Mercurial > repos > rliterman > csp2

annotate CSP2/CSP2_env/env-d9b9114564458d9d-741b3de822f2aaca6c6caa4325c4afce/lib/python3.8/http/server.py @ 69:33d812a61356

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
planemo upload commit 2e9511a184a1ca667c7be0c6321a36dc4e3d116d
author jpayne
date Tue, 18 Mar 2025 17:55:14 -0400
parents
children
rev   line source
jpayne@69 1 """HTTP server classes.
jpayne@69 2
jpayne@69 3 Note: BaseHTTPRequestHandler doesn't implement any HTTP request; see
jpayne@69 4 SimpleHTTPRequestHandler for simple implementations of GET, HEAD and POST,
jpayne@69 5 and CGIHTTPRequestHandler for CGI scripts.
jpayne@69 6
jpayne@69 7 It does, however, optionally implement HTTP/1.1 persistent connections,
jpayne@69 8 as of version 0.3.
jpayne@69 9
jpayne@69 10 Notes on CGIHTTPRequestHandler
jpayne@69 11 ------------------------------
jpayne@69 12
jpayne@69 13 This class implements GET and POST requests to cgi-bin scripts.
jpayne@69 14
jpayne@69 15 If the os.fork() function is not present (e.g. on Windows),
jpayne@69 16 subprocess.Popen() is used as a fallback, with slightly altered semantics.
jpayne@69 17
jpayne@69 18 In all cases, the implementation is intentionally naive -- all
jpayne@69 19 requests are executed synchronously.
jpayne@69 20
jpayne@69 21 SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
jpayne@69 22 -- it may execute arbitrary Python code or external programs.
jpayne@69 23
jpayne@69 24 Note that status code 200 is sent prior to execution of a CGI script, so
jpayne@69 25 scripts cannot send other status codes such as 302 (redirect).
jpayne@69 26
jpayne@69 27 XXX To do:
jpayne@69 28
jpayne@69 29 - log requests even later (to capture byte count)
jpayne@69 30 - log user-agent header and other interesting goodies
jpayne@69 31 - send error log to separate file
jpayne@69 32 """
jpayne@69 33
jpayne@69 34
jpayne@69 35 # See also:
jpayne@69 36 #
jpayne@69 37 # HTTP Working Group T. Berners-Lee
jpayne@69 38 # INTERNET-DRAFT R. T. Fielding
jpayne@69 39 # <draft-ietf-http-v10-spec-00.txt> H. Frystyk Nielsen
jpayne@69 40 # Expires September 8, 1995 March 8, 1995
jpayne@69 41 #
jpayne@69 42 # URL: http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-v10-spec-00.txt
jpayne@69 43 #
jpayne@69 44 # and
jpayne@69 45 #
jpayne@69 46 # Network Working Group R. Fielding
jpayne@69 47 # Request for Comments: 2616 et al
jpayne@69 48 # Obsoletes: 2068 June 1999
jpayne@69 49 # Category: Standards Track
jpayne@69 50 #
jpayne@69 51 # URL: http://www.faqs.org/rfcs/rfc2616.html
jpayne@69 52
jpayne@69 53 # Log files
jpayne@69 54 # ---------
jpayne@69 55 #
jpayne@69 56 # Here's a quote from the NCSA httpd docs about log file format.
jpayne@69 57 #
jpayne@69 58 # | The logfile format is as follows. Each line consists of:
jpayne@69 59 # |
jpayne@69 60 # | host rfc931 authuser [DD/Mon/YYYY:hh:mm:ss] "request" ddd bbbb
jpayne@69 61 # |
jpayne@69 62 # | host: Either the DNS name or the IP number of the remote client
jpayne@69 63 # | rfc931: Any information returned by identd for this person,
jpayne@69 64 # | - otherwise.
jpayne@69 65 # | authuser: If user sent a userid for authentication, the user name,
jpayne@69 66 # | - otherwise.
jpayne@69 67 # | DD: Day
jpayne@69 68 # | Mon: Month (calendar name)
jpayne@69 69 # | YYYY: Year
jpayne@69 70 # | hh: hour (24-hour format, the machine's timezone)
jpayne@69 71 # | mm: minutes
jpayne@69 72 # | ss: seconds
jpayne@69 73 # | request: The first line of the HTTP request as sent by the client.
jpayne@69 74 # | ddd: the status code returned by the server, - if not available.
jpayne@69 75 # | bbbb: the total number of bytes sent,
jpayne@69 76 # | *not including the HTTP/1.0 header*, - if not available
jpayne@69 77 # |
jpayne@69 78 # | You can determine the name of the file accessed through request.
jpayne@69 79 #
jpayne@69 80 # (Actually, the latter is only true if you know the server configuration
jpayne@69 81 # at the time the request was made!)
jpayne@69 82
jpayne@69 83 __version__ = "0.6"
jpayne@69 84
jpayne@69 85 __all__ = [
jpayne@69 86 "HTTPServer", "ThreadingHTTPServer", "BaseHTTPRequestHandler",
jpayne@69 87 "SimpleHTTPRequestHandler", "CGIHTTPRequestHandler",
jpayne@69 88 ]
jpayne@69 89
jpayne@69 90 import copy
jpayne@69 91 import datetime
jpayne@69 92 import email.utils
jpayne@69 93 import html
jpayne@69 94 import http.client
jpayne@69 95 import io
jpayne@69 96 import mimetypes
jpayne@69 97 import os
jpayne@69 98 import posixpath
jpayne@69 99 import select
jpayne@69 100 import shutil
jpayne@69 101 import socket # For gethostbyaddr()
jpayne@69 102 import socketserver
jpayne@69 103 import sys
jpayne@69 104 import time
jpayne@69 105 import urllib.parse
jpayne@69 106 from functools import partial
jpayne@69 107
jpayne@69 108 from http import HTTPStatus
jpayne@69 109
jpayne@69 110
jpayne@69 111 # Default error message template
jpayne@69 112 DEFAULT_ERROR_MESSAGE = """\
jpayne@69 113 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
jpayne@69 114 "http://www.w3.org/TR/html4/strict.dtd">
jpayne@69 115 <html>
jpayne@69 116 <head>
jpayne@69 117 <meta http-equiv="Content-Type" content="text/html;charset=utf-8">
jpayne@69 118 <title>Error response</title>
jpayne@69 119 </head>
jpayne@69 120 <body>
jpayne@69 121 <h1>Error response</h1>
jpayne@69 122 <p>Error code: %(code)d</p>
jpayne@69 123 <p>Message: %(message)s.</p>
jpayne@69 124 <p>Error code explanation: %(code)s - %(explain)s.</p>
jpayne@69 125 </body>
jpayne@69 126 </html>
jpayne@69 127 """
jpayne@69 128
jpayne@69 129 DEFAULT_ERROR_CONTENT_TYPE = "text/html;charset=utf-8"
jpayne@69 130
jpayne@69 131 class HTTPServer(socketserver.TCPServer):
jpayne@69 132
jpayne@69 133 allow_reuse_address = 1 # Seems to make sense in testing environment
jpayne@69 134
jpayne@69 135 def server_bind(self):
jpayne@69 136 """Override server_bind to store the server name."""
jpayne@69 137 socketserver.TCPServer.server_bind(self)
jpayne@69 138 host, port = self.server_address[:2]
jpayne@69 139 self.server_name = socket.getfqdn(host)
jpayne@69 140 self.server_port = port
jpayne@69 141
jpayne@69 142
jpayne@69 143 class ThreadingHTTPServer(socketserver.ThreadingMixIn, HTTPServer):
jpayne@69 144 daemon_threads = True
jpayne@69 145
jpayne@69 146
jpayne@69 147 class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
jpayne@69 148
jpayne@69 149 """HTTP request handler base class.
jpayne@69 150
jpayne@69 151 The following explanation of HTTP serves to guide you through the
jpayne@69 152 code as well as to expose any misunderstandings I may have about
jpayne@69 153 HTTP (so you don't need to read the code to figure out I'm wrong
jpayne@69 154 :-).
