Home | History | Annotate | Download | only in wsgiref
      1 # (c) 2005 Ian Bicking and contributors; written for Paste (http://pythonpaste.org)
      2 # Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
      3 # Also licenced under the Apache License, 2.0: http://opensource.org/licenses/apache2.0.php
      4 # Licensed to PSF under a Contributor Agreement
      5 """
      6 Middleware to check for obedience to the WSGI specification.
      7 
      8 Some of the things this checks:
      9 
     10 * Signature of the application and start_response (including that
     11   keyword arguments are not used).
     12 
     13 * Environment checks:
     14 
     15   - Environment is a dictionary (and not a subclass).
     16 
     17   - That all the required keys are in the environment: REQUEST_METHOD,
     18     SERVER_NAME, SERVER_PORT, wsgi.version, wsgi.input, wsgi.errors,
     19     wsgi.multithread, wsgi.multiprocess, wsgi.run_once
     20 
     21   - That HTTP_CONTENT_TYPE and HTTP_CONTENT_LENGTH are not in the
     22     environment (these headers should appear as CONTENT_LENGTH and
     23     CONTENT_TYPE).
     24 
     25   - Warns if QUERY_STRING is missing, as the cgi module acts
     26     unpredictably in that case.
     27 
     28   - That CGI-style variables (that don't contain a .) have
     29     (non-unicode) string values
     30 
     31   - That wsgi.version is a tuple
     32 
     33   - That wsgi.url_scheme is 'http' or 'https' (@@: is this too
     34     restrictive?)
     35 
     36   - Warns if the REQUEST_METHOD is not known (@@: probably too
     37     restrictive).
     38 
     39   - That SCRIPT_NAME and PATH_INFO are empty or start with /
     40 
     41   - That at least one of SCRIPT_NAME or PATH_INFO are set.
     42 
     43   - That CONTENT_LENGTH is a positive integer.
     44 
     45   - That SCRIPT_NAME is not '/' (it should be '', and PATH_INFO should
     46     be '/').
     47 
     48   - That wsgi.input has the methods read, readline, readlines, and
     49     __iter__
     50 
     51   - That wsgi.errors has the methods flush, write, writelines
     52 
     53 * The status is a string, contains a space, starts with an integer,
     54   and that integer is in range (> 100).
     55 
     56 * That the headers is a list (not a subclass, not another kind of
     57   sequence).
     58 
     59 * That the items of the headers are tuples of strings.
     60 
     61 * That there is no 'status' header (that is used in CGI, but not in
     62   WSGI).
     63 
     64 * That the headers don't contain newlines or colons, end in _ or -, or
     65   contain characters codes below 037.
     66 
     67 * That Content-Type is given if there is content (CGI often has a
     68   default content type, but WSGI does not).
     69 
     70 * That no Content-Type is given when there is no content (@@: is this
     71   too restrictive?)
     72 
     73 * That the exc_info argument to start_response is a tuple or None.
     74 
     75 * That all calls to the writer are with strings, and no other methods
     76   on the writer are accessed.
     77 
     78 * That wsgi.input is used properly:
     79 
     80   - .read() is called with zero or one argument
     81 
     82   - That it returns a string
     83 
     84   - That readline, readlines, and __iter__ return strings
     85 
     86   - That .close() is not called
     87 
     88   - No other methods are provided
     89 
     90 * That wsgi.errors is used properly:
     91 
     92   - .write() and .writelines() is called with a string
     93 
     94   - That .close() is not called, and no other methods are provided.
     95 
     96 * The response iterator:
     97 
     98   - That it is not a string (it should be a list of a single string; a
     99     string will work, but perform horribly).
    100 
    101   - That .next() returns a string
    102 
    103   - That the iterator is not iterated over until start_response has
    104     been called (that can signal either a server or application
    105     error).
    106 
    107   - That .close() is called (doesn't raise exception, only prints to
    108     sys.stderr, because we only know it isn't called when the object
    109     is garbage collected).
