Skip to content

slapos
slapos
Commit ad174685 authored by Xavier Thompson's avatar Xavier Thompson
Browse files
Options

simplehttpserver: Remove use-hash-url options

parent 3b34b8ae
Hide whitespace changes
Inline Side-by-side
Showing with 28 additions and 90 deletions
slapos/recipe/simplehttpserver/__init__.py
View file @ ad174685
......@@ -29,6 +29,7 @@ import string, random
import os
from six.moves import range
from zc.buildout import UserError
from zc.buildout.buildout import bool_option
......@@ -40,35 +41,7 @@ def issubpathof(subpath, path):
class Recipe(GenericBaseRecipe):
def __init__(self, buildout, name, options):
base_path = options['base-path']
if bool_option(options, 'use-hash-url', 'false'):
pool = string.ascii_letters + string.digits
hash_string = ''.join(random.choice(pool) for i in range(64))
path = os.path.join(base_path, hash_string)
if os.path.exists(base_path):
path_list = os.listdir(base_path)
if len(path_list) == 1:
hash_string = path_list[0]
path = os.path.join(base_path, hash_string)
elif len(path_list) > 1:
raise ValueError("Folder %s should contain 0 or 1 element." % base_path)
options['root-dir'] = path
options['path'] = hash_string
else:
options['root-dir'] = base_path
options['path'] = ''
return GenericBaseRecipe.__init__(self, buildout, name, options)
def install(self):
if not os.path.exists(self.options['root-dir']):
os.mkdir( self.options['root-dir'] )
parameters = {
'host': self.options['host'],
'port': int(self.options['port']),
......@@ -76,10 +49,8 @@ class Recipe(GenericBaseRecipe):
'log-file': self.options['log-file'],
'cert-file': self.options.get('cert-file', ''),
'key-file': self.options.get('key-file', ''),
'root-dir': self.options['root-dir'],
'allow-write': bool_option(self.options, 'allow-write', 'false')
}
return self.createPythonScript(
self.options['wrapper'].strip(),
__name__ + '.simplehttpserver.run',
......
slapos/recipe/simplehttpserver/simplehttpserver.py
View file @ ad174685
......@@ -14,22 +14,15 @@ from . import issubpathof
class ServerHandler(SimpleHTTPRequestHandler):
document_path = ''
restrict_root_folder = True
restrict_write = True
base_path = None # set by run
restrict_write = True # set by run
def respond(self, code=200, type='text/html'):
self.send_response(code)
self.send_header("Content-type", type)
self.end_headers()
def restrictedAccess(self):
if self.restrict_root_folder and self.path and self.path == '/':
# no access to root path
self.respond(403)
self.wfile.write(b"Forbidden")
return True
def restrictedWriteAccess(self):
if self.restrict_write and self.command not in ('GET', 'HEAD'):
# no write access
self.respond(403)
......@@ -37,12 +30,6 @@ class ServerHandler(SimpleHTTPRequestHandler):
return True
return False
def do_GET(self):
logging.info('%s - GET: %s \n%s' % (self.client_address[0], self.path, self.headers))
if self.restrictedAccess():
return
SimpleHTTPRequestHandler.do_GET(self)
def do_POST(self):
"""Write to a file on the server.
......@@ -54,7 +41,7 @@ class ServerHandler(SimpleHTTPRequestHandler):
request can be encoded as application/x-www-form-urlencoded or multipart/form-data
"""
logging.info('%s - POST: %s \n%s' % (self.client_address[0], self.path, self.headers))
if self.restrictedAccess():
if self.restrictedWriteAccess():
return
form = cgi.FieldStorage(
......@@ -77,9 +64,9 @@ class ServerHandler(SimpleHTTPRequestHandler):
self.writeFile(file_path, file_content, file_open_mode)
def writeFile(self, filename, content, method='ab'):
file_path = os.path.abspath(os.path.join(self.document_path, filename))
file_path = os.path.abspath(os.path.join(self.base_path, filename))
# Check writing there is allowed
if not issubpathof(file_path, self.document_path):
if not issubpathof(file_path, self.base_path):
self.respond(403, 'text/plain')
self.wfile.write(b"Forbidden")
return
......@@ -115,11 +102,12 @@ def run(args):
port = args['port']
