Python code coverage for Lib/CGIHTTPServer.py

#	count	content
1	n/a	"""CGI-savvy HTTP Server.
2	n/a
3	n/a	This module builds on SimpleHTTPServer by implementing GET and POST
4	n/a	requests to cgi-bin scripts.
5	n/a
6	n/a	If the os.fork() function is not present (e.g. on Windows),
7	n/a	os.popen2() is used as a fallback, with slightly altered semantics; if
8	n/a	that function is not present either (e.g. on Macintosh), only Python
9	n/a	scripts are supported, and they are executed by the current process.
10	n/a
11	n/a	In all cases, the implementation is intentionally naive -- all
12	n/a	requests are executed sychronously.
13	n/a
14	n/a	SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
15	n/a	-- it may execute arbitrary Python code or external programs.
16	n/a
17	n/a	Note that status code 200 is sent prior to execution of a CGI script, so
18	n/a	scripts cannot send other status codes such as 302 (redirect).
19	1	"""
20	n/a
21	n/a
22	1	__version__ = "0.4"
23	n/a
24	1	__all__ = ["CGIHTTPRequestHandler"]
25	n/a
26	1	import os
27	1	import sys
28	1	import urllib
29	1	import BaseHTTPServer
30	1	import SimpleHTTPServer
31	1	import select
32	n/a
33	n/a
34	2	class CGIHTTPRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
35	n/a
36	n/a	"""Complete HTTP server with GET, HEAD and POST commands.
37	n/a
38	n/a	GET and HEAD also support running CGI scripts.
39	n/a
40	n/a	The POST command is only implemented for CGI scripts.
41	n/a
42	1	"""
43	n/a
44	n/a	# Determine platform specifics
45	1	have_fork = hasattr(os, 'fork')
46	1	have_popen2 = hasattr(os, 'popen2')
47	1	have_popen3 = hasattr(os, 'popen3')
48	n/a
49	n/a	# Make rfile unbuffered -- we need to read one line and then pass
50	n/a	# the rest to a subprocess, so we can't use buffered input.
51	1	rbufsize = 0
52	n/a
53	1	def do_POST(self):
54	n/a	"""Serve a POST request.
55	n/a
56	n/a	This is only implemented for CGI scripts.
57	n/a
58	n/a	"""
59	n/a
60	1	if self.is_cgi():
61	1	self.run_cgi()
62	n/a	else:
63	0	self.send_error(501, "Can only POST to CGI scripts")
64	n/a
65	1	def send_head(self):
66	n/a	"""Version of send_head that support CGI scripts"""
67	4	if self.is_cgi():
68	4	return self.run_cgi()
69	n/a	else:
70	0	return SimpleHTTPServer.SimpleHTTPRequestHandler.send_head(self)
71	n/a
72	1	def is_cgi(self):
73	n/a	"""Test whether self.path corresponds to a CGI script.
74	n/a
75	n/a	Returns True and updates the cgi_info attribute to the tuple
76	n/a	(dir, rest) if self.path requires running a CGI script.
77	n/a	Returns False otherwise.
78	n/a
79	n/a	If any exception is raised, the caller should assume that
80	n/a	self.path was rejected as invalid and act accordingly.
81	n/a
82	n/a	The default implementation tests whether the normalized url
83	n/a	path begins with one of the strings in self.cgi_directories
84	n/a	(and the next character is a '/' or the end of the string).
85	n/a	"""
86	5	splitpath = _url_collapse_path_split(self.path)
87	5	if splitpath[0] in self.cgi_directories:
88	5	self.cgi_info = splitpath
89	5	return True
90	0	return False
91	n/a
92	1	cgi_directories = ['/cgi-bin', '/htbin']
93	n/a
94	1	def is_executable(self, path):
95	n/a	"""Test whether argument path is an executable file."""
96	0	return executable(path)
97	n/a
98	1	def is_python(self, path):
99	n/a	"""Test whether argument path is a Python script."""
100	4	head, tail = os.path.splitext(path)
101	4	return tail.lower() in (".py", ".pyw")
102	n/a
103	1	def run_cgi(self):
104	n/a	"""Execute a CGI script."""
105	5	path = self.path
106	5	dir, rest = self.cgi_info
107	n/a
108	5	i = path.find('/', len(dir) + 1)
109	5	while i >= 0:
110	0	nextdir = path[:i]
111	0	nextrest = path[i+1:]
112	n/a
113	0	scriptdir = self.translate_path(nextdir)
114	0	if os.path.isdir(scriptdir):
115	0	dir, rest = nextdir, nextrest
116	0	i = path.find('/', len(dir) + 1)
117	n/a	else:
118	0	break
119	n/a
120	n/a	# find an explicit query string, if present.
121	5	i = rest.rfind('?')
122	5	if i >= 0:
123	0	rest, query = rest[:i], rest[i+1:]
124	n/a	else:
125	5	query = ''
126	n/a
127	n/a	# dissect the part after the directory name into a script name &
128	n/a	# a possible additional path, to be stored in PATH_INFO.