jpayne@69 155
jpayne@69 156 HTTP (HyperText Transfer Protocol) is an extensible protocol on
jpayne@69 157 top of a reliable stream transport (e.g. TCP/IP). The protocol
jpayne@69 158 recognizes three parts to a request:
jpayne@69 159
jpayne@69 160 1. One line identifying the request type and path
jpayne@69 161 2. An optional set of RFC-822-style headers
jpayne@69 162 3. An optional data part
jpayne@69 163
jpayne@69 164 The headers and data are separated by a blank line.
jpayne@69 165
jpayne@69 166 The first line of the request has the form
jpayne@69 167
jpayne@69 168 <command> <path> <version>
jpayne@69 169
jpayne@69 170 where <command> is a (case-sensitive) keyword such as GET or POST,
jpayne@69 171 <path> is a string containing path information for the request,
jpayne@69 172 and <version> should be the string "HTTP/1.0" or "HTTP/1.1".
jpayne@69 173 <path> is encoded using the URL encoding scheme (using %xx to signify
jpayne@69 174 the ASCII character with hex code xx).
jpayne@69 175
jpayne@69 176 The specification specifies that lines are separated by CRLF but
jpayne@69 177 for compatibility with the widest range of clients recommends
jpayne@69 178 servers also handle LF. Similarly, whitespace in the request line
jpayne@69 179 is treated sensibly (allowing multiple spaces between components
jpayne@69 180 and allowing trailing whitespace).
jpayne@69 181
jpayne@69 182 Similarly, for output, lines ought to be separated by CRLF pairs
jpayne@69 183 but most clients grok LF characters just fine.
jpayne@69 184
jpayne@69 185 If the first line of the request has the form
jpayne@69 186
jpayne@69 187 <command> <path>
jpayne@69 188
jpayne@69 189 (i.e. <version> is left out) then this is assumed to be an HTTP
jpayne@69 190 0.9 request; this form has no optional headers and data part and
jpayne@69 191 the reply consists of just the data.
jpayne@69 192
jpayne@69 193 The reply form of the HTTP 1.x protocol again has three parts:
jpayne@69 194
jpayne@69 195 1. One line giving the response code
jpayne@69 196 2. An optional set of RFC-822-style headers
jpayne@69 197 3. The data
jpayne@69 198
jpayne@69 199 Again, the headers and data are separated by a blank line.
jpayne@69 200
jpayne@69 201 The response code line has the form
jpayne@69 202
jpayne@69 203 <version> <responsecode> <responsestring>
jpayne@69 204
jpayne@69 205 where <version> is the protocol version ("HTTP/1.0" or "HTTP/1.1"),
jpayne@69 206 <responsecode> is a 3-digit response code indicating success or
jpayne@69 207 failure of the request, and <responsestring> is an optional
jpayne@69 208 human-readable string explaining what the response code means.
jpayne@69 209
jpayne@69 210 This server parses the request and the headers, and then calls a
jpayne@69 211 function specific to the request type (<command>). Specifically,
jpayne@69 212 a request SPAM will be handled by a method do_SPAM(). If no
jpayne@69 213 such method exists the server sends an error response to the
jpayne@69 214 client. If it exists, it is called with no arguments:
jpayne@69 215
jpayne@69 216 do_SPAM()
jpayne@69 217
jpayne@69 218 Note that the request name is case sensitive (i.e. SPAM and spam
jpayne@69 219 are different requests).
jpayne@69 220
jpayne@69 221 The various request details are stored in instance variables:
jpayne@69 222
jpayne@69 223 - client_address is the client IP address in the form (host,
jpayne@69 224 port);
jpayne@69 225
jpayne@69 226 - command, path and version are the broken-down request line;
jpayne@69 227
jpayne@69 228 - headers is an instance of email.message.Message (or a derived
jpayne@69 229 class) containing the header information;
jpayne@69 230
jpayne@69 231 - rfile is a file object open for reading positioned at the
jpayne@69 232 start of the optional input data part;
jpayne@69 233
jpayne@69 234 - wfile is a file object open for writing.
jpayne@69 235
jpayne@69 236 IT IS IMPORTANT TO ADHERE TO THE PROTOCOL FOR WRITING!
jpayne@69 237
jpayne@69 238 The first thing to be written must be the response line. Then
jpayne@69 239 follow 0 or more header lines, then a blank line, and then the
jpayne@69 240 actual data (if any). The meaning of the header lines depends on
jpayne@69 241 the command executed by the server; in most cases, when data is
jpayne@69 242 returned, there should be at least one header line of the form
jpayne@69 243
jpayne@69 244 Content-type: <type>/<subtype>
jpayne@69 245
jpayne@69 246 where <type> and <subtype> should be registered MIME types,
jpayne@69 247 e.g. "text/html" or "text/plain".
jpayne@69 248
jpayne@69 249 """
jpayne@69 250
jpayne@69 251 # The Python system version, truncated to its first component.
jpayne@69 252 sys_version = "Python/" + sys.version.split()[0]
jpayne@69 253
jpayne@69 254 # The server software version. You may want to override this.
jpayne@69 255 # The format is multiple whitespace-separated strings,
jpayne@69 256 # where each string is of the form name[/version].
jpayne@69 257 server_version = "BaseHTTP/" + __version__
jpayne@69 258
jpayne@69 259 error_message_format = DEFAULT_ERROR_MESSAGE
jpayne@69 260 error_content_type = DEFAULT_ERROR_CONTENT_TYPE
jpayne@69 261
jpayne@69 262 # The default request version. This only affects responses up until
jpayne@69 263 # the point where the request line is parsed, so it mainly decides what
jpayne@69 264 # the client gets back when sending a malformed request line.
jpayne@69 265 # Most web servers default to HTTP 0.9, i.e. don't send a status line.
jpayne@69 266 default_request_version = "HTTP/0.9"
jpayne@69 267
jpayne@69 268 def parse_request(self):
jpayne@69 269 """Parse a request (internal).
jpayne@69 270
jpayne@69 271 The request should be stored in self.raw_requestline; the results
jpayne@69 272 are in self.command, self.path, self.request_version and
jpayne@69 273 self.headers.
jpayne@69 274
jpayne@69 275 Return True for success, False for failure; on failure, any relevant
jpayne@69 276 error response has already been sent back.
jpayne@69 277
jpayne@69 278 """
jpayne@69 279 self.command = None # set in case of error on the first line
jpayne@69 280 self.request_version = version = self.default_request_version
jpayne@69 281 self.close_connection = True
jpayne@69 282 requestline = str(self.raw_requestline, 'iso-8859-1')
jpayne@69 283 requestline = requestline.rstrip('\r\n')
jpayne@69 284 self.requestline = requestline
jpayne@69 285 words = requestline.split()
jpayne@69 286 if len(words) == 0:
jpayne@69 287 return False
jpayne@69 288
jpayne@69 289 if len(words) >= 3: # Enough to determine protocol version
jpayne@69 290 version = words[-1]
jpayne@69 291 try:
jpayne@69 292 if not version.startswith('HTTP/'):
jpayne@69 293 raise ValueError
jpayne@69 294 base_version_number = version.split('/', 1)[1]
jpayne@69 295 version_number = base_version_number.split(".")
jpayne@69 296 # RFC 2145 section 3.1 says there can be only one "." and
jpayne@69 297 # - major and minor numbers MUST be treated as
jpayne@69 298 # separate integers;
jpayne@69 299 # - HTTP/2.4 is a lower version than HTTP/2.13, which in
jpayne@69 300 # turn is lower than HTTP/12.3;
jpayne@69 301 # - Leading zeros MUST be ignored by recipients.
