'g8<dZddlmZddlZddlmZddlmZddl m Z ddl m Z dd l mZdd lmZej"rdd lmZdd lmZdd lmZGddeZGddeZefddZGddZGddZGddZGddZGddZy)a WSGI Protocol Linter ==================== This module provides a middleware that performs sanity checks on the behavior of the WSGI server and application. It checks that the :pep:`3333` WSGI spec is properly implemented. It also warns on some common HTTP errors such as non-empty responses for 304 status codes. .. autoclass:: LintMiddleware :copyright: 2007 Pallets :license: BSD-3-Clause ) annotationsN) TracebackType)urlparse)warn)Headers)is_entity_header) FileWrapper) StartResponse)WSGIApplication)WSGIEnvironmentceZdZdZy) WSGIWarningz Warning class for WSGI warnings.N__name__ __module__ __qualname____doc__P/var/www/html/knws/venv/lib/python3.12/site-packages/werkzeug/middleware/lint.pyrr!*rrceZdZdZy) HTTPWarningz Warning class for HTTP warnings.Nrrrrrr%rrrc t||ur9t|d|jdt|jdtdyy)Nz requires z, got . stacklevel)typerrr)contextobjneeds r check_typer$)sH Cy kDMM#4F49;M;M:PPQ R  rc4eZdZddZddZddZd dZd dZy) InputStreamc||_yN_streamselfstreams r__init__zInputStream.__init__3  rct|dk(rtdtdn t|dk7rtdtd|jj|S)NrzWSGI does not guarantee an EOF marker on the input stream, thus making calls to 'wsgi.input.read()' unsafe. Conforming servers may never return from this call.rrz2Too many parameters passed to 'wsgi.input.read()'.)lenrrr*readr,argss rr3zInputStream.read6sY t9> *  Y!^ D  !t||  $''rct|dk(rtdtdn,t|dk(rtdtdn td|jj |S)Nrz_Calls to 'wsgi.input.readline()' without arguments are unsafe. Use 'wsgi.input.read()' instead.rrr1z~'wsgi.input.readline()' was called with a size hint. WSGI does not support this, although it's available on all major servers.z5Too many arguments passed to 'wsgi.input.readline()'.)r2rr TypeErrorr*readliner4s rr8zInputStream.readlineGsf t9> 0   Y!^ O  ST T$t||$$d++rc t|jS#t$r tdtdtdcYSwxYw)Nz'wsgi.input' is not iterable.rrr)iterr*r7rrr,s r__iter__zInputStream.__iter__Zs;  % %  0+! L8O s&AAc\tdtd|jjy)Nz(The application closed the input stream!rrrrr*closer;s rr?zInputStream.closea  7QRS rN)r-z t.IO[bytes]returnNone)r5t.AnyrAbytes)rAzt.Iterator[bytes]rArB)rrrr.r3r8r<r?rrrr&r&2s(",&rr&c4eZdZddZddZd dZd dZd dZy) ErrorStreamc||_yr(r)r+s rr.zErrorStream.__init__gr/rc\td|t|jj|y)Nzwsgi.error.write())r$strr*writer,ss rrKzErrorStream.writejs!'C0 1rc8|jjyr()r*flushr;s rrOzErrorStream.flushns rc4|D]}|j|yr()rK)r,seqlines r writelineszErrorStream.writelinesqs D JJt  rc\tdtd|jjy)Nz(The application closed the error stream!rrr>r;s rr?zErrorStream.closeur@rN)r-z t.IO[str]rArB)rMrJrArBrE)rQzt.Iterable[str]rArB)rrrr.rKrOrSr?rrrrGrGfsrrGceZdZddZddZy) GuardedWritec ||_||_yr()_write_chunks)r,rKchunkss rr.zGuardedWrite.__init__{s  rctd|t|j||jj t |y)Nzwrite())r$rDrXrYappendr2rLs r__call__zGuardedWrite.__call__s/9a' A CF#rN)rKzt.Callable[[bytes], object]rZ list[int]rArB)rMrDrArB)rrrr.r]rrrrVrVzs $rrVcDeZdZ ddZddZd dZd dZd dZy) GuardedIteratorcp||_t|j|_d|_||_||_y)NF) _iteratorr:__next___nextclosed headers_setrZ)r,iteratorrfrZs rr.zGuardedIterator.__init__s2 "(^,,  & rc|Sr(rr;s rr<zGuardedIterator.__iter__s rc|jrtdtd|j}|jstdtdt d|t |jjt||S)Nz Iterated over closed 'app_iter'.rrz8The application returned before it started the response.zapplication iterator items) rerrrdrfr$rDrZr\r2)r,rvs rrczGuardedIterator.__next__se ;; 3[Q O ZZ\ J  /U; 3r7# rczd|_t|jdr|jj|jr|j\}}t |j }|jdt}|dk(rW|D]<\}}|j}|dvst|s'td|dtd >|rtd td yyd |cxkrd ksn|dk(r3|dk7rt|dtd |rt|dtd yy|||k7rtdtd yyyy)NTr?zcontent-length)r i0)expireszcontent-locationzEntity header z found in 304 response.rrz#304 responses must not have a body.drz- responses must have an empty content length.z responses must not have a body.zGContent-Length and the number of bytes sent to the client do not match.)rehasattrrbr?rfsumrZgetintlowerr rrr)r, status_codeheaders bytes_sentcontent_lengthkey_values rr?zGuardedIterator.closes_ 4>>7 + NN "   #'#3#3 KT[[)J$[[)9[DNc!#* KC))+C"AAFVG,SG3JK''( =##$  )c)[C-?!Q&&-'TU##$ &-'GH##$  +*0L, 1M+G rcb|js tdtdyy#t$rYywxYw)Nz4Iterator was garbage collected before it was closed.rr)rerr Exceptionr;s r__del__zGuardedIterator.