    110 """
    111 __all__ = ['validator']
    112 
    113 
    114 import re
    115 import sys
    116 from types import DictType, StringType, TupleType, ListType
    117 import warnings
    118 
    119 header_re = re.compile(r'^[a-zA-Z][a-zA-Z0-9\-_]*$')
    120 bad_header_value_re = re.compile(r'[\000-\037]')
    121 
    122 class WSGIWarning(Warning):
    123     """
    124     Raised in response to WSGI-spec-related warnings
    125     """
    126 
    127 def assert_(cond, *args):
    128     if not cond:
    129         raise AssertionError(*args)
    130 
    131 def validator(application):
    132 
    133     """
    134     When applied between a WSGI server and a WSGI application, this
    135     middleware will check for WSGI compliancy on a number of levels.
    136     This middleware does not modify the request or response in any
    137     way, but will raise an AssertionError if anything seems off
    138     (except for a failure to close the application iterator, which
    139     will be printed to stderr -- there's no way to raise an exception
    140     at that point).
    141     """
    142 
    143     def lint_app(*args, **kw):
    144         assert_(len(args) == 2, "Two arguments required")
    145         assert_(not kw, "No keyword arguments allowed")
    146         environ, start_response = args
    147 
    148         check_environ(environ)
    149 
    150         # We use this to check if the application returns without
    151         # calling start_response:
    152         start_response_started = []
    153 
    154         def start_response_wrapper(*args, **kw):
    155             assert_(len(args) == 2 or len(args) == 3, (
    156                 "Invalid number of arguments: %s" % (args,)))
    157             assert_(not kw, "No keyword arguments allowed")
    158             status = args[0]
    159             headers = args[1]
    160             if len(args) == 3:
    161                 exc_info = args[2]
    162             else:
    163                 exc_info = None
    164 
    165             check_status(status)
    166             check_headers(headers)
    167             check_content_type(status, headers)
    168             check_exc_info(exc_info)
    169 
    170             start_response_started.append(None)
    171             return WriteWrapper(start_response(*args))
    172 
    173         environ['wsgi.input'] = InputWrapper(environ['wsgi.input'])
    174         environ['wsgi.errors'] = ErrorWrapper(environ['wsgi.errors'])
    175 
    176         iterator = application(environ, start_response_wrapper)
    177         assert_(iterator is not None and iterator != False,
    178             "The application must return an iterator, if only an empty list")
    179 
    180         check_iterator(iterator)
    181 
    182         return IteratorWrapper(iterator, start_response_started)
    183 
    184     return lint_app
    185 
    186 class InputWrapper:
    187 
    188     def __init__(self, wsgi_input):
    189         self.input = wsgi_input
    190 
    191     def read(self, *args):
    192         assert_(len(args) <= 1)
    193         v = self.input.read(*args)
    194         assert_(type(v) is type(""))
    195         return v
    196 
    197     def readline(self):
    198         v = self.input.readline()
    199         assert_(type(v) is type(""))
    200         return v
    201 
    202     def readlines(self, *args):
    203         assert_(len(args) <= 1)
    204         lines = self.input.readlines(*args)
    205         assert_(type(lines) is type([]))
    206         for line in lines:
    207             assert_(type(line) is type(""))
    208         return lines
    209 
    210     def __iter__(self):
    211         while 1:
    212             line = self.readline()
    213             if not line:
    214                 return
    215             yield line
    216 
    217     def close(self):
    218         assert_(0, "input.close() must not be called")
    219 
    220 class ErrorWrapper:
    221 
    222     def __init__(self, wsgi_errors):
    223         self.errors = wsgi_errors
    224 
    225     def write(self, s):
    226         assert_(type(s) is type(""))
    227         self.errors.write(s)
    228 
    229     def flush(self):
    230         self.errors.flush()
    231 
    232     def writelines(self, seq):
    233         for line in seq:
    234             self.write(line)
    235 
    236     def close(self):
    237         assert_(0, "errors.close() must not be called")
    238 
    239 class WriteWrapper:
    240 
    241     def __init__(self, wsgi_writer):
    242         self.writer = wsgi_writer
    243 
    244     def __call__(self, s):
    245         assert_(type(s) is type(""))
    246         self.writer(s)
    247 
    248 class PartialIteratorWrapper:
    249 
    250     def __init__(self, wsgi_iterator):
    251         self.iterator = wsgi_iterator
    252 
    253     def __iter__(self):
    254         # We want to make sure __iter__ is called
    255         return IteratorWrapper(self.iterator, None)
    256 
    257 class IteratorWrapper:
    258 
    259     def __init__(self, wsgi_iterator, check_start_response):
    260         self.original_iterator = wsgi_iterator
    261         self.iterator = iter(wsgi_iterator)
    262         self.closed = False
    263         self.check_start_response = check_start_response
    264 
    265     def __iter__(self):
    266         return self
    267 
    268     def next(self):
    269         assert_(not self.closed,
    270             "Iterator read after closed")
    271         v = self.iterator.next()
    272         if self.check_start_response is not None:
    273             assert_(self.check_start_response,
    274                 "The application returns and we started iterating over its body, but start_response has not yet been called")
    275             self.check_start_response = None
    276         return v
    277 
    278     def close(self):
    279         self.closed = True
    280         if hasattr(self.original_iterator, 'close'):
    281             self.original_iterator.close()
    282 
    283     def __del__(self):
    284         if not self.closed:
    285             sys.stderr.write(
    286                 "Iterator garbage collected without being closed")
    287         assert_(self.closed,
    288             "Iterator garbage collected without being closed")
    289 
    290 def check_environ(environ):
    291     assert_(type(environ) is DictType,
    292         "Environment is not of the right type: %r (environment: %r)"
    293         % (type(environ), environ))
    294 
    295     for key in ['REQUEST_METHOD', 'SERVER_NAME', 'SERVER_PORT',
    296                 'wsgi.version', 'wsgi.input', 'wsgi.errors',
    297                 'wsgi.multithread', 'wsgi.multiprocess',
    298                 'wsgi.run_once']:
    299         assert_(key in environ,
    300             "Environment missing required key: %r" % (key,))
    301 
    302     for key in ['HTTP_CONTENT_TYPE', 'HTTP_CONTENT_LENGTH']:
    303         assert_(key not in environ,
    304             "Environment should not have the key: %s "
    305             "(use %s instead)" % (key, key[5:]))
    306 
    307     if 'QUERY_STRING' not in environ:
    308         warnings.warn(
    309             'QUERY_STRING is not in the WSGI environment; the cgi '
    310             'module will use sys.argv when this variable is missing, '
    311             'so application errors are more likely',
    312             WSGIWarning)
    313 
    314     for key in environ.keys():
    315         if '.' in key:
    316             # Extension, we don't care about its type
    317             continue
    318         assert_(type(environ[key]) is StringType,
    319             "Environmental variable %s is not a string: %r (value: %r)"
    320             % (key, type(environ[key]), environ[key]))
    321 
    322     assert_(type(environ['wsgi.version']) is TupleType,
    323         "wsgi.version should be a tuple (%r)" % (environ['wsgi.version'],))
    324     assert_(environ['wsgi.url_scheme'] in ('http', 'https'),
    325         "wsgi.url_scheme unknown: %r" % environ['wsgi.url_scheme'])
    326 
    327     check_input(environ['wsgi.input'])
    328     check_errors(environ['wsgi.errors'])
    329 
    330     # @@: these need filling out:
    331     if environ['REQUEST_METHOD'] not in (
    332         'GET', 'HEAD', 'POST', 'OPTIONS','PUT','DELETE','TRACE'):
    333         warnings.warn(
    334             "Unknown REQUEST_METHOD: %r" % environ['REQUEST_METHOD'],
    335             WSGIWarning)
    336 
    337     assert_(not environ.get('SCRIPT_NAME')
    338             or environ['SCRIPT_NAME'].startswith('/'),
    339         "SCRIPT_NAME doesn't start with /: %r" % environ['SCRIPT_NAME'])
    340     assert_(not environ.get('PATH_INFO')
    341             or environ['PATH_INFO'].startswith('/'),
    342         "PATH_INFO doesn't start with /: %r" % environ['PATH_INFO'])
    343     if environ.get('CONTENT_LENGTH'):
    344         assert_(int(environ['CONTENT_LENGTH']) >= 0,