jpayne@69 302 if len(version_number) != 2:
jpayne@69 303 raise ValueError
jpayne@69 304 version_number = int(version_number[0]), int(version_number[1])
jpayne@69 305 except (ValueError, IndexError):
jpayne@69 306 self.send_error(
jpayne@69 307 HTTPStatus.BAD_REQUEST,
jpayne@69 308 "Bad request version (%r)" % version)
jpayne@69 309 return False
jpayne@69 310 if version_number >= (1, 1) and self.protocol_version >= "HTTP/1.1":
jpayne@69 311 self.close_connection = False
jpayne@69 312 if version_number >= (2, 0):
jpayne@69 313 self.send_error(
jpayne@69 314 HTTPStatus.HTTP_VERSION_NOT_SUPPORTED,
jpayne@69 315 "Invalid HTTP version (%s)" % base_version_number)
jpayne@69 316 return False
jpayne@69 317 self.request_version = version
jpayne@69 318
jpayne@69 319 if not 2 <= len(words) <= 3:
jpayne@69 320 self.send_error(
jpayne@69 321 HTTPStatus.BAD_REQUEST,
jpayne@69 322 "Bad request syntax (%r)" % requestline)
jpayne@69 323 return False
jpayne@69 324 command, path = words[:2]
jpayne@69 325 if len(words) == 2:
jpayne@69 326 self.close_connection = True
jpayne@69 327 if command != 'GET':
jpayne@69 328 self.send_error(
jpayne@69 329 HTTPStatus.BAD_REQUEST,
jpayne@69 330 "Bad HTTP/0.9 request type (%r)" % command)
jpayne@69 331 return False
jpayne@69 332 self.command, self.path = command, path
jpayne@69 333
jpayne@69 334 # Examine the headers and look for a Connection directive.
jpayne@69 335 try:
jpayne@69 336 self.headers = http.client.parse_headers(self.rfile,
jpayne@69 337 _class=self.MessageClass)
jpayne@69 338 except http.client.LineTooLong as err:
jpayne@69 339 self.send_error(
jpayne@69 340 HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
jpayne@69 341 "Line too long",
jpayne@69 342 str(err))
jpayne@69 343 return False
jpayne@69 344 except http.client.HTTPException as err:
jpayne@69 345 self.send_error(
jpayne@69 346 HTTPStatus.REQUEST_HEADER_FIELDS_TOO_LARGE,
jpayne@69 347 "Too many headers",
jpayne@69 348 str(err)
jpayne@69 349 )
jpayne@69 350 return False
jpayne@69 351
jpayne@69 352 conntype = self.headers.get('Connection', "")
jpayne@69 353 if conntype.lower() == 'close':
jpayne@69 354 self.close_connection = True
jpayne@69 355 elif (conntype.lower() == 'keep-alive' and
jpayne@69 356 self.protocol_version >= "HTTP/1.1"):
jpayne@69 357 self.close_connection = False
jpayne@69 358 # Examine the headers and look for an Expect directive
jpayne@69 359 expect = self.headers.get('Expect', "")
jpayne@69 360 if (expect.lower() == "100-continue" and
jpayne@69 361 self.protocol_version >= "HTTP/1.1" and
jpayne@69 362 self.request_version >= "HTTP/1.1"):
jpayne@69 363 if not self.handle_expect_100():
jpayne@69 364 return False
jpayne@69 365 return True
jpayne@69 366
jpayne@69 367 def handle_expect_100(self):
jpayne@69 368 """Decide what to do with an "Expect: 100-continue" header.
jpayne@69 369
jpayne@69 370 If the client is expecting a 100 Continue response, we must
jpayne@69 371 respond with either a 100 Continue or a final response before
jpayne@69 372 waiting for the request body. The default is to always respond
jpayne@69 373 with a 100 Continue. You can behave differently (for example,
jpayne@69 374 reject unauthorized requests) by overriding this method.
jpayne@69 375
jpayne@69 376 This method should either return True (possibly after sending
jpayne@69 377 a 100 Continue response) or send an error response and return
jpayne@69 378 False.
jpayne@69 379
jpayne@69 380 """
jpayne@69 381 self.send_response_only(HTTPStatus.CONTINUE)
jpayne@69 382 self.end_headers()
jpayne@69 383 return True
jpayne@69 384
jpayne@69 385 def handle_one_request(self):
jpayne@69 386 """Handle a single HTTP request.
jpayne@69 387
jpayne@69 388 You normally don't need to override this method; see the class
jpayne@69 389 __doc__ string for information on how to handle specific HTTP
jpayne@69 390 commands such as GET and POST.
jpayne@69 391
jpayne@69 392 """
jpayne@69 393 try:
jpayne@69 394 self.raw_requestline = self.rfile.readline(65537)
jpayne@69 395 if len(self.raw_requestline) > 65536:
jpayne@69 396 self.requestline = ''
jpayne@69 397 self.request_version = ''
jpayne@69 398 self.command = ''
jpayne@69 399 self.send_error(HTTPStatus.REQUEST_URI_TOO_LONG)
jpayne@69 400 return
jpayne@69 401 if not self.raw_requestline:
jpayne@69 402 self.close_connection = True
jpayne@69 403 return
jpayne@69 404 if not self.parse_request():
jpayne@69 405 # An error code has been sent, just exit
jpayne@69 406 return
jpayne@69 407 mname = 'do_' + self.command
jpayne@69 408 if not hasattr(self, mname):
jpayne@69 409 self.send_error(
jpayne@69 410 HTTPStatus.NOT_IMPLEMENTED,
jpayne@69 411 "Unsupported method (%r)" % self.command)
jpayne@69 412 return
jpayne@69 413 method = getattr(self, mname)
jpayne@69 414 method()
jpayne@69 415 self.wfile.flush() #actually send the response if not already done.
jpayne@69 416 except socket.timeout as e:
jpayne@69 417 #a read or a write timed out. Discard this connection
jpayne@69 418 self.log_error("Request timed out: %r", e)
jpayne@69 419 self.close_connection = True
jpayne@69 420 return
jpayne@69 421
jpayne@69 422 def handle(self):
jpayne@69 423 """Handle multiple requests if necessary."""
jpayne@69 424 self.close_connection = True
jpayne@69 425
jpayne@69 426 self.handle_one_request()
jpayne@69 427 while not self.close_connection:
jpayne@69 428 self.handle_one_request()
jpayne@69 429
jpayne@69 430 def send_error(self, code, message=None, explain=None):
jpayne@69 431 """Send and log an error reply.
jpayne@69 432
jpayne@69 433 Arguments are
jpayne@69 434 * code: an HTTP error code
jpayne@69 435 3 digits
jpayne@69 436 * message: a simple optional 1 line reason phrase.
jpayne@69 437 *( HTAB / SP / VCHAR / %x80-FF )
jpayne@69 438 defaults to short entry matching the response code
jpayne@69 439 * explain: a detailed message defaults to the long entry
jpayne@69 440 matching the response code.
jpayne@69 441
jpayne@69 442 This sends an error response (so it must be called before any
jpayne@69 443 output has been generated), logs the error, and finally sends
jpayne@69 444 a piece of HTML explaining the error to the user.
jpayne@69 445
jpayne@69 446 """
jpayne@69 447
jpayne@69 448 try:
jpayne@69 449 shortmsg, longmsg = self.responses[code]
jpayne@69 450 except KeyError:
jpayne@69 451 shortmsg, longmsg = '???', '???'
jpayne@69 452 if message is None:
jpayne@69 453 message = shortmsg
jpayne@69 454 if explain is None:
jpayne@69 455 explain = longmsg
jpayne@69 456 self.log_error("code %d, message %s", code, message)
jpayne@69 457 self.send_response(code, message)
jpayne@69 458 self.send_header('Connection', 'close')
jpayne@69 459
jpayne@69 460 # Message body is omitted for cases described in:
jpayne@69 461 # - RFC7230: 3.3. 1xx, 204(No Content), 304(Not Modified)
jpayne@69 462 # - RFC7231: 6.3.6. 205(Reset Content)
jpayne@69 463 body = None
jpayne@69 464 if (code >= 200 and
jpayne@69 465 code not in (HTTPStatus.NO_CONTENT,
jpayne@69 466 HTTPStatus.RESET_CONTENT,
jpayne@69 467 HTTPStatus.NOT_MODIFIED)):
jpayne@69 468 # HTML encode to prevent Cross Site Scripting attacks
jpayne@69 469 # (see bug #1100201)
jpayne@69 470 content = (self.error_message_format % {
jpayne@69 471 'code': code,
jpayne@69 472 'message': html.escape(message, quote=False),
jpayne@69 473 'explain': html.escape(explain, quote=False)
jpayne@69 474 })
jpayne@69 475 body = content.encode('UTF-8', 'replace')
jpayne@69 476 self.send_header("Content-Type", self.error_content_type)
jpayne@69 477 self.send_header('Content-Length', str(len(body)))
jpayne@69 478 self.end_headers()
jpayne@69 479
jpayne@69 480 if self.command != 'HEAD' and body:
jpayne@69 481 self.wfile.write(body)
jpayne@69 482
jpayne@69 483 def send_response(self, code, message=None):
jpayne@69 484 """Add the response header to the headers buffer and log the
jpayne@69 485 response code.