129	5	i = rest.find('/')
130	5	if i >= 0:
131	0	script, rest = rest[:i], rest[i:]
132	n/a	else:
133	5	script, rest = rest, ''
134	n/a
135	5	scriptname = dir + '/' + script
136	5	scriptfile = self.translate_path(scriptname)
137	5	if not os.path.exists(scriptfile):
138	1	self.send_error(404, "No such CGI script (%r)" % scriptname)
139	1	return
140	4	if not os.path.isfile(scriptfile):
141	0	self.send_error(403, "CGI script is not a plain file (%r)" %
142	0	scriptname)
143	0	return
144	4	ispy = self.is_python(scriptname)
145	4	if not ispy:
146	0	if not (self.have_fork or self.have_popen2 or self.have_popen3):
147	0	self.send_error(403, "CGI script is not a Python script (%r)" %
148	0	scriptname)
149	0	return
150	0	if not self.is_executable(scriptfile):
151	0	self.send_error(403, "CGI script is not executable (%r)" %
152	0	scriptname)
153	0	return
154	n/a
155	n/a	# Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
156	n/a	# XXX Much of the following could be prepared ahead of time!
157	4	env = {}
158	4	env['SERVER_SOFTWARE'] = self.version_string()
159	4	env['SERVER_NAME'] = self.server.server_name
160	4	env['GATEWAY_INTERFACE'] = 'CGI/1.1'
161	4	env['SERVER_PROTOCOL'] = self.protocol_version
162	4	env['SERVER_PORT'] = str(self.server.server_port)
163	4	env['REQUEST_METHOD'] = self.command
164	4	uqrest = urllib.unquote(rest)
165	4	env['PATH_INFO'] = uqrest
166	4	env['PATH_TRANSLATED'] = self.translate_path(uqrest)
167	4	env['SCRIPT_NAME'] = scriptname
168	4	if query:
169	0	env['QUERY_STRING'] = query
170	4	host = self.address_string()
171	4	if host != self.client_address[0]:
172	4	env['REMOTE_HOST'] = host
173	4	env['REMOTE_ADDR'] = self.client_address[0]
174	4	authorization = self.headers.getheader("authorization")
175	4	if authorization:
176	1	authorization = authorization.split()
177	1	if len(authorization) == 2:
178	1	import base64, binascii
179	1	env['AUTH_TYPE'] = authorization[0]
180	1	if authorization[0].lower() == "basic":
181	1	try:
182	1	authorization = base64.decodestring(authorization[1])
183	0	except binascii.Error:
184	0	pass
185	n/a	else:
186	1	authorization = authorization.split(':')
187	1	if len(authorization) == 2:
188	1	env['REMOTE_USER'] = authorization[0]
189	n/a	# XXX REMOTE_IDENT
190	4	if self.headers.typeheader is None:
191	3	env['CONTENT_TYPE'] = self.headers.type
192	n/a	else:
193	1	env['CONTENT_TYPE'] = self.headers.typeheader
194	4	length = self.headers.getheader('content-length')
195	4	if length:
196	1	env['CONTENT_LENGTH'] = length
197	4	referer = self.headers.getheader('referer')
198	4	if referer:
199	0	env['HTTP_REFERER'] = referer
200	4	accept = []
201	4	for line in self.headers.getallmatchingheaders('accept'):
202	0	if line[:1] in "\t\n\r ":
203	0	accept.append(line.strip())
204	n/a	else:
205	0	accept = accept + line[7:].split(',')
206	4	env['HTTP_ACCEPT'] = ','.join(accept)
207	4	ua = self.headers.getheader('user-agent')
208	4	if ua:
209	0	env['HTTP_USER_AGENT'] = ua
210	4	co = filter(None, self.headers.getheaders('cookie'))
211	4	if co:
212	0	env['HTTP_COOKIE'] = ', '.join(co)
213	n/a	# XXX Other HTTP_* headers
214	n/a	# Since we're setting the env in the parent, provide empty
215	n/a	# values to override previously set values
216	4	for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
217	28	'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
218	24	env.setdefault(k, "")
219	4	os.environ.update(env)
220	n/a
221	4	self.send_response(200, "Script output follows")
222	n/a
223	4	decoded_query = query.replace('+', ' ')
224	n/a
225	4	if self.have_fork:
226	n/a	# Unix -- fork as we should
227	4	args = [script]
228	4	if '=' not in decoded_query:
229	4	args.append(decoded_query)
230	4	nobody = nobody_uid()
231	4	self.wfile.flush() # Always flush before forking
232	4	pid = os.fork()
233	4	if pid != 0:
234	n/a	# Parent
235	4	pid, sts = os.waitpid(pid, 0)
236	n/a	# throw away additional data [see bug #427345]
237	4	while select.select([self.rfile], [], [], 0)[0]:
238	0	if not self.rfile.read(1):
239	0	break
240	4	if sts:
241	0	self.log_error("CGI script exit status %#x", sts)
242	4	return
243	n/a	# Child
244	0	try:
245	0	try:
246	0	os.setuid(nobody)
247	0	except os.error:
248	0	pass
249	0	os.dup2(self.rfile.fileno(), 0)
250	0	os.dup2(self.wfile.fileno(), 1)
251	0	os.execve(scriptfile, args, os.environ)
252	0	except:
253	0	self.server.handle_error(self.request, self.client_address)
254	0	os._exit(127)
255	n/a
256	n/a	else:
257	n/a	# Non Unix - use subprocess
258	0	import subprocess
259	0	cmdline = [scriptfile]
260	0	if self.is_python(scriptfile):
261	0	interp = sys.executable
262	0	if interp.lower().endswith("w.exe"):
263	n/a	# On Windows, use python.exe, not pythonw.exe
264	0	interp = interp[:-5] + interp[-4:]
265	0	cmdline = [interp, '-u'] + cmdline
266	0	if '=' not in query:
267	0	cmdline.append(query)
268	n/a
269	0	self.log_message("command: %s", subprocess.list2cmdline(cmdline))
270	0	try:
271	0	nbytes = int(length)
272	0	except (TypeError, ValueError):
273	0	nbytes = 0
274	0	p = subprocess.Popen(cmdline,
275	0	stdin = subprocess.PIPE,
276	0	stdout = subprocess.PIPE,
277	0	stderr = subprocess.PIPE
278	n/a	)
279	0	if self.command.lower() == "post" and nbytes > 0:
280	0	data = self.rfile.read(nbytes)
281	n/a	else:
282	0	data = None
283	n/a	# throw away additional data [see bug #427345]
284	0	while select.select([self.rfile._sock], [], [], 0)[0]:
285	0	if not self.rfile._sock.recv(1):
286	0	break
287	0	stdout, stderr = p.communicate(data)
288	0	self.wfile.write(stdout)
289	0	if stderr:
290	0	self.log_error('%s', stderr)
291	0	status = p.returncode
292	0	if status:
293	0	self.log_error("CGI script exit status %#x", status)
294	n/a	else:
295	0	self.log_message("CGI script exited OK")
296	n/a
297	n/a
298	n/a	# TODO(gregory.p.smith): Move this into an appropriate library.
299	1	def _url_collapse_path_split(path):
300	n/a	"""
301	n/a	Given a URL path, remove extra '/'s and '.' path elements and collapse
302	n/a	any '..' references.
303	n/a
304	n/a	Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
305	n/a
306	n/a	Returns: A tuple of (head, tail) where tail is everything after the final /
307	n/a	and head is everything before it. Head will always start with a '/' and,
308	n/a	if it contains anything else, never have a trailing '/'.
309	n/a
310	n/a	Raises: IndexError if too many '..' occur within the path.
311	n/a	"""
312	n/a	# Similar to os.path.split(os.path.normpath(path)) but specific to URL
313	n/a	# path semantics rather than local operating system semantics.
314	31	path_parts = []
315	192	for part in path.split('/'):
316	161	if part == '.':
317	10	path_parts.append('')
318	n/a	else:
319	151	path_parts.append(part)
320	n/a	# Filter out blank non trailing parts before consuming the '..'.
321	161	path_parts = [part for part in path_parts[:-1] if part] + path_parts[-1:]
322	31	if path_parts:
323	31	tail_part = path_parts.pop()
324	n/a	else:
325	0	tail_part = ''
326	31	head_parts = []
327	112	for part in path_parts:
328	83	if part == '..':
329	30	head_parts.pop()
330	n/a	else:
331	53	head_parts.append(part)
332	29	if tail_part and tail_part == '..':
333	4	head_parts.pop()
334	2	tail_part = ''
335	27	return ('/' + '/'.join(head_parts), tail_part)
336	n/a
337	n/a
338	1	nobody = None
339	n/a
340	1	def nobody_uid():
341	n/a	"""Internal routine to get nobody's uid"""
342	n/a	global nobody
343	4	if nobody:
344	3	return nobody
345	1	try:
346	1	import pwd
347	0	except ImportError:
348	0	return -1
349	1	try:
350	1	nobody = pwd.getpwnam('nobody')[2]
351	0	except KeyError:
352	0	nobody = 1 + max(map(lambda x: x[2], pwd.getpwall()))
353	1	return nobody
354	n/a
355	n/a
356	1	def executable(path):
357	n/a	"""Test for executable file."""
358	0	try:
359	0	st = os.stat(path)
360	0	except os.error:
361	0	return False
362	0	return st.st_mode & 0111 != 0
363	n/a
364	n/a
365	1	def test(HandlerClass = CGIHTTPRequestHandler,
366	1	ServerClass = BaseHTTPServer.HTTPServer):
367	0	SimpleHTTPServer.test(HandlerClass, ServerClass)
368	n/a
369	n/a
370	1	if __name__ == '__main__':
371	0	test()