1# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
2# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
3# Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php
4# Licensed to PSF under a Contributor Agreement
5"""
6Middleware to check for obedience to the WSGI specification.
7
8Some of the things this checks:
9
10* Signature of the application and start_response (including that
11  keyword arguments are not used).
12
13* Environment checks:
14
15  - Environment is a dictionary (and not a subclass).
16
17  - That all the required keys are in the environment: REQUEST_METHOD,
18    SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,
19    wsgi.multithread, wsgi.multiprocess, wsgi.run_once
20
21  - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the
22    environment (these headers should appear as CONTENT_LENGTH and
23    CONTENT_TYPE).
24
25  - Warns if QUERY_STRING is missing, as the cgi module acts
26    unpredictably in that case.
27
28  - That CGI-style variables (that don't contain a .) have
29    (non-unicode) string values
30
31  - That wsgi.version is a tuple
32
33  - That wsgi.url_scheme is 'http' or 'https' (@@: is this too
34    restrictive?)
35
36  - Warns if the REQUEST_METHOD is not known (@@: probably too
37    restrictive).
38
39  - That SCRIPT_NAME and PATH_INFO are empty or start with /
40
41  - That at least one of SCRIPT_NAME or PATH_INFO are set.
42
43  - That CONTENT_LENGTH is a positive integer.
44
45  - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
46    be '/').
47
48  - That wsgi.input has the methods read, readline, readlines, and
49    __iter__
50
51  - That wsgi.errors has the methods flush, write, writelines
52
53* The status is a string, contains a space, starts with an integer,
54  and that integer is in range (> 100).
55
56* That the headers is a list (not a subclass, not another kind of
57  sequence).
58
59* That the items of the headers are tuples of strings.
60
61* That there is no 'status' header (that is used in CGI, but not in
62  WSGI).
63
64* That the headers don't contain newlines or colons, end in _ or -, or
65  contain characters codes below 037.
66
67* That Content-Type is given if there is content (CGI often has a
68  default content type, but WSGI does not).
69
70* That no Content-Type is given when there is no content (@@: is this
71  too restrictive?)
72
73* That the exc_info argument to start_response is a tuple or None.
74
75* That all calls to the writer are with strings, and no other methods
76  on the writer are accessed.
77
78* That wsgi.input is used properly:
79
80  - .read() is called with zero or one argument
81
82  - That it returns a string
83
84  - That readline, readlines, and __iter__ return strings
85
86  - That .close() is not called
87
88  - No other methods are provided
89
90* That wsgi.errors is used properly:
91
92  - .write() and .writelines() is called with a string
93
94  - That .close() is not called, and no other methods are provided.
95
96* The response iterator:
97
98  - That it is not a string (it should be a list of a single string; a
99    string will work, but perform horribly).
100
101  - That .next() returns a string
102
103  - That the iterator is not iterated over until start_response has
104    been called (that can signal either a server or application
105    error).
106
107  - That .close() is called (doesn't raise exception, only prints to
108    sys.stderr, because we only know it isn't called when the object
109    is garbage collected).
110"""
111__all__ = ['validator']
112
113
114import re
115import sys
116from types import DictType, StringType, TupleType, ListType
117import warnings
118
119header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$')
120bad_header_value_re = re.compile(r'[\000-\037]')
121
122class WSGIWarning(Warning):
123    """
124    Raised in response to WSGI-spec-related warnings
125    """
126
127def assert_(cond, *args):
128    if not cond:
129        raise AssertionError(*args)
130
131def validator(application):
132
133    """
134    When applied between a WSGI server and a WSGI application, this
135    middleware will check for WSGI compliancy on a number of levels.
136    This middleware does not modify the request or response in any
137    way, but will raise an AssertionError if anything seems off
138    (except for a failure to close the application iterator, which
139    will be printed to stderr -- there's no way to raise an exception
140    at that point).