jpayne@69 486
jpayne@69 487 Also send two standard headers with the server software
jpayne@69 488 version and the current date.
jpayne@69 489
jpayne@69 490 """
jpayne@69 491 self.log_request(code)
jpayne@69 492 self.send_response_only(code, message)
jpayne@69 493 self.send_header('Server', self.version_string())
jpayne@69 494 self.send_header('Date', self.date_time_string())
jpayne@69 495
jpayne@69 496 def send_response_only(self, code, message=None):
jpayne@69 497 """Send the response header only."""
jpayne@69 498 if self.request_version != 'HTTP/0.9':
jpayne@69 499 if message is None:
jpayne@69 500 if code in self.responses:
jpayne@69 501 message = self.responses[code][0]
jpayne@69 502 else:
jpayne@69 503 message = ''
jpayne@69 504 if not hasattr(self, '_headers_buffer'):
jpayne@69 505 self._headers_buffer = []
jpayne@69 506 self._headers_buffer.append(("%s %d %s\r\n" %
jpayne@69 507 (self.protocol_version, code, message)).encode(
jpayne@69 508 'latin-1', 'strict'))
jpayne@69 509
jpayne@69 510 def send_header(self, keyword, value):
jpayne@69 511 """Send a MIME header to the headers buffer."""
jpayne@69 512 if self.request_version != 'HTTP/0.9':
jpayne@69 513 if not hasattr(self, '_headers_buffer'):
jpayne@69 514 self._headers_buffer = []
jpayne@69 515 self._headers_buffer.append(
jpayne@69 516 ("%s: %s\r\n" % (keyword, value)).encode('latin-1', 'strict'))
jpayne@69 517
jpayne@69 518 if keyword.lower() == 'connection':
jpayne@69 519 if value.lower() == 'close':
jpayne@69 520 self.close_connection = True
jpayne@69 521 elif value.lower() == 'keep-alive':
jpayne@69 522 self.close_connection = False
jpayne@69 523
jpayne@69 524 def end_headers(self):
jpayne@69 525 """Send the blank line ending the MIME headers."""
jpayne@69 526 if self.request_version != 'HTTP/0.9':
jpayne@69 527 self._headers_buffer.append(b"\r\n")
jpayne@69 528 self.flush_headers()
jpayne@69 529
jpayne@69 530 def flush_headers(self):
jpayne@69 531 if hasattr(self, '_headers_buffer'):
jpayne@69 532 self.wfile.write(b"".join(self._headers_buffer))
jpayne@69 533 self._headers_buffer = []
jpayne@69 534
jpayne@69 535 def log_request(self, code='-', size='-'):
jpayne@69 536 """Log an accepted request.
jpayne@69 537
jpayne@69 538 This is called by send_response().
jpayne@69 539
jpayne@69 540 """
jpayne@69 541 if isinstance(code, HTTPStatus):
jpayne@69 542 code = code.value
jpayne@69 543 self.log_message('"%s" %s %s',
jpayne@69 544 self.requestline, str(code), str(size))
jpayne@69 545
jpayne@69 546 def log_error(self, format, *args):
jpayne@69 547 """Log an error.
jpayne@69 548
jpayne@69 549 This is called when a request cannot be fulfilled. By
jpayne@69 550 default it passes the message on to log_message().
jpayne@69 551
jpayne@69 552 Arguments are the same as for log_message().
jpayne@69 553
jpayne@69 554 XXX This should go to the separate error log.
jpayne@69 555
jpayne@69 556 """
jpayne@69 557
jpayne@69 558 self.log_message(format, *args)
jpayne@69 559
jpayne@69 560 def log_message(self, format, *args):
jpayne@69 561 """Log an arbitrary message.
jpayne@69 562
jpayne@69 563 This is used by all other logging functions. Override
jpayne@69 564 it if you have specific logging wishes.
jpayne@69 565
jpayne@69 566 The first argument, FORMAT, is a format string for the
jpayne@69 567 message to be logged. If the format string contains
jpayne@69 568 any % escapes requiring parameters, they should be
jpayne@69 569 specified as subsequent arguments (it's just like
jpayne@69 570 printf!).
jpayne@69 571
jpayne@69 572 The client ip and current date/time are prefixed to
jpayne@69 573 every message.
jpayne@69 574
jpayne@69 575 """
jpayne@69 576
jpayne@69 577 sys.stderr.write("%s - - [%s] %s\n" %
jpayne@69 578 (self.address_string(),
jpayne@69 579 self.log_date_time_string(),
jpayne@69 580 format%args))
jpayne@69 581
jpayne@69 582 def version_string(self):
jpayne@69 583 """Return the server software version string."""
jpayne@69 584 return self.server_version + ' ' + self.sys_version
jpayne@69 585
jpayne@69 586 def date_time_string(self, timestamp=None):
jpayne@69 587 """Return the current date and time formatted for a message header."""
jpayne@69 588 if timestamp is None:
jpayne@69 589 timestamp = time.time()
jpayne@69 590 return email.utils.formatdate(timestamp, usegmt=True)
jpayne@69 591
jpayne@69 592 def log_date_time_string(self):
jpayne@69 593 """Return the current time formatted for logging."""
jpayne@69 594 now = time.time()
jpayne@69 595 year, month, day, hh, mm, ss, x, y, z = time.localtime(now)
jpayne@69 596 s = "%02d/%3s/%04d %02d:%02d:%02d" % (
jpayne@69 597 day, self.monthname[month], year, hh, mm, ss)
jpayne@69 598 return s
jpayne@69 599
jpayne@69 600 weekdayname = ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun']
jpayne@69 601
jpayne@69 602 monthname = [None,
jpayne@69 603 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',
jpayne@69 604 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']
jpayne@69 605
jpayne@69 606 def address_string(self):
jpayne@69 607 """Return the client address."""
jpayne@69 608
jpayne@69 609 return self.client_address[0]
jpayne@69 610
jpayne@69 611 # Essentially static class variables
jpayne@69 612
jpayne@69 613 # The version of the HTTP protocol we support.
jpayne@69 614 # Set this to HTTP/1.1 to enable automatic keepalive
jpayne@69 615 protocol_version = "HTTP/1.0"
jpayne@69 616
jpayne@69 617 # MessageClass used to parse headers
jpayne@69 618 MessageClass = http.client.HTTPMessage
jpayne@69 619
jpayne@69 620 # hack to maintain backwards compatibility
jpayne@69 621 responses = {
jpayne@69 622 v: (v.phrase, v.description)
jpayne@69 623 for v in HTTPStatus.__members__.values()
jpayne@69 624 }
jpayne@69 625
jpayne@69 626
jpayne@69 627 class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
jpayne@69 628
jpayne@69 629 """Simple HTTP request handler with GET and HEAD commands.
jpayne@69 630
jpayne@69 631 This serves files from the current directory and any of its
jpayne@69 632 subdirectories. The MIME type for files is determined by
jpayne@69 633 calling the .guess_type() method.
jpayne@69 634
jpayne@69 635 The GET and HEAD requests are identical except that the HEAD
jpayne@69 636 request omits the actual contents of the file.
jpayne@69 637
jpayne@69 638 """
jpayne@69 639
jpayne@69 640 server_version = "SimpleHTTP/" + __version__
jpayne@69 641
jpayne@69 642 def __init__(self, *args, directory=None, **kwargs):
jpayne@69 643 if directory is None:
jpayne@69 644 directory = os.getcwd()
jpayne@69 645 self.directory = directory
jpayne@69 646 super().__init__(*args, **kwargs)
jpayne@69 647
jpayne@69 648 def do_GET(self):
jpayne@69 649 """Serve a GET request."""
jpayne@69 650 f = self.send_head()
jpayne@69 651 if f:
jpayne@69 652 try:
jpayne@69 653 self.copyfile(f, self.wfile)
jpayne@69 654 finally:
jpayne@69 655 f.close()
jpayne@69 656
jpayne@69 657 def do_HEAD(self):
jpayne@69 658 """Serve a HEAD request."""