__del__s8{{ J   s " ..N)rgt.Iterable[bytes]rftuple[int, Headers]rZr^rArB)rAr`)rArDrE)rrrr.r<rcr?r}rrrr`r`sB # )    "/b rr`cPeZdZdZd dZd dZ d dZd dZd dZddZ y)LintMiddlewareaWarns about common errors in the WSGI and HTTP behavior of the server and wrapped application. Some of the issues it checks are: - invalid status codes - non-bytes sent to the WSGI server - strings returned from the WSGI application - non-empty conditional responses - unquoted etags - relative URLs in the Location header - unsafe calls to wsgi.input - unclosed iterators Error information is emitted using the :mod:`warnings` module. :param app: The WSGI application to wrap. .. code-block:: python from werkzeug.middleware.lint import LintMiddleware app = LintMiddleware(app) c||_yr()app)r,rs rr.zLintMiddleware.__init__s rct|turtdtddD]}||vstd|dtd|dd k7rtd td|j d d }|j d d }|r|ddk7rtd|td|r|ddk7rtd|tdyyy)Nz/WSGI environment is not a standard Python dict.r) REQUEST_METHOD SERVER_NAME SERVER_PORT wsgi.version wsgi.input wsgi.errorszwsgi.multithreadzwsgi.multiprocessz wsgi.run_oncezRequired environment key z not foundrr)r1rz"Environ is not a WSGI 1.0 environ. SCRIPT_NAME PATH_INFOr/z+'SCRIPT_NAME' does not start with a slash: z)'PATH_INFO' does not start with a slash: )r dictrrrr)r,environry script_name path_infos r check_environzLintMiddleware.check_environs = $ A    C'!/wjA  " > "f , 5{q Qkk-4 KK R0 ;q>S0 =k_M  1, ;I=I -9rcFtd|t|jddd}t|dk7s|j st dt dt|dks|ddk7rt d |d t dt|}|d krt d t dt|turt d t d|D]}t|tust|dk7rt dt d|\}}t|tust|turt dt d|jdk(st dt d|"t|tst dt dt|} |j| || fS)Nstatusr1rrz!Status code must be three digits.rr zInvalid value for status zJ. Valid status strings are three digits, a space and a status explanation.rmzStatus code < 100 detected.zHeader list is not a list.rz#Header items must be 2-item tuples.z'Header keys and values must be strings.zFThe status header is not supported due to conflicts with the CGI spec.zInvalid value for exc_info.)r$rJsplitr2 isdecimalrrrsr listtuplert isinstancer check_headers) r,rrvexc_infostatus_code_strruitemnamevalue headers_objs rcheck_start_responsez#LintMiddleware.check_start_response)s 8VS) ,,tQ/2  1 $O,E,E,G 4ka P v;?fQi3. +F:6==  /*   .  J = $ -{q I DDz&#d)q.:KTUVKD%Dz$U 3(>={WXzz|x'4     8U(C .  Jg&  ;'K''rc^|jd}|^|jdr(|jdrtdtd|dd}|dd|d dcxk(rd k(sntd td|jd }|)t |j std tdyyy)Netag)zW/w/rz)Weak etag indicator should be upper case.rrrr1"zUnquoted etag emitted.locationz+Absolute URLs required for location header.)rr startswithrrrnetloc)r,rvrrs rrzLintMiddleware.check_headers]s{{6"  |,??4(C##$ ABx!HRS 0S0-{qI;;z*  H%,,A - rcJt|trtdtdyy)NzThe application returned a string. The response will send one character at a time to the client, which will kill performance. Return a list or iterable instead.rr)rrJrr)r,app_iters rcheck_iteratorzLintMiddleware.check_iteratorxs& h $ 6   %rct|dk7rtdtd|rtdtd|d}|dj|t |d|d<t |d|d<t |d <gg d fd }j|tjd |}j|t|tjtttfS) NrzA WSGI app takes two arguments.rz+A WSGI app does not take keyword arguments.rr1rrzwsgi.file_wrapperct|dvrtdt|dtd|rtdtd|d}|d}t|d k(r|dnd}j|||ddt |||S) N>rrzInvalid number of arguments: z, expected 2 or 3.rrz1'start_response' does not take keyword arguments.rr1r)r2rrrrV) r5kwargsrrvrrZrfr,start_responses rchecking_start_responsez8LintMiddleware.__call__..checking_start_responses4y&3CI;>PQ  G  q'F-1!WGt9>Qt "66vwQKNvw I6R Rrr )r5rCrrCrAzt.Callable[[bytes], None])r2rrrr&rGr rtcastrr`rrsr) r,r5rrrrrZrfrs ` @@@rr]zLintMiddleware.__call__s  t9> 2KA N  ={WX $(7(,Q 7# +GL,A B !,W]-C!D (3#$#%  S S$) S & S S488GQVVO=T%UV H% affU3<0+>  rN)rr rArB)rr rArB)rrJrvzlist[tuple[str, str]]rz?None | tuple[type[BaseException], BaseException, TracebackType]rAr)rvrrArB)rr~rArB)r5rCrrCrAr~) rrrrr.rrrrr]rrrrrsN,*X2(2('2(T 2(  2(h65 rr)r!rJr"objectr#r rArB) r __future__rtypingrtypesr urllib.parserwarningsrdatastructuresrhttpr wsgir TYPE_CHECKING_typeshed.wsgir r r WarningrrrJr$r&rGrVr`rrrrrs #!$#??,..+'++'+8; 11h($$[[|T T r