141    """
142
143    def lint_app(*args, **kw):
144        assert_(len(args) == 2, "Two arguments required")
145        assert_(not kw, "No keyword arguments allowed")
146        environ, start_response = args
147
148        check_environ(environ)
149
150        # We use this to check if the application returns without
151        # calling start_response:
152        start_response_started = []
153
154        def start_response_wrapper(*args, **kw):
155            assert_(len(args) == 2 or len(args) == 3, (
156                "Invalid number of arguments: %s" % (args,)))
157            assert_(not kw, "No keyword arguments allowed")
158            status = args[0]
159            headers = args[1]
160            if len(args) == 3:
161                exc_info = args[2]
162            else:
163                exc_info = None
164
165            check_status(status)
166            check_headers(headers)
167            check_content_type(status, headers)
168            check_exc_info(exc_info)
169
170            start_response_started.append(None)
171            return WriteWrapper(start_response(*args))
172
173        environ['wsgi.input'] = InputWrapper(environ['wsgi.input'])
174        environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors'])
175
176        iterator = application(environ, start_response_wrapper)
177        assert_(iterator is not None and iterator != False,
178            "The application must return an iterator, if only an empty list")
179
180        check_iterator(iterator)
181
182        return IteratorWrapper(iterator, start_response_started)
183
184    return lint_app
185
186class InputWrapper:
187
188    def __init__(self, wsgi_input):
189        self.input = wsgi_input
190
191    def read(self, *args):
192        assert_(len(args) <= 1)
193        v = self.input.read(*args)
194        assert_(type(v) is type(""))
195        return v
196
197    def readline(self):
198        v = self.input.readline()
199        assert_(type(v) is type(""))
200        return v
201
202    def readlines(self, *args):
203        assert_(len(args) <= 1)
204        lines = self.input.readlines(*args)
205        assert_(type(lines) is type([]))
206        for line in lines:
207            assert_(type(line) is type(""))
208        return lines
209
210    def __iter__(self):
211        while 1:
212            line = self.readline()
213            if not line:
214                return
215            yield line
216
217    def close(self):
218        assert_(0, "input.close() must not be called")
219
220class ErrorWrapper:
221
222    def __init__(self, wsgi_errors):
223        self.errors = wsgi_errors
224
225    def write(self, s):
226        assert_(type(s) is type(""))
227        self.errors.write(s)
228
229    def flush(self):
230        self.errors.flush()
231
232    def writelines(self, seq):
233        for line in seq:
234            self.write(line)
235
236    def close(self):
237        assert_(0, "errors.close() must not be called")
238
239class WriteWrapper:
240
241    def __init__(self, wsgi_writer):
242        self.writer = wsgi_writer
243
244    def __call__(self, s):
245        assert_(type(s) is type(""))
246        self.writer(s)
247
248class PartialIteratorWrapper:
249
250    def __init__(self, wsgi_iterator):
251        self.iterator = wsgi_iterator
252
253    def __iter__(self):
254        # We want to make sure __iter__ is called
255        return IteratorWrapper(self.iterator, None)
256
257class IteratorWrapper:
258
259    def __init__(self, wsgi_iterator, check_start_response):
260        self.original_iterator = wsgi_iterator
261        self.iterator = iter(wsgi_iterator)
262        self.closed = False
263        self.check_start_response = check_start_response
264
265    def __iter__(self):
266        return self
267
268    def next(self):
269        assert_(not self.closed,
270            "Iterator read after closed")
271        v = self.iterator.next()
272        if self.check_start_response is not None:
273            assert_(self.check_start_response,
274                "The application returns and we started iterating over its body, but start_response has not yet been called")
275            self.check_start_response = None
276        return v
277
278    def close(self):
279        self.closed = True
280        if hasattr(self.original_iterator, 'close'):
281            self.original_iterator.close()
282
283    def __del__(self):
284        if not self.closed:
285            sys.stderr.write(
286                "Iterator garbage collected without being closed")
287        assert_(self.closed,
288            "Iterator garbage collected without being closed")
289
290def check_environ(environ):
291    assert_(type(environ) is DictType,
292        "Environment is not of the right type: %r (environment: %r)"
293        % (type(environ), environ))
294
295    for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT',
296                'wsgi.version', 'wsgi.input', 'wsgi.errors',
297                'wsgi.multithread', 'wsgi.multiprocess',
298                'wsgi.run_once']:
299        assert_(key in environ,
300            "Environment missing required key: %r" % (key,))
301
302    for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']:
303        assert_(key not in environ,
304            "Environment should not have the key: %s "
305            "(use %s instead)" % (key, key[5:]))
306
307    if 'QUERY_STRING' not in environ:
308        warnings.warn(
309            'QUERY_STRING is not in the WSGI environment; the cgi '
310            'module will use sys.argv when this variable is missing, '
311            'so application errors are more likely',
