Python httplib 模块,NOT_FOUND 实