jpayne@69 659 f = self.send_head()
jpayne@69 660 if f:
jpayne@69 661 f.close()
jpayne@69 662
jpayne@69 663 def send_head(self):
jpayne@69 664 """Common code for GET and HEAD commands.
jpayne@69 665
jpayne@69 666 This sends the response code and MIME headers.
jpayne@69 667
jpayne@69 668 Return value is either a file object (which has to be copied
jpayne@69 669 to the outputfile by the caller unless the command was HEAD,
jpayne@69 670 and must be closed by the caller under all circumstances), or
jpayne@69 671 None, in which case the caller has nothing further to do.
jpayne@69 672
jpayne@69 673 """
jpayne@69 674 path = self.translate_path(self.path)
jpayne@69 675 f = None
jpayne@69 676 if os.path.isdir(path):
jpayne@69 677 parts = urllib.parse.urlsplit(self.path)
jpayne@69 678 if not parts.path.endswith('/'):
jpayne@69 679 # redirect browser - doing basically what apache does
jpayne@69 680 self.send_response(HTTPStatus.MOVED_PERMANENTLY)
jpayne@69 681 new_parts = (parts[0], parts[1], parts[2] + '/',
jpayne@69 682 parts[3], parts[4])
jpayne@69 683 new_url = urllib.parse.urlunsplit(new_parts)
jpayne@69 684 self.send_header("Location", new_url)
jpayne@69 685 self.end_headers()
jpayne@69 686 return None
jpayne@69 687 for index in "index.html", "index.htm":
jpayne@69 688 index = os.path.join(path, index)
jpayne@69 689 if os.path.exists(index):
jpayne@69 690 path = index
jpayne@69 691 break
jpayne@69 692 else:
jpayne@69 693 return self.list_directory(path)
jpayne@69 694 ctype = self.guess_type(path)
jpayne@69 695 # check for trailing "/" which should return 404. See Issue17324
jpayne@69 696 # The test for this was added in test_httpserver.py
jpayne@69 697 # However, some OS platforms accept a trailingSlash as a filename
jpayne@69 698 # See discussion on python-dev and Issue34711 regarding
jpayne@69 699 # parseing and rejection of filenames with a trailing slash
jpayne@69 700 if path.endswith("/"):
jpayne@69 701 self.send_error(HTTPStatus.NOT_FOUND, "File not found")
jpayne@69 702 return None
jpayne@69 703 try:
jpayne@69 704 f = open(path, 'rb')
jpayne@69 705 except OSError:
jpayne@69 706 self.send_error(HTTPStatus.NOT_FOUND, "File not found")
jpayne@69 707 return None
jpayne@69 708
jpayne@69 709 try:
jpayne@69 710 fs = os.fstat(f.fileno())
jpayne@69 711 # Use browser cache if possible
jpayne@69 712 if ("If-Modified-Since" in self.headers
jpayne@69 713 and "If-None-Match" not in self.headers):
jpayne@69 714 # compare If-Modified-Since and time of last file modification
jpayne@69 715 try:
jpayne@69 716 ims = email.utils.parsedate_to_datetime(
jpayne@69 717 self.headers["If-Modified-Since"])
jpayne@69 718 except (TypeError, IndexError, OverflowError, ValueError):
jpayne@69 719 # ignore ill-formed values
jpayne@69 720 pass
jpayne@69 721 else:
jpayne@69 722 if ims.tzinfo is None:
jpayne@69 723 # obsolete format with no timezone, cf.
jpayne@69 724 # https://tools.ietf.org/html/rfc7231#section-7.1.1.1
jpayne@69 725 ims = ims.replace(tzinfo=datetime.timezone.utc)
jpayne@69 726 if ims.tzinfo is datetime.timezone.utc:
jpayne@69 727 # compare to UTC datetime of last modification
jpayne@69 728 last_modif = datetime.datetime.fromtimestamp(
jpayne@69 729 fs.st_mtime, datetime.timezone.utc)
jpayne@69 730 # remove microseconds, like in If-Modified-Since
jpayne@69 731 last_modif = last_modif.replace(microsecond=0)
jpayne@69 732
jpayne@69 733 if last_modif <= ims:
jpayne@69 734 self.send_response(HTTPStatus.NOT_MODIFIED)
jpayne@69 735 self.end_headers()
jpayne@69 736 f.close()
jpayne@69 737 return None
jpayne@69 738
jpayne@69 739 self.send_response(HTTPStatus.OK)
jpayne@69 740 self.send_header("Content-type", ctype)
jpayne@69 741 self.send_header("Content-Length", str(fs[6]))
jpayne@69 742 self.send_header("Last-Modified",
jpayne@69 743 self.date_time_string(fs.st_mtime))
jpayne@69 744 self.end_headers()
jpayne@69 745 return f
jpayne@69 746 except:
jpayne@69 747 f.close()
jpayne@69 748 raise
jpayne@69 749
jpayne@69 750 def list_directory(self, path):
jpayne@69 751 """Helper to produce a directory listing (absent index.html).
jpayne@69 752
jpayne@69 753 Return value is either a file object, or None (indicating an
jpayne@69 754 error). In either case, the headers are sent, making the
jpayne@69 755 interface the same as for send_head().
jpayne@69 756
jpayne@69 757 """
jpayne@69 758 try:
jpayne@69 759 list = os.listdir(path)
jpayne@69 760 except OSError:
jpayne@69 761 self.send_error(
jpayne@69 762 HTTPStatus.NOT_FOUND,
jpayne@69 763 "No permission to list directory")
jpayne@69 764 return None
jpayne@69 765 list.sort(key=lambda a: a.lower())
jpayne@69 766 r = []
jpayne@69 767 try:
jpayne@69 768 displaypath = urllib.parse.unquote(self.path,
jpayne@69 769 errors='surrogatepass')
jpayne@69 770 except UnicodeDecodeError:
jpayne@69 771 displaypath = urllib.parse.unquote(path)
jpayne@69 772 displaypath = html.escape(displaypath, quote=False)
jpayne@69 773 enc = sys.getfilesystemencoding()
jpayne@69 774 title = 'Directory listing for %s' % displaypath
jpayne@69 775 r.append('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" '
jpayne@69 776 '"http://www.w3.org/TR/html4/strict.dtd">')
jpayne@69 777 r.append('<html>\n<head>')
jpayne@69 778 r.append('<meta http-equiv="Content-Type" '
jpayne@69 779 'content="text/html; charset=%s">' % enc)
jpayne@69 780 r.append('<title>%s</title>\n</head>' % title)
jpayne@69 781 r.append('<body>\n<h1>%s</h1>' % title)
jpayne@69 782 r.append('<hr>\n<ul>')
jpayne@69 783 for name in list:
jpayne@69 784 fullname = os.path.join(path, name)
jpayne@69 785 displayname = linkname = name
jpayne@69 786 # Append / for directories or @ for symbolic links
jpayne@69 787 if os.path.isdir(fullname):
jpayne@69 788 displayname = name + "/"
jpayne@69 789 linkname = name + "/"
jpayne@69 790 if os.path.islink(fullname):
jpayne@69 791 displayname = name + "@"
jpayne@69 792 # Note: a link to a directory displays with @ and links with /
jpayne@69 793 r.append('<li><a href="%s">%s</a></li>'
jpayne@69 794 % (urllib.parse.quote(linkname,
jpayne@69 795 errors='surrogatepass'),
jpayne@69 796 html.escape(displayname, quote=False)))
jpayne@69 797 r.append('</ul>\n<hr>\n</body>\n</html>\n')
jpayne@69 798 encoded = '\n'.join(r).encode(enc, 'surrogateescape')
jpayne@69 799 f = io.BytesIO()
jpayne@69 800 f.write(encoded)
jpayne@69 801 f.seek(0)
jpayne@69 802 self.send_response(HTTPStatus.OK)
jpayne@69 803 self.send_header("Content-type", "text/html; charset=%s" % enc)
jpayne@69 804 self.send_header("Content-Length", str(len(encoded)))
jpayne@69 805 self.end_headers()
jpayne@69 806 return f
jpayne@69 807
jpayne@69 808 def translate_path(self, path):
jpayne@69 809 """Translate a /-separated PATH to the local filename syntax.