    345             "Invalid CONTENT_LENGTH: %r" % environ['CONTENT_LENGTH'])
    346 
    347     if not environ.get('SCRIPT_NAME'):
    348         assert_('PATH_INFO' in environ,
    349             "One of SCRIPT_NAME or PATH_INFO are required (PATH_INFO "
    350             "should at least be '/' if SCRIPT_NAME is empty)")
    351     assert_(environ.get('SCRIPT_NAME') != '/',
    352         "SCRIPT_NAME cannot be '/'; it should instead be '', and "
    353         "PATH_INFO should be '/'")
    354 
    355 def check_input(wsgi_input):
    356     for attr in ['read', 'readline', 'readlines', '__iter__']:
    357         assert_(hasattr(wsgi_input, attr),
    358             "wsgi.input (%r) doesn't have the attribute %s"
    359             % (wsgi_input, attr))
    360 
    361 def check_errors(wsgi_errors):
    362     for attr in ['flush', 'write', 'writelines']:
    363         assert_(hasattr(wsgi_errors, attr),
    364             "wsgi.errors (%r) doesn't have the attribute %s"
    365             % (wsgi_errors, attr))
    366 
    367 def check_status(status):
    368     assert_(type(status) is StringType,
    369         "Status must be a string (not %r)" % status)
    370     # Implicitly check that we can turn it into an integer:
    371     status_code = status.split(None, 1)[0]
    372     assert_(len(status_code) == 3,
    373         "Status codes must be three characters: %r" % status_code)
    374     status_int = int(status_code)
    375     assert_(status_int >= 100, "Status code is invalid: %r" % status_int)
    376     if len(status) < 4 or status[3] != ' ':
    377         warnings.warn(
    378             "The status string (%r) should be a three-digit integer "
    379             "followed by a single space and a status explanation"
    380             % status, WSGIWarning)
    381 
    382 def check_headers(headers):
    383     assert_(type(headers) is ListType,
    384         "Headers (%r) must be of type list: %r"
    385         % (headers, type(headers)))
    386     header_names = {}
    387     for item in headers:
    388         assert_(type(item) is TupleType,
    389             "Individual headers (%r) must be of type tuple: %r"
    390             % (item, type(item)))
    391         assert_(len(item) == 2)
    392         name, value = item
    393         assert_(name.lower() != 'status',
    394             "The Status header cannot be used; it conflicts with CGI "
    395             "script, and HTTP status is not given through headers "
    396             "(value: %r)." % value)
    397         header_names[name.lower()] = None
    398         assert_('\n' not in name and ':' not in name,
    399             "Header names may not contain ':' or '\\n': %r" % name)
    400         assert_(header_re.search(name), "Bad header name: %r" % name)
    401         assert_(not name.endswith('-') and not name.endswith('_'),
    402             "Names may not end in '-' or '_': %r" % name)
    403         if bad_header_value_re.search(value):
    404             assert_(0, "Bad header value: %r (bad char: %r)"
    405             % (value, bad_header_value_re.search(value).group(0)))
    406 
    407 def check_content_type(status, headers):
    408     code = int(status.split(None, 1)[0])
    409     # @@: need one more person to verify this interpretation of RFC 2616
    410     #     http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
    411     NO_MESSAGE_BODY = (204, 304)
    412     for name, value in headers:
    413         if name.lower() == 'content-type':
    414             if code not in NO_MESSAGE_BODY:
    415                 return
    416             assert_(0, ("Content-Type header found in a %s response, "
    417                         "which must not return content.") % code)
    418     if code not in NO_MESSAGE_BODY:
    419         assert_(0, "No Content-Type header found in headers (%s)" % headers)
    420 
    421 def check_exc_info(exc_info):
    422     assert_(exc_info is None or type(exc_info) is type(()),
    423         "exc_info (%r) is not a tuple: %r" % (exc_info, type(exc_info)))
    424     # More exc_info checks?
    425 
    426 def check_iterator(iterator):
    427     # Technically a string is legal, which is why it's a really bad
    428     # idea, because it may cause the response to be returned
    429     # character-by-character
    430     assert_(not isinstance(iterator, str),
    431         "You should not return a string as your application iterator, "
    432         "instead return a single-item list containing that string.")
    433