1# (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org) 2# Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php 3# Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php 4# Licensed to PSF under a Contributor Agreement 5""" 6Middleware to check for obedience to the WSGI specification. 7 8Some of the things this checks: 9 10* Signature of the application and start_response (including that 11 keyword arguments are not used). 12 13* Environment checks: 14 15 - Environment is a dictionary (and not a subclass). 16 17 - That all the required keys are in the environment: REQUEST_METHOD, 18 SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors, 19 wsgi.multithread, wsgi.multiprocess, wsgi.run_once 20 21 - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the 22 environment (these headers should appear as CONTENT_LENGTH and 23 CONTENT_TYPE). 24 25 - Warns if QUERY_STRING is missing, as the cgi module acts 26 unpredictably in that case. 27 28 - That CGI-style variables (that don't contain a .) have 29 (non-unicode) string values 30 31 - That wsgi.version is a tuple 32 33 - That wsgi.url_scheme is 'http' or 'https' (@@: is this too 34 restrictive?) 35 36 - Warns if the REQUEST_METHOD is not known (@@: probably too 37 restrictive). 38 39 - That SCRIPT_NAME and PATH_INFO are empty or start with / 40 41 - That at least one of SCRIPT_NAME or PATH_INFO are set. 42 43 - That CONTENT_LENGTH is a positive integer. 44 45 - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should 46 be '/'). 47 48 - That wsgi.input has the methods read, readline, readlines, and 49 __iter__ 50 51 - That wsgi.errors has the methods flush, write, writelines 52 53* The status is a string, contains a space, starts with an integer, 54 and that integer is in range (> 100). 55 56* That the headers is a list (not a subclass, not another kind of 57 sequence). 58 59* That the items of the headers are tuples of strings. 60 61* That there is no 'status' header (that is used in CGI, but not in 62 WSGI). 63 64* That the headers don't contain newlines or colons, end in _ or -, or 65 contain characters codes below 037. 66 67* That Content-Type is given if there is content (CGI often has a 68 default content type, but WSGI does not). 69 70* That no Content-Type is given when there is no content (@@: is this 71 too restrictive?) 72 73* That the exc_info argument to start_response is a tuple or None. 74 75* That all calls to the writer are with strings, and no other methods 76 on the writer are accessed. 77 78* That wsgi.input is used properly: 79 80 - .read() is called with zero or one argument 81 82 - That it returns a string 83 84 - That readline, readlines, and __iter__ return strings 85 86 - That .close() is not called 87 88 - No other methods are provided 89 90* That wsgi.errors is used properly: 91 92 - .write() and .writelines() is called with a string 93 94 - That .close() is not called, and no other methods are provided. 95 96* The response iterator: 97 98 - That it is not a string (it should be a list of a single string; a 99 string will work, but perform horribly). 100 101 - That .next() returns a string 102 103 - That the iterator is not iterated over until start_response has 104 been called (that can signal either a server or application 105 error). 106 107 - That .close() is called (doesn't raise exception, only prints to 108 sys.stderr, because we only know it isn't called when the object 109 is garbage collected). 110""" 111__all__ = ['validator'] 112 113 114import re 115import sys 116from types import DictType, StringType, TupleType, ListType 117import warnings 118 119header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$') 120bad_header_value_re = re.compile(r'[\000-\037]') 121 122class WSGIWarning(Warning): 123 """ 124 Raised in response to WSGI-spec-related warnings 125 """ 126 127def assert_(cond, *args): 128 if not cond: 129 raise AssertionError(*args) 130 131def validator(application): 132 133 """ 134 When applied between a WSGI server and a WSGI application, this 135 middleware will check for WSGI compliancy on a number of levels. 136 This middleware does not modify the request or response in any 137 way, but will raise an AssertionError if anything seems off 138 (except for a failure to close the application iterator, which 139 will be printed to stderr -- there's no way to raise an exception 140 at that point). 