jpayne@69 810
jpayne@69 811 Components that mean special things to the local file system
jpayne@69 812 (e.g. drive or directory names) are ignored. (XXX They should
jpayne@69 813 probably be diagnosed.)
jpayne@69 814
jpayne@69 815 """
jpayne@69 816 # abandon query parameters
jpayne@69 817 path = path.split('?',1)[0]
jpayne@69 818 path = path.split('#',1)[0]
jpayne@69 819 # Don't forget explicit trailing slash when normalizing. Issue17324
jpayne@69 820 trailing_slash = path.rstrip().endswith('/')
jpayne@69 821 try:
jpayne@69 822 path = urllib.parse.unquote(path, errors='surrogatepass')
jpayne@69 823 except UnicodeDecodeError:
jpayne@69 824 path = urllib.parse.unquote(path)
jpayne@69 825 path = posixpath.normpath(path)
jpayne@69 826 words = path.split('/')
jpayne@69 827 words = filter(None, words)
jpayne@69 828 path = self.directory
jpayne@69 829 for word in words:
jpayne@69 830 if os.path.dirname(word) or word in (os.curdir, os.pardir):
jpayne@69 831 # Ignore components that are not a simple file/directory name
jpayne@69 832 continue
jpayne@69 833 path = os.path.join(path, word)
jpayne@69 834 if trailing_slash:
jpayne@69 835 path += '/'
jpayne@69 836 return path
jpayne@69 837
jpayne@69 838 def copyfile(self, source, outputfile):
jpayne@69 839 """Copy all data between two file objects.
jpayne@69 840
jpayne@69 841 The SOURCE argument is a file object open for reading
jpayne@69 842 (or anything with a read() method) and the DESTINATION
jpayne@69 843 argument is a file object open for writing (or
jpayne@69 844 anything with a write() method).
jpayne@69 845
jpayne@69 846 The only reason for overriding this would be to change
jpayne@69 847 the block size or perhaps to replace newlines by CRLF
jpayne@69 848 -- note however that this the default server uses this
jpayne@69 849 to copy binary data as well.
jpayne@69 850
jpayne@69 851 """
jpayne@69 852 shutil.copyfileobj(source, outputfile)
jpayne@69 853
jpayne@69 854 def guess_type(self, path):
jpayne@69 855 """Guess the type of a file.
jpayne@69 856
jpayne@69 857 Argument is a PATH (a filename).
jpayne@69 858
jpayne@69 859 Return value is a string of the form type/subtype,
jpayne@69 860 usable for a MIME Content-type header.
jpayne@69 861
jpayne@69 862 The default implementation looks the file's extension
jpayne@69 863 up in the table self.extensions_map, using application/octet-stream
jpayne@69 864 as a default; however it would be permissible (if
jpayne@69 865 slow) to look inside the data to make a better guess.
jpayne@69 866
jpayne@69 867 """
jpayne@69 868
jpayne@69 869 base, ext = posixpath.splitext(path)
jpayne@69 870 if ext in self.extensions_map:
jpayne@69 871 return self.extensions_map[ext]
jpayne@69 872 ext = ext.lower()
jpayne@69 873 if ext in self.extensions_map:
jpayne@69 874 return self.extensions_map[ext]
jpayne@69 875 else:
jpayne@69 876 return self.extensions_map['']
jpayne@69 877
jpayne@69 878 if not mimetypes.inited:
jpayne@69 879 mimetypes.init() # try to read system mime.types
jpayne@69 880 extensions_map = mimetypes.types_map.copy()
jpayne@69 881 extensions_map.update({
jpayne@69 882 '': 'application/octet-stream', # Default
jpayne@69 883 '.py': 'text/plain',
jpayne@69 884 '.c': 'text/plain',
jpayne@69 885 '.h': 'text/plain',
jpayne@69 886 })
jpayne@69 887
jpayne@69 888
jpayne@69 889 # Utilities for CGIHTTPRequestHandler
jpayne@69 890
jpayne@69 891 def _url_collapse_path(path):
jpayne@69 892 """
jpayne@69 893 Given a URL path, remove extra '/'s and '.' path elements and collapse
jpayne@69 894 any '..' references and returns a collapsed path.
jpayne@69 895
jpayne@69 896 Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
jpayne@69 897 The utility of this function is limited to is_cgi method and helps
jpayne@69 898 preventing some security attacks.
jpayne@69 899
jpayne@69 900 Returns: The reconstituted URL, which will always start with a '/'.
jpayne@69 901
jpayne@69 902 Raises: IndexError if too many '..' occur within the path.
jpayne@69 903
jpayne@69 904 """
jpayne@69 905 # Query component should not be involved.
jpayne@69 906 path, _, query = path.partition('?')
jpayne@69 907 path = urllib.parse.unquote(path)
jpayne@69 908
jpayne@69 909 # Similar to os.path.split(os.path.normpath(path)) but specific to URL
jpayne@69 910 # path semantics rather than local operating system semantics.
jpayne@69 911 path_parts = path.split('/')
jpayne@69 912 head_parts = []
jpayne@69 913 for part in path_parts[:-1]:
jpayne@69 914 if part == '..':
jpayne@69 915 head_parts.pop() # IndexError if more '..' than prior parts
jpayne@69 916 elif part and part != '.':
jpayne@69 917 head_parts.append( part )
jpayne@69 918 if path_parts:
jpayne@69 919 tail_part = path_parts.pop()
jpayne@69 920 if tail_part:
jpayne@69 921 if tail_part == '..':
jpayne@69 922 head_parts.pop()
jpayne@69 923 tail_part = ''
jpayne@69 924 elif tail_part == '.':
jpayne@69 925 tail_part = ''
jpayne@69 926 else:
jpayne@69 927 tail_part = ''
jpayne@69 928
jpayne@69 929 if query:
jpayne@69 930 tail_part = '?'.join((tail_part, query))
jpayne@69 931
jpayne@69 932 splitpath = ('/' + '/'.join(head_parts), tail_part)
jpayne@69 933 collapsed_path = "/".join(splitpath)
jpayne@69 934
jpayne@69 935 return collapsed_path
jpayne@69 936
jpayne@69 937
jpayne@69 938
jpayne@69 939 nobody = None
jpayne@69 940
jpayne@69 941 def nobody_uid():
jpayne@69 942 """Internal routine to get nobody's uid"""
jpayne@69 943 global nobody
jpayne@69 944 if nobody:
jpayne@69 945 return nobody
jpayne@69 946 try:
jpayne@69 947 import pwd
jpayne@69 948 except ImportError:
jpayne@69 949 return -1
jpayne@69 950 try:
jpayne@69 951 nobody = pwd.getpwnam('nobody')[2]
jpayne@69 952 except KeyError:
jpayne@69 953 nobody = 1 + max(x[2] for x in pwd.getpwall())
jpayne@69 954 return nobody
jpayne@69 955
jpayne@69 956
jpayne@69 957 def executable(path):
jpayne@69 958 """Test for executable file."""
jpayne@69 959 return os.access(path, os.X_OK)
jpayne@69 960
jpayne@69 961
jpayne@69 962 class CGIHTTPRequestHandler(SimpleHTTPRequestHandler):
jpayne@69 963
jpayne@69 964 """Complete HTTP server with GET, HEAD and POST commands.
jpayne@69 965
jpayne@69 966 GET and HEAD also support running CGI scripts.
jpayne@69 967
jpayne@69 968 The POST command is *only* implemented for CGI scripts.
jpayne@69 969
jpayne@69 970 """
jpayne@69 971
jpayne@69 972 # Determine platform specifics
jpayne@69 973 have_fork = hasattr(os, 'fork')
jpayne@69 974
jpayne@69 975 # Make rfile unbuffered -- we need to read one line and then pass
jpayne@69 976 # the rest to a subprocess, so we can't use buffered input.
jpayne@69 977 rbufsize = 0
jpayne@69 978
jpayne@69 979 def do_POST(self):
jpayne@69 980 """Serve a POST request.
jpayne@69 981
jpayne@69 982 This is only implemented for CGI scripts.
