5 f\6^dZddlmZddlZddlmZddlmZddl m Z ddl m Z dd l mZdd lmZejrdd lmZdd lmZdd lmZGddeZGddeZefd%dZGddZGddZGdd ZGd!d"ZGd#d$ZdS)&a WSGI Protocol Linter ==================== This module provides a middleware that performs sanity checks on the behavior of the WSGI server and application. It checks that the :pep:`3333` WSGI spec is properly implemented. It also warns on some common HTTP errors such as non-empty responses for 304 status codes. .. autoclass:: LintMiddleware :copyright: 2007 Pallets :license: BSD-3-Clause ) annotationsN) TracebackType)urlparse)warn)Headers)is_entity_header) FileWrapper) StartResponse)WSGIApplication)WSGIEnvironmentceZdZdZdS) WSGIWarningz Warning class for WSGI warnings.N__name__ __module__ __qualname____doc__N/var/www/equiseq/venv/lib/python3.11/site-packages/werkzeug/middleware/lint.pyrr ****rrceZdZdZdS) HTTPWarningz Warning class for HTTP warnings.Nrrrrrr$rrrcontextstrobjobjectneedt.TypereturnNonec t||ur9t|d|jdt|jdtddSdS)Nz requires z, got . stacklevel)typerrr)rrrs r check_typer)(si Cyy  R RDM R R499;M R R R       rc6eZdZddZdd Zdd Zdd Zdd ZdS) InputStreamstream t.IO[bytes]r!r"c||_dSN_streamselfr,s r__init__zInputStream.__init__2  rargst.Anybytesct|dkrtdtdn*t|dkrtdtd|jj|S)NrzWSGI does not guarantee an EOF marker on the input stream, thus making calls to 'wsgi.input.read()' unsafe. Conforming servers may never return from this call.rr&z2Too many parameters passed to 'wsgi.input.read()'.)lenrrr1readr3r6s rr<zInputStream.read5s t99>> *      YY!^^ D     !t| $''rct|dkrtdtdn:t|dkrtdtdntd|jj|S)Nrz_Calls to 'wsgi.input.readline()' without arguments are unsafe. Use 'wsgi.input.read()' instead.rr&r:z~'wsgi.input.readline()' was called with a size hint. WSGI does not support this, although it's available on all major servers.z5Too many arguments passed to 'wsgi.input.readline()'.)r;rr TypeErrorr1readliner=s rr@zInputStream.readlineFs t99>> 0       YY!^^ O      STT T$t|$d++rt.Iterator[bytes]c t|jS#t$r)tdtdtdcYSwxYw)Nz'wsgi.input' is not iterable.rr&r)iterr1r?rrr3s r__iter__zInputStream.__iter__YsW  %% %    0+! L L L L88OOO s0A A cftdtd|jdS)Nz(The application closed the input stream!rr&rrr1closerDs rrHzInputStream.close`3 7QRSSSS rN)r,r-r!r")r6r7r!r8)r!rAr!r")rrrr4r<r@rErHrrrr+r+1sx((((",,,,&rr+c6eZdZddZddZdd Zdd Zdd ZdS) ErrorStreamr, t.IO[str]r!r"c||_dSr/r0r2s rr4zErrorStream.__init__fr5rsrcftd|t|j|dS)Nzwsgi.error.write())r)rr1writer3rOs rrQzErrorStream.writeis1'C000 1rc8|jdSr/)r1flushrDs rrTzErrorStream.flushms rseqt.Iterable[str]c:|D]}||dSr/)rQ)r3rUlines r writelineszErrorStream.writelinesps0  D JJt      rcftdtd|jdS)Nz(The application closed the error stream!rr&rGrDs rrHzErrorStream.closetrIrN)r,rMr!r")rOrr!r"rJ)rUrVr!r")rrrr4rQrTrYrHrrrrLrLesxrrLceZdZd dZd d Zd S) GuardedWriterQt.Callable[[bytes], object]chunks list[int]r!r"c"||_||_dSr/)_write_chunks)r3rQr^s rr4zGuardedWrite.