host = args['host']
os.chdir(args['cwd'])
cwd = args['cwd']
os.chdir(cwd)
Handler = ServerHandler
Handler.document_path = args['root-dir']
Handler.restrict_root_folder = (args['root-dir'] != args['cwd'])
Handler.base_path = cwd
Handler.restrict_write = not args['allow-write']
if valid_ipv6(host):
......
slapos/test/recipe/test_simplehttpserver.py
View file @ ad174685
......@@ -48,13 +48,9 @@ class SimpleHTTPServerTest(unittest.TestCase):
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
server_base_url = urlparse.urljoin(
self.server_url,
self.recipe.options['path'],
)
for i in range(16):
try:
resp = requests.get(server_base_url)
resp = requests.get(self.server_url)
break
except requests.exceptions.ConnectionError:
time.sleep(i * .1)
......@@ -62,7 +58,7 @@ class SimpleHTTPServerTest(unittest.TestCase):
self.fail(
'server did not start.\nout: %s error: %s' % self.process.communicate())
self.assertIn('Directory listing for /', resp.text)
return server_base_url
return self.server_url
def tearDown(self):
if self.process:
......@@ -71,35 +67,10 @@ class SimpleHTTPServerTest(unittest.TestCase):
self.process.communicate() # close pipes
self.process = None
def test_options_use_hash(self):
self.setUpRecipe({'use-hash-url': 'true'})
self.assertNotEqual(self.recipe.options['path'], '')
self.assertEqual(
self.recipe.options['root-dir'],
os.path.join(
self.base_path,
self.recipe.options['path'],
))
def test_options_no_hash(self):
self.setUpRecipe()
self.assertEqual(self.recipe.options['path'], '')
self.assertEqual(
self.recipe.options['root-dir'],
self.base_path
)
def test_write_outside_root_dir_should_fail(self):
self.setUpRecipe({'allow-write': 'true'})
server_base_url = self.startServer()
# A file outside the server's root directory
hack_path = os.path.join(self.install_dir, 'forbidden', 'hack.txt')
hack_content = "You should not be able to write to hack.txt"
def write_should_fail(self, url, hack_path, hack_content):
# post with multipart/form-data encoding
resp = requests.post(
server_base_url,
url,
files={
'path': hack_path,
'content': hack_content,
......@@ -115,11 +86,21 @@ class SimpleHTTPServerTest(unittest.TestCase):
except IOError as e:
if e.errno != errno.ENOENT:
raise
self.assertFalse(os.path.exists(os.path.dirname(hack_path)))
# Now check for proper response
self.assertEqual(resp.status_code, requests.codes.forbidden)
self.assertEqual(resp.text, 'Forbidden')
def test_write_outside_base_path_should_fail(self):
self.setUpRecipe({'allow-write': 'true'})
server_base_url = self.startServer()
# A file outside the server's root directory
hack_path = os.path.join(self.install_dir, 'forbidden', 'hack.txt')
hack_content = "You should not be able to write to hack.txt"
self.write_should_fail(server_base_url, hack_path, hack_content)
self.assertFalse(os.path.exists(os.path.dirname(hack_path)))
def test_write(self):
self.setUpRecipe({'allow-write': 'true'})
server_base_url = self.startServer()
......@@ -135,8 +116,7 @@ class SimpleHTTPServerTest(unittest.TestCase):
self.assertEqual(resp.status_code, requests.codes.ok)
self.assertEqual(resp.text, 'Content written to hello-form-data.txt')
with open(
os.path.join(self.base_path, self.recipe.options['path'],
'hello-form-data.txt')) as f:
os.path.join(self.base_path, 'hello-form-data.txt')) as f:
self.assertEqual(f.read(), 'hello-form-data')
self.assertIn('hello-form-data.txt', requests.get(server_base_url).text)
......@@ -153,8 +133,7 @@ class SimpleHTTPServerTest(unittest.TestCase):
)
self.assertEqual(resp.status_code, requests.codes.ok)
with open(
os.path.join(self.base_path, self.recipe.options['path'],
'hello-form-urlencoded.txt')) as f:
os.path.join(self.base_path, 'hello-form-urlencoded.txt')) as f:
self.assertEqual(f.read(), 'hello-form-urlencoded')
self.assertIn('hello-form-urlencoded.txt', requests.get(server_base_url).text)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7