upstream/mercurial-mirror Files · mercurial/hgweb/wsgicgi.py

sslutil: synchronize hostname matching logic with CPython...

sslutil: synchronize hostname matching logic with CPython sslutil contains its own hostname matching logic. CPython has code for the same intent. However, it is only available to Python 2.7.9+ (or distributions that have backported 2.7.9's ssl module improvements). This patch effectively imports CPython's hostname matching code from its ssl.py into sslutil.py. The hostname matching code itself is pretty similar. However, the DNS name matching code is much more robust and spec conformant. As the test changes show, this changes some behavior around wildcard handling and IDNA matching. The new behavior allows wildcards in the middle of words (e.g. 'f*.com' matches 'foo.com') This is spec compliant according to RFC 6125 Section 6.5.3 item 3. There is one test where the matcher is more strict. Before, '*.a.com' matched '.a.com'. Now it doesn't match. Strictly speaking this is a security vulnerability.

Yuya Nishihara - - Load All Authors

File last commit:

r27046:37fcfe52 default


                r29452:26a5d605

3.8.4 stable

Download file

             wsgicgi.py
        
                    92 lines
            
             | 2.8 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / mercurial / hgweb / wsgicgi.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      # hgweb/wsgicgi.py - CGI->WSGI translator

      #

      # Copyright 2006 Eric Hopper <hopper@omnifarious.org>

      #

      # This software may be used and distributed according to the terms of the

      # GNU General Public License version 2 or any later version.

      #

      # This was originally copied from the public domain code at

      # http://www.python.org/dev/peps/pep-0333/#the-server-gateway-side

      from __future__ import absolute_import

      import os

      import sys

      from .. import (

          util,

      )

      from . import (

          common,

      )

      def launch(application):

          util.setbinary(sys.stdin)

          util.setbinary(sys.stdout)

          environ = dict(os.environ.iteritems())

          environ.setdefault('PATH_INFO', '')

          if environ.get('SERVER_SOFTWARE', '').startswith('Microsoft-IIS'):

              # IIS includes script_name in PATH_INFO

              scriptname = environ['SCRIPT_NAME']

              if environ['PATH_INFO'].startswith(scriptname):

                  environ['PATH_INFO'] = environ['PATH_INFO'][len(scriptname):]

          stdin = sys.stdin

          if environ.get('HTTP_EXPECT', '').lower() == '100-continue':

              stdin = common.continuereader(stdin, sys.stdout.write)

          environ['wsgi.input'] = stdin

          environ['wsgi.errors'] = sys.stderr

          environ['wsgi.version'] = (1, 0)

          environ['wsgi.multithread'] = False

          environ['wsgi.multiprocess'] = True

          environ['wsgi.run_once'] = True

          if environ.get('HTTPS', 'off').lower() in ('on', '1', 'yes'):

              environ['wsgi.url_scheme'] = 'https'

          else:

              environ['wsgi.url_scheme'] = 'http'

          headers_set = []

          headers_sent = []

          out = sys.stdout

          def write(data):

              if not headers_set:

                  raise AssertionError("write() before start_response()")

              elif not headers_sent:

                  # Before the first output, send the stored headers

                  status, response_headers = headers_sent[:] = headers_set

                  out.write('Status: %s\r\n' % status)

                  for header in response_headers:

                      out.write('%s: %s\r\n' % header)

                  out.write('\r\n')

              out.write(data)

              out.flush()

          def start_response(status, response_headers, exc_info=None):

              if exc_info:

                  try:

                      if headers_sent:

                          # Re-raise original exception if headers sent

                          raise exc_info[0](exc_info[1], exc_info[2])

                  finally:

                      exc_info = None     # avoid dangling circular ref

              elif headers_set:

                  raise AssertionError("Headers already set!")

              headers_set[:] = [status, response_headers]

              return write

          content = application(environ, start_response)

          try:

              for chunk in content:

                  write(chunk)

              if not headers_sent:

                  write('')   # send headers now if body was empty

          finally:

              getattr(content, 'close', lambda : None)()

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				# hgweb/wsgicgi.py - CGI->WSGI translator
				#
				# Copyright 2006 Eric Hopper <hopper@omnifarious.org>
				#
				# This software may be used and distributed according to the terms of the
				# GNU General Public License version 2 or any later version.
				#
				# This was originally copied from the public domain code at
				# http://www.python.org/dev/peps/pep-0333/#the-server-gateway-side

				from __future__ import absolute_import

				import os
				import sys

				from .. import (
				util,
				)

				from . import (
				common,
				)

				def launch(application):
				util.setbinary(sys.stdin)
				util.setbinary(sys.stdout)

				environ = dict(os.environ.iteritems())
				environ.setdefault('PATH_INFO', '')
				if environ.get('SERVER_SOFTWARE', '').startswith('Microsoft-IIS'):
				# IIS includes script_name in PATH_INFO
				scriptname = environ['SCRIPT_NAME']
				if environ['PATH_INFO'].startswith(scriptname):
				environ['PATH_INFO'] = environ['PATH_INFO'][len(scriptname):]

				stdin = sys.stdin
				if environ.get('HTTP_EXPECT', '').lower() == '100-continue':
				stdin = common.continuereader(stdin, sys.stdout.write)

				environ['wsgi.input'] = stdin
				environ['wsgi.errors'] = sys.stderr
				environ['wsgi.version'] = (1, 0)
				environ['wsgi.multithread'] = False
				environ['wsgi.multiprocess'] = True
				environ['wsgi.run_once'] = True

				if environ.get('HTTPS', 'off').lower() in ('on', '1', 'yes'):
				environ['wsgi.url_scheme'] = 'https'
				else:
				environ['wsgi.url_scheme'] = 'http'

				headers_set = []
				headers_sent = []
				out = sys.stdout

				def write(data):
				if not headers_set:
				raise AssertionError("write() before start_response()")

				elif not headers_sent:
				# Before the first output, send the stored headers
				status, response_headers = headers_sent[:] = headers_set
				out.write('Status: %s\r\n' % status)
				for header in response_headers:
				out.write('%s: %s\r\n' % header)
				out.write('\r\n')

				out.write(data)
				out.flush()

				def start_response(status, response_headers, exc_info=None):
				if exc_info:
				try:
				if headers_sent:
				# Re-raise original exception if headers sent
				raise exc_info[0](exc_info[1], exc_info[2])
				finally:
				exc_info = None # avoid dangling circular ref
				elif headers_set:
				raise AssertionError("Headers already set!")

				headers_set[:] = [status, response_headers]
				return write

				content = application(environ, start_response)
				try:
				for chunk in content:
				write(chunk)
				if not headers_sent:
				write('') # send headers now if body was empty
				finally:
				getattr(content, 'close', lambda : None)()