jpayne@69 983
jpayne@69 984 """
jpayne@69 985
jpayne@69 986 if self.is_cgi():
jpayne@69 987 self.run_cgi()
jpayne@69 988 else:
jpayne@69 989 self.send_error(
jpayne@69 990 HTTPStatus.NOT_IMPLEMENTED,
jpayne@69 991 "Can only POST to CGI scripts")
jpayne@69 992
jpayne@69 993 def send_head(self):
jpayne@69 994 """Version of send_head that support CGI scripts"""
jpayne@69 995 if self.is_cgi():
jpayne@69 996 return self.run_cgi()
jpayne@69 997 else:
jpayne@69 998 return SimpleHTTPRequestHandler.send_head(self)
jpayne@69 999
jpayne@69 1000 def is_cgi(self):
jpayne@69 1001 """Test whether self.path corresponds to a CGI script.
jpayne@69 1002
jpayne@69 1003 Returns True and updates the cgi_info attribute to the tuple
jpayne@69 1004 (dir, rest) if self.path requires running a CGI script.
jpayne@69 1005 Returns False otherwise.
jpayne@69 1006
jpayne@69 1007 If any exception is raised, the caller should assume that
jpayne@69 1008 self.path was rejected as invalid and act accordingly.
jpayne@69 1009
jpayne@69 1010 The default implementation tests whether the normalized url
jpayne@69 1011 path begins with one of the strings in self.cgi_directories
jpayne@69 1012 (and the next character is a '/' or the end of the string).
jpayne@69 1013
jpayne@69 1014 """
jpayne@69 1015 collapsed_path = _url_collapse_path(self.path)
jpayne@69 1016 dir_sep = collapsed_path.find('/', 1)
jpayne@69 1017 head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]
jpayne@69 1018 if head in self.cgi_directories:
jpayne@69 1019 self.cgi_info = head, tail
jpayne@69 1020 return True
jpayne@69 1021 return False
jpayne@69 1022
jpayne@69 1023
jpayne@69 1024 cgi_directories = ['/cgi-bin', '/htbin']
jpayne@69 1025
jpayne@69 1026 def is_executable(self, path):
jpayne@69 1027 """Test whether argument path is an executable file."""
jpayne@69 1028 return executable(path)
jpayne@69 1029
jpayne@69 1030 def is_python(self, path):
jpayne@69 1031 """Test whether argument path is a Python script."""
jpayne@69 1032 head, tail = os.path.splitext(path)
jpayne@69 1033 return tail.lower() in (".py", ".pyw")
jpayne@69 1034
jpayne@69 1035 def run_cgi(self):
jpayne@69 1036 """Execute a CGI script."""
jpayne@69 1037 dir, rest = self.cgi_info
jpayne@69 1038 path = dir + '/' + rest
jpayne@69 1039 i = path.find('/', len(dir)+1)
jpayne@69 1040 while i >= 0:
jpayne@69 1041 nextdir = path[:i]
jpayne@69 1042 nextrest = path[i+1:]
jpayne@69 1043
jpayne@69 1044 scriptdir = self.translate_path(nextdir)
jpayne@69 1045 if os.path.isdir(scriptdir):
jpayne@69 1046 dir, rest = nextdir, nextrest
jpayne@69 1047 i = path.find('/', len(dir)+1)
jpayne@69 1048 else:
jpayne@69 1049 break
jpayne@69 1050
jpayne@69 1051 # find an explicit query string, if present.
jpayne@69 1052 rest, _, query = rest.partition('?')
jpayne@69 1053
jpayne@69 1054 # dissect the part after the directory name into a script name &
jpayne@69 1055 # a possible additional path, to be stored in PATH_INFO.
jpayne@69 1056 i = rest.find('/')
jpayne@69 1057 if i >= 0:
jpayne@69 1058 script, rest = rest[:i], rest[i:]
jpayne@69 1059 else:
jpayne@69 1060 script, rest = rest, ''
jpayne@69 1061
jpayne@69 1062 scriptname = dir + '/' + script
jpayne@69 1063 scriptfile = self.translate_path(scriptname)
jpayne@69 1064 if not os.path.exists(scriptfile):
jpayne@69 1065 self.send_error(
jpayne@69 1066 HTTPStatus.NOT_FOUND,
jpayne@69 1067 "No such CGI script (%r)" % scriptname)
jpayne@69 1068 return
jpayne@69 1069 if not os.path.isfile(scriptfile):
jpayne@69 1070 self.send_error(
jpayne@69 1071 HTTPStatus.FORBIDDEN,
jpayne@69 1072 "CGI script is not a plain file (%r)" % scriptname)
jpayne@69 1073 return
jpayne@69 1074 ispy = self.is_python(scriptname)
jpayne@69 1075 if self.have_fork or not ispy:
jpayne@69 1076 if not self.is_executable(scriptfile):
jpayne@69 1077 self.send_error(
jpayne@69 1078 HTTPStatus.FORBIDDEN,
jpayne@69 1079 "CGI script is not executable (%r)" % scriptname)
jpayne@69 1080 return
jpayne@69 1081
jpayne@69 1082 # Reference: http://hoohoo.ncsa.uiuc.edu/cgi/env.html
jpayne@69 1083 # XXX Much of the following could be prepared ahead of time!
jpayne@69 1084 env = copy.deepcopy(os.environ)
jpayne@69 1085 env['SERVER_SOFTWARE'] = self.version_string()
jpayne@69 1086 env['SERVER_NAME'] = self.server.server_name
jpayne@69 1087 env['GATEWAY_INTERFACE'] = 'CGI/1.1'
jpayne@69 1088 env['SERVER_PROTOCOL'] = self.protocol_version
jpayne@69 1089 env['SERVER_PORT'] = str(self.server.server_port)
jpayne@69 1090 env['REQUEST_METHOD'] = self.command
jpayne@69 1091 uqrest = urllib.parse.unquote(rest)
jpayne@69 1092 env['PATH_INFO'] = uqrest
jpayne@69 1093 env['PATH_TRANSLATED'] = self.translate_path(uqrest)
jpayne@69 1094 env['SCRIPT_NAME'] = scriptname
jpayne@69 1095 if query:
jpayne@69 1096 env['QUERY_STRING'] = query
jpayne@69 1097 env['REMOTE_ADDR'] = self.client_address[0]
jpayne@69 1098 authorization = self.headers.get("authorization")
jpayne@69 1099 if authorization:
jpayne@69 1100 authorization = authorization.split()
jpayne@69 1101 if len(authorization) == 2:
jpayne@69 1102 import base64, binascii
jpayne@69 1103 env['AUTH_TYPE'] = authorization[0]
jpayne@69 1104 if authorization[0].lower() == "basic":
jpayne@69 1105 try:
jpayne@69 1106 authorization = authorization[1].encode('ascii')
jpayne@69 1107 authorization = base64.decodebytes(authorization).\
jpayne@69 1108 decode('ascii')
jpayne@69 1109 except (binascii.Error, UnicodeError):
jpayne@69 1110 pass
jpayne@69 1111 else:
jpayne@69 1112 authorization = authorization.split(':')
jpayne@69 1113 if len(authorization) == 2:
jpayne@69 1114 env['REMOTE_USER'] = authorization[0]
jpayne@69 1115 # XXX REMOTE_IDENT
jpayne@69 1116 if self.headers.get('content-type') is None:
jpayne@69 1117 env['CONTENT_TYPE'] = self.headers.get_content_type()
jpayne@69 1118 else:
jpayne@69 1119 env['CONTENT_TYPE'] = self.headers['content-type']
jpayne@69 1120 length = self.headers.get('content-length')
jpayne@69 1121 if length:
jpayne@69 1122 env['CONTENT_LENGTH'] = length
jpayne@69 1123 referer = self.headers.get('referer')
jpayne@69 1124 if referer:
jpayne@69 1125 env['HTTP_REFERER'] = referer
jpayne@69 1126 accept = []
jpayne@69 1127 for line in self.headers.getallmatchingheaders('accept'):
jpayne@69 1128 if line[:1] in "\t\n\r ":
jpayne@69 1129 accept.append(line.strip())
jpayne@69 1130 else:
jpayne@69 1131 accept = accept + line[7:].split(',')
jpayne@69 1132 env['HTTP_ACCEPT'] = ','.join(accept)
jpayne@69 1133 ua = self.headers.get('user-agent')
jpayne@69 1134 if ua:
jpayne@69 1135 env['HTTP_USER_AGENT'] = ua
jpayne@69 1136 co = filter(None, self.headers.get_all('cookie', []))
jpayne@69 1137 cookie_str = ', '.join(co)
jpayne@69 1138 if cookie_str:
jpayne@69 1139 env['HTTP_COOKIE'] = cookie_str
jpayne@69 1140 # XXX Other HTTP_* headers
jpayne@69 1141 # Since we're setting the env in the parent, provide empty
jpayne@69 1142 # values to override previously set values
jpayne@69 1143 for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
jpayne@69 1144 'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
jpayne@69 1145 env.setdefault(k, "")
jpayne@69 1146
jpayne@69 1147 self.send_response(HTTPStatus.OK, "Script output follows")
jpayne@69 1148 self.flush_headers()
jpayne@69 1149
jpayne@69 1150 decoded_query = query.replace('+', ' ')
jpayne@69 1151
jpayne@69 1152 if self.have_fork:
jpayne@69 1153 # Unix -- fork as we should
jpayne@69 1154 args = [script]
jpayne@69 1155 if '=' not in decoded_query:
jpayne@69 1156 args.append(decoded_query)
jpayne@69 1157 nobody = nobody_uid()
jpayne@69 1158 self.wfile.flush() # Always flush before forking
jpayne@69 1159 pid = os.fork()
jpayne@69 1160 if pid != 0:
jpayne@69 1161 # Parent
jpayne@69 1162 pid, sts = os.waitpid(pid, 0)
jpayne@69 1163 # throw away additional data [see bug #427345]
jpayne@69 1164 while select.select([self.rfile], [], [], 0)[0]:
jpayne@69 1165 if not self.rfile.read(1):
jpayne@69 1166 break
jpayne@69 1167 if sts:
jpayne@69 1168 self.log_error("CGI script exit status %#x", sts)
jpayne@69 1169 return
jpayne@69 1170 # Child
jpayne@69 1171 try:
jpayne@69 1172 try:
jpayne@69 1173 os.setuid(nobody)
jpayne@69 1174 except OSError:
jpayne@69 1175 pass
jpayne@69 1176 os.dup2(self.rfile.fileno(), 0)
jpayne@69 1177 os.dup2(self.wfile.fileno(), 1)
jpayne@69 1178 os.execve(scriptfile, args, env)
jpayne@69 1179 except:
jpayne@69 1180 self.server.handle_error(self.request, self.client_address)
jpayne@69 1181 os._exit(127)
jpayne@69 1182
jpayne@69 1183 else:
jpayne@69 1184 # Non-Unix -- use subprocess
jpayne@69 1185 import subprocess
jpayne@69 1186 cmdline = [scriptfile]
jpayne@69 1187 if self.is_python(scriptfile):
jpayne@69 1188 interp = sys.executable
jpayne@69 1189 if interp.lower().endswith("w.exe"):
jpayne@69 1190 # On Windows, use python.exe, not pythonw.exe
jpayne@69 1191 interp = interp[:-5] + interp[-4:]
jpayne@69 1192 cmdline = [interp, '-u'] + cmdline
jpayne@69 1193 if '=' not in query:
jpayne@69 1194 cmdline.append(query)
jpayne@69 1195 self.log_message("command: %s", subprocess.list2cmdline(cmdline))
jpayne@69 1196 try:
jpayne@69 1197 nbytes = int(length)
jpayne@69 1198 except (TypeError, ValueError):
jpayne@69 1199 nbytes = 0
jpayne@69 1200 p = subprocess.Popen(cmdline,
jpayne@69 1201 stdin=subprocess.PIPE,
jpayne@69 1202 stdout=subprocess.PIPE,
jpayne@69 1203 stderr=subprocess.PIPE,
jpayne@69 1204 env = env
jpayne@69 1205 )
jpayne@69 1206 if self.command.lower() == "post" and nbytes > 0:
jpayne@69 1207 data = self.rfile.read(nbytes)
jpayne@69 1208 else:
jpayne@69 1209 data = None
jpayne@69 1210 # throw away additional data [see bug #427345]
jpayne@69 1211 while select.select([self.rfile._sock], [], [], 0)[0]:
jpayne@69 1212 if not self.rfile._sock.recv(1):
jpayne@69 1213 break
jpayne@69 1214 stdout, stderr = p.communicate(data)
jpayne@69 1215 self.wfile.write(stdout)
jpayne@69 1216 if stderr:
jpayne@69 1217 self.log_error('%s', stderr)
jpayne@69 1218 p.stderr.close()
jpayne@69 1219 p.stdout.close()
jpayne@69 1220 status = p.returncode
jpayne@69 1221 if status:
jpayne@69 1222 self.log_error("CGI script exit status %#x", status)
jpayne@69 1223 else:
jpayne@69 1224 self.log_message("CGI script exited OK")
jpayne@69 1225
jpayne@69 1226
jpayne@69 1227 def _get_best_family(*address):
jpayne@69 1228 infos = socket.getaddrinfo(
jpayne@69 1229 *address,
jpayne@69 1230 type=socket.SOCK_STREAM,
jpayne@69 1231 flags=socket.AI_PASSIVE,
jpayne@69 1232 )
jpayne@69 1233 family, type, proto, canonname, sockaddr = next(iter(infos))
jpayne@69 1234 return family, sockaddr
jpayne@69 1235
jpayne@69 1236
jpayne@69 1237 def test(HandlerClass=BaseHTTPRequestHandler,
jpayne@69 1238 ServerClass=ThreadingHTTPServer,
jpayne@69 1239 protocol="HTTP/1.0", port=8000, bind=None):
jpayne@69 1240 """Test the HTTP request handler class.
jpayne@69 1241
jpayne@69 1242 This runs an HTTP server on port 8000 (or the port argument).
jpayne@69 1243
jpayne@69 1244 """
jpayne@69 1245 ServerClass.address_family, addr = _get_best_family(bind, port)
jpayne@69 1246
jpayne@69 1247 HandlerClass.protocol_version = protocol
jpayne@69 1248 with ServerClass(addr, HandlerClass) as httpd:
jpayne@69 1249 host, port = httpd.socket.getsockname()[:2]
jpayne@69 1250 url_host = f'[{host}]' if ':' in host else host
jpayne@69 1251 print(
jpayne@69 1252 f"Serving HTTP on {host} port {port} "
jpayne@69 1253 f"(http://{url_host}:{port}/) ..."
jpayne@69 1254 )
jpayne@69 1255 try:
jpayne@69 1256 httpd.serve_forever()
jpayne@69 1257 except KeyboardInterrupt:
jpayne@69 1258 print("\nKeyboard interrupt received, exiting.")
jpayne@69 1259 sys.exit(0)
jpayne@69 1260
jpayne@69 1261 if __name__ == '__main__':
jpayne@69 1262 import argparse
jpayne@69 1263
jpayne@69 1264 parser = argparse.ArgumentParser()
jpayne@69 1265 parser.add_argument('--cgi', action='store_true',
jpayne@69 1266 help='Run as CGI Server')
jpayne@69 1267 parser.add_argument('--bind', '-b', metavar='ADDRESS',
jpayne@69 1268 help='Specify alternate bind address '
jpayne@69 1269 '[default: all interfaces]')
jpayne@69 1270 parser.add_argument('--directory', '-d', default=os.getcwd(),
jpayne@69 1271 help='Specify alternative directory '
jpayne@69 1272 '[default:current directory]')
jpayne@69 1273 parser.add_argument('port', action='store',
jpayne@69 1274 default=8000, type=int,
jpayne@69 1275 nargs='?',
jpayne@69 1276 help='Specify alternate port [default: 8000]')
jpayne@69 1277 args = parser.parse_args()
jpayne@69 1278 if args.cgi:
jpayne@69 1279 handler_class = CGIHTTPRequestHandler
jpayne@69 1280 else:
jpayne@69 1281 handler_class = partial(SimpleHTTPRequestHandler,
jpayne@69 1282 directory=args.directory)
jpayne@69 1283 test(HandlerClass=handler_class, port=args.port, bind=args.bind)