE_CHECKING_typeshed.wsgir r r WarningrrrLrarr$r&rHrXrerrrrrs?  !!!!!!$$$$$$######?/,,,,,,............+++++'++++++++'+++:=   &      11111111h($$$$$$$$MMMMMMMM`R R R R R R R R R R r