141 """ 142 143 def lint_app(*args, **kw): 144 assert_(len(args) == 2, "Two arguments required") 145 assert_(not kw, "No keyword arguments allowed") 146 environ, start_response = args 147 148 check_environ(environ) 149 150 # We use this to check if the application returns without 151 # calling start_response: 152 start_response_started = [] 153 154 def start_response_wrapper(*args, **kw): 155 assert_(len(args) == 2 or len(args) == 3, ( 156 "Invalid number of arguments: %s" % (args,))) 157 assert_(not kw, "No keyword arguments allowed") 158 status = args[0] 159 headers = args[1] 160 if len(args) == 3: 161 exc_info = args[2] 162 else: 163 exc_info = None 164 165 check_status(status) 166 check_headers(headers) 167 check_content_type(status, headers) 168 check_exc_info(exc_info) 169 170 start_response_started.append(None) 171 return WriteWrapper(start_response(*args)) 172 173 environ['wsgi.input'] = InputWrapper(environ['wsgi.input']) 174 environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors']) 175 176 iterator = application(environ, start_response_wrapper) 177 assert_(iterator is not None and iterator != False, 178 "The application must return an iterator, if only an empty list") 179 180 check_iterator(iterator) 181 182 return IteratorWrapper(iterator, start_response_started) 183 184 return lint_app 185 186class InputWrapper: 187 188 def __init__(self, wsgi_input): 189 self.input = wsgi_input 190 191 def read(self, *args): 192 assert_(len(args) <= 1) 193 v = self.input.read(*args) 194 assert_(type(v) is type("")) 195 return v 196 197 def readline(self): 198 v = self.input.readline() 199 assert_(type(v) is type("")) 200 return v 201 202 def readlines(self, *args): 203 assert_(len(args) <= 1) 204 lines = self.input.readlines(*args) 205 assert_(type(lines) is type([])) 206 for line in lines: 207 assert_(type(line) is type("")) 208 return lines 209 210 def __iter__(self): 211 while 1: 212 line = self.readline() 213 if not line: 214 return 215 yield line 216 217 def close(self): 218 assert_(0, "input.close() must not be called") 219 220class ErrorWrapper: 221 222 def __init__(self, wsgi_errors): 223 self.errors = wsgi_errors 224 225 def write(self, s): 226 assert_(type(s) is type("")) 227 self.errors.write(s) 228 229 def flush(self): 230 self.errors.flush() 231 232 def writelines(self, seq): 233 for line in seq: 234 self.write(line) 235 236 def close(self): 237 assert_(0, "errors.close() must not be called") 238 239class WriteWrapper: 240 241 def __init__(self, wsgi_writer): 242 self.writer = wsgi_writer 243 244 def __call__(self, s): 245 assert_(type(s) is type("")) 246 self.writer(s) 247 248class PartialIteratorWrapper: 249 250 def __init__(self, wsgi_iterator): 251 self.iterator = wsgi_iterator 252 253 def __iter__(self): 254 # We want to make sure __iter__ is called 255 return IteratorWrapper(self.iterator, None) 256 257class IteratorWrapper: 258 259 def __init__(self, wsgi_iterator, check_start_response): 260 self.original_iterator = wsgi_iterator 261 self.iterator = iter(wsgi_iterator) 262 self.closed = False 263 self.check_start_response = check_start_response 264 265 def __iter__(self): 266 return self 267 268 def next(self): 269 assert_(not self.closed, 270 "Iterator read after closed") 271 v = self.iterator.next() 272 if self.check_start_response is not None: 273 assert_(self.check_start_response, 274 "The application returns and we started iterating over its body, but start_response has not yet been called") 275 self.check_start_response = None 276 return v 277 278 def close(self): 279 self.closed = True 280 if hasattr(self.original_iterator, 'close'): 281 self.original_iterator.close() 282 283 def __del__(self): 284 if not self.closed: 285 sys.stderr.write( 286 "Iterator garbage collected without being closed") 287 assert_(self.closed, 288 "Iterator garbage collected without being closed") 289 290def check_environ(environ): 291 assert_(type(environ) is DictType, 292 "Environment is not of the right type: %r (environment: %r)" 293 % (type(environ), environ)) 294 295 for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT', 296 'wsgi.version', 'wsgi.input', 'wsgi.errors', 297 'wsgi.multithread', 'wsgi.multiprocess', 298 'wsgi.run_once']: 299 assert_(key in environ, 300 "Environment missing required key: %r" % (key,)) 301 302 for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']: 303 assert_(key not in environ, 304 "Environment should not have the key: %s " 305 "(use %s instead)" % (key, key[5:])) 306 307 if 'QUERY_STRING' not in environ: 308 warnings.warn( 309 'QUERY_STRING is not in the WSGI environment; the cgi ' 310 'module will use sys.argv when this variable is missing, ' 311 'so application errors are more likely', 312 WSGIWarning) 313 314 for key in environ.keys(): 315 if '.' in key: 316 # Extension, we don't care about its type 317 continue 318 assert_(type(environ[key]) is StringType, 319 "Environmental variable %s is not a string: %r (value: %r)" 320 % (key, type(environ[key]), environ[key])) 321 322 assert_(type(environ['wsgi.version']) is TupleType, 323 "wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],)) 324 assert_(environ['wsgi.url_scheme'] in ('http', 'https'), 325 "wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme']) 326 327 check_input(environ['wsgi.input']) 328 check_errors(environ['wsgi.errors']) 329 330 # @@: these need filling out: 331 if environ['REQUEST_METHOD'] not in ( 332 'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'): 333 warnings.warn( 334 "Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'], 335 WSGIWarning) 336 337 assert_(not environ.get('SCRIPT_NAME') 338 or environ['SCRIPT_NAME'].startswith('/'), 339 "SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME']) 340 assert_(not environ.get('PATH_INFO') 341 or environ['PATH_INFO'].startswith('/'), 342 "PATH_INFO doesn't start with /: %r" % environ['PATH_INFO']) 343 if environ.get('CONTENT_LENGTH'): 344 assert_(int(environ['CONTENT_LENGTH']) >= 0, 345 "Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH']) 346 347 if not environ.get('SCRIPT_NAME'): 348 assert_('PATH_INFO' in environ, 349 "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO " 350 "should at least be '/' if SCRIPT_NAME is empty)") 351 assert_(environ.get('SCRIPT_NAME') != '/', 352 "SCRIPT_NAME cannot be '/'; it should instead be '', and " 353 "PATH_INFO should be '/'") 354 355def check_input(wsgi_input): 356 for attr in ['read', 'readline', 'readlines', '__iter__']: 357 assert_(hasattr(wsgi_input, attr), 358 "wsgi.input (%r) doesn't have the attribute %s" 359 % (wsgi_input, attr)) 360 361def check_errors(wsgi_errors): 362 for attr in ['flush', 'write', 'writelines']: 363 assert_(hasattr(wsgi_errors, attr), 364 "wsgi.errors (%r) doesn't have the attribute %s" 365 % (wsgi_errors, attr)) 366 367def check_status(status): 368 assert_(type(status) is StringType, 369 "Status must be a string (not %r)" % status) 370 # Implicitly check that we can turn it into an integer: 371 status_code = status.split(None, 1)[0] 372 assert_(len(status_code) == 3, 373 "Status codes must be three characters: %r" % status_code) 374 status_int = int(status_code) 375 assert_(status_int >= 100, "Status code is invalid: %r" % status_int) 376 if len(status) < 4 or status[3] != ' ': 377 warnings.warn( 378 "The status string (%r) should be a three-digit integer " 379 "followed by a single space and a status explanation" 380 % status, WSGIWarning) 381 382def check_headers(headers): 383 assert_(type(headers) is ListType, 384 "Headers (%r) must be of type list: %r" 385 % (headers, type(headers))) 386 header_names = {} 387 for item in headers: 388 assert_(type(item) is TupleType, 389 "Individual headers (%r) must be of type tuple: %r" 390 % (item, type(item))) 391 assert_(len(item) == 2) 392 name, value = item 393 assert_(name.lower() != 'status', 394 "The Status header cannot be used; it conflicts with CGI " 395 "script, and HTTP status is not given through headers " 396 "(value: %r)." % value) 397 header_names[name.lower()] = None 398 assert_('\n' not in name and ':' not in name, 399 "Header names may not contain ':' or '\\n': %r" % name) 400 assert_(header_re.search(name), "Bad header name: %r" % name) 401 assert_(not name.endswith('-') and not name.endswith('_'), 402 "Names may not end in '-' or '_': %r" % name) 403 if bad_header_value_re.search(value): 404 assert_(0, "Bad header value: %r (bad char: %r)" 405 % (value, bad_header_value_re.search(value).group(0))) 406 407def check_content_type(status, headers): 408 code = int(status.split(None, 1)[0]) 409 # @@: need one more person to verify this interpretation of RFC 2616 410 # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html 411 NO_MESSAGE_BODY = (204, 304) 412 for name, value in headers: 413 if name.lower() == 'content-type': 414 if code not in NO_MESSAGE_BODY: 415 return 416 assert_(0, ("Content-Type header found in a %s response, " 417 "which must not return content.") % code) 418 if code not in NO_MESSAGE_BODY: 419 assert_(0, "No Content-Type header found in headers (%s)" % headers) 420 421def check_exc_info(exc_info): 422 assert_(exc_info is None or type(exc_info) is type(()), 423 "exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info))) 424 # More exc_info checks? 425 426def check_iterator(iterator): 427 # Technically a string is legal, which is why it's a really bad 428 # idea, because it may cause the response to be returned 429 # character-by-character 430 assert_(not isinstance(iterator, str), 431 "You should not return a string as your application iterator, " 432 "instead return a single-item list containing that string.") 433