__init__zs  rrOr8ctd|t|||jt |dS)Nzwrite())r)r8rarbappendr;rRs r__call__zGuardedWrite.__call__~sE9a''' A CFF#####rN)rQr]r^r_r!r")rOr8r!r")rrrr4rerrrr\r\ys<$$$$$$rr\c6eZdZdd Zdd Zdd Zdd ZddZdS)GuardedIteratoriteratort.Iterable[bytes] headers_settuple[int, Headers]r^r_r!r"cp||_t|j|_d|_||_||_dS)NF) _iteratorrC__next___nextclosedrjr^)r3rhrjr^s rr4zGuardedIterator.__init__s5 "(^^,  & rc|Sr/rrDs rrEzGuardedIterator.__iter__s rr8c |jrtdtd|}|jstdtdt d|t |jt||S)Nz Iterated over closed 'app_iter'.rr&z8The application returned before it started the response.zapplication iterator items) rprrrorjr)r8r^rdr;)r3rvs rrnzGuardedIterator.__next__s ; P 3[Q O O O O ZZ\\  J     /U;;; 3r77### rcd|_t|jdr|j|jr|j\}}t |j}|dt}|dkrc|D]E\}}| }|dvr(t|rtd|dtF|rtd tdSdSd |cxkrd ksn|d kr<|d krt|dt|rt|dtdSdS|||krtdtdSdSdSdS)NTrHzcontent-length)r(i0)expireszcontent-locationzEntity header z found in 304 response.z#304 responses must not have a body.drz- responses must have an empty content length.z responses must not have a body.zGContent-Length and the number of bytes sent to the client do not match.)rphasattrrmrHrjsumr^getintlowerr rrr)r3 status_codeheaders bytes_sentcontent_lengthkey_values rrHzGuardedIterator.closes 4>7 + + # N " " "   #'#3 KT[))J$[[)9[DDNc!!#*KC))++C"AAAFVGGAKSKKK[M> LLLLLMM ))))c))))[C-?-?!Q&&&UUU#XKIII;WWWWWXX+*0L0L,3  0,+0L0Lrcf|js) tdtdS#t$rYdSwxYwdS)Nz4Iterator was garbage collected before it was closed.)rprr ExceptionrDs r__del__zGuardedIterator.__del__s`{  JK       s  ..N)rhrirjrkr^r_r!r")r!rg)r!r8rJ)rrrr4rErnrHrrrrrgrgsy    "####JrrgcBeZdZdZddZdd ZddZddZd dZd!dZ dS)"LintMiddlewareaWarns about common errors in the WSGI and HTTP behavior of the server and wrapped application. Some of the issues it checks are: - invalid status codes - non-bytes sent to the WSGI server - strings returned from the WSGI application - non-empty conditional responses - unquoted etags - relative URLs in the Location header - unsafe calls to wsgi.input - unclosed iterators Error information is emitted using the :mod:`warnings` module. :param app: The WSGI application to wrap. .. code-block:: python from werkzeug.middleware.lint import LintMiddleware app = LintMiddleware(app) appr r!r"c||_dSr/)r)r3rs rr4zLintMiddleware.__init__s renvironr ct|turtdtddD]!}||vrtd|dtd"|dd krtd td|d d }|d d }|r&|ddkrtd|td|r(|ddkrtd|tddSdSdS)Nz/WSGI environment is not a standard Python dict.r&) REQUEST_METHOD SERVER_NAME SERVER_PORT wsgi.version wsgi.input wsgi.errorszwsgi.multithreadzwsgi.multiprocessz wsgi.run_oncezRequired environment key z not foundr%r)r:rz"Environ is not a WSGI 1.0 environ. SCRIPT_NAME PATH_INFOr/z+'SCRIPT_NAME' does not start with a slash: z)'PATH_INFO' does not start with a slash: )r(dictrrr{)r3rr script_name path_infos r check_environzLintMiddleware.check_environsc == $ $ A        C'!!AAAA  > "f , , 5{q Q Q Q Qkk-44 KK R00  ;q>S00 MkMM      1,, IIII        ,,rstatusrrlist[tuple[str, str]]exc_info?None | tuple[type[BaseException], BaseException, TracebackType]rkc,td|t|ddd}t|dks|st dt dt|dks |ddkrt d |d t dt|}|d krt d t dt|turt d t d|D]}t|tust|dkrt dt d|\}}t|tust|turt dt d| dkrt dt d|,t|tst dt dt|}||||fS)Nrr:rr%z!Status code must be three digits.r&r zInvalid value for status zJ. Valid status strings are three digits, a space and a status explanation.rvzStatus code < 100 detected.zHeader list is not a list.rz#Header items must be 2-item tuples.z'Header keys and values must be strings.zFThe status header is not supported due to conflicts with the CGI spec.zInvalid value for exc_info.)r)rsplitr; isdecimalrrr|r(listtupler} isinstancer check_headers) r3rrrstatus_code_strr~itemnamevalues rcheck_start_responsez#LintMiddleware.check_start_responses. 8VS))) ,,tQ//2   1 $ $O,E,E,G,G $ 4ka P P P P v;;??fQi3.. =F===     /**    .  J J J J == $ $ -{q I I I I  DDzz&&#d))q..:KTUVVVVKD%Dzz$$U 3(>(>={WXzz||x''4    8U(C(C  .  J J J J'"" 7###G##rrc|d}||dr6|drtdtd|dd}|dd|d dcxkrd ksntd td|d }|-t |jstd tddSdSdS)Netag)zW/w/rz)Weak etag indicator should be upper case.rr&rr:"zUnquoted etag emitted.locationz+Absolute URLs required for location header.)r{ startswithrrrnetloc)r3rrrs rrzLintMiddleware.check_headersNs{{6""  |,, ??4((C##$ ABBx!HRSS 0000S0000-{qIIII;;z**  H%%, A    rapp_iterricbt|trtdtddSdS)NzThe application returned a string. The response will send one character at a time to the client, which will kill performance. Return a list or iterable instead.r%r&)rrrr)r3rs rcheck_iteratorzLintMiddleware.check_iteratorisL h $ $  6         rr6r7kwargscdt|dkrtdtd|rtdtd|d}|d|t |d|d<t |d|d<t |d <ggdfd }|tj d|} |t|tj tj ttfS)NrzA WSGI app takes two arguments.r&z+A WSGI app does not take keyword arguments.rr:rrzwsgi.file_wrapperr6r7rr!t.Callable[[bytes], None]clt|dvr(tdt|dtd|rtdt|d}|d}t|d kr|dnd}|||dd<t |||S) N>rr%zInvalid number of arguments: z, expected 2 or 3.rr&z1'start_response' does not take keyword arguments.rr:r%)r;rrrr\) r6rrrrr^rjr3start_responses rchecking_start_responsez8LintMiddleware.__call__..checking_start_responses4yy&&QCIIQQQ   WH+VVVq'F-1!WG IINNa "66vwQQKNvw I I6RR Rrr )r6r7rr7r!r)r;rrrr+rLr rtcastrrgTupler|r) r3r6rrrrr^rjrs ` @@@rrezLintMiddleware.__call__ss[ t99>> 2KA N N N N   ={WX    $(7(,Q 7### +GL,A B B !,W]-C!D!D (3#$#%  S S S S S S S S S,88GQVO=T%U%UVV H%%% afQWS'\2K@@&   rN)rr r!r")rr r!r")rrrrrrr!rk)rrr!r")rrir!r")r6r7rr7r!ri) rrrrr4rrrrrerrrrrs,****X2$2$2$2$h61 1 1 1 1 1 rr)rrrrrr r!r") r __future__rtypingrtypesr urllib.parserwarningsrdatastructuresrhttpr wsgir TYPE_CHECKING_typeshed.wsgir r r Warningrrrr)r+rLr\rgrrrrrs3  #"""""!!!!!!$$$$$$######?/,,,,,,............+++++'++++++++'+++:=     11111111h($$$$$$$$MMMMMMMM`P P P P P P P P P P r