312            WSGIWarning)
313
314    for key in environ.keys():
315        if '.' in key:
316            # Extension, we don't care about its type
317            continue
318        assert_(type(environ[key]) is StringType,
319            "Environmental variable %s is not a string: %r (value: %r)"
320            % (key, type(environ[key]), environ[key]))
321
322    assert_(type(environ['wsgi.version']) is TupleType,
323        "wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],))
324    assert_(environ['wsgi.url_scheme'] in ('http', 'https'),
325        "wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme'])
326
327    check_input(environ['wsgi.input'])
328    check_errors(environ['wsgi.errors'])
329
330    # @@: these need filling out:
331    if environ['REQUEST_METHOD'] not in (
332        'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'):
333        warnings.warn(
334            "Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'],
335            WSGIWarning)
336
337    assert_(not environ.get('SCRIPT_NAME')
338            or environ['SCRIPT_NAME'].startswith('/'),
339        "SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME'])
340    assert_(not environ.get('PATH_INFO')
341            or environ['PATH_INFO'].startswith('/'),
342        "PATH_INFO doesn't start with /: %r" % environ['PATH_INFO'])
343    if environ.get('CONTENT_LENGTH'):
344        assert_(int(environ['CONTENT_LENGTH']) >= 0,
345            "Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH'])
346
347    if not environ.get('SCRIPT_NAME'):
348        assert_('PATH_INFO' in environ,
349            "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO "
350            "should at least be '/' if SCRIPT_NAME is empty)")
351    assert_(environ.get('SCRIPT_NAME') != '/',
352        "SCRIPT_NAME cannot be '/'; it should instead be '', and "
353        "PATH_INFO should be '/'")
354
355def check_input(wsgi_input):
356    for attr in ['read', 'readline', 'readlines', '__iter__']:
357        assert_(hasattr(wsgi_input, attr),
358            "wsgi.input (%r) doesn't have the attribute %s"
359            % (wsgi_input, attr))
360
361def check_errors(wsgi_errors):
362    for attr in ['flush', 'write', 'writelines']:
363        assert_(hasattr(wsgi_errors, attr),
364            "wsgi.errors (%r) doesn't have the attribute %s"
365            % (wsgi_errors, attr))
366
367def check_status(status):
368    assert_(type(status) is StringType,
369        "Status must be a string (not %r)" % status)
370    # Implicitly check that we can turn it into an integer:
371    status_code = status.split(None, 1)[0]
372    assert_(len(status_code) == 3,
373        "Status codes must be three characters: %r" % status_code)
374    status_int = int(status_code)
375    assert_(status_int >= 100, "Status code is invalid: %r" % status_int)
376    if len(status) < 4 or status[3] != ' ':
377        warnings.warn(
378            "The status string (%r) should be a three-digit integer "
379            "followed by a single space and a status explanation"
380            % status, WSGIWarning)
381
382def check_headers(headers):
383    assert_(type(headers) is ListType,
384        "Headers (%r) must be of type list: %r"
385        % (headers, type(headers)))
386    header_names = {}
387    for item in headers:
388        assert_(type(item) is TupleType,
389            "Individual headers (%r) must be of type tuple: %r"
390            % (item, type(item)))
391        assert_(len(item) == 2)
392        name, value = item
393        assert_(name.lower() != 'status',
394            "The Status header cannot be used; it conflicts with CGI "
395            "script, and HTTP status is not given through headers "
396            "(value: %r)." % value)
397        header_names[name.lower()] = None
398        assert_('\n' not in name and ':' not in name,
399            "Header names may not contain ':' or '\\n': %r" % name)
400        assert_(header_re.search(name), "Bad header name: %r" % name)
401        assert_(not name.endswith('-') and not name.endswith('_'),
402            "Names may not end in '-' or '_': %r" % name)
403        if bad_header_value_re.search(value):
404            assert_(0, "Bad header value: %r (bad char: %r)"
405            % (value, bad_header_value_re.search(value).group(0)))
406
407def check_content_type(status, headers):
408    code = int(status.split(None, 1)[0])
409    # @@: need one more person to verify this interpretation of RFC 2616
410    #     http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
411    NO_MESSAGE_BODY = (204, 304)
412    for name, value in headers:
413        if name.lower() == 'content-type':
414            if code not in NO_MESSAGE_BODY:
415                return
416            assert_(0, ("Content-Type header found in a %s response, "
417                        "which must not return content.") % code)
418    if code not in NO_MESSAGE_BODY:
419        assert_(0, "No Content-Type header found in headers (%s)" % headers)
420
421def check_exc_info(exc_info):
422    assert_(exc_info is None or type(exc_info) is type(()),
423        "exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info)))
424    # More exc_info checks?
425
426def check_iterator(iterator):
427    # Technically a string is legal, which is why it's a really bad
428    # idea, because it may cause the response to be returned
429    # character-by-character
430    assert_(not isinstance(iterator, str),
431        "You should not return a string as your application iterator, "
432        "instead return a single-item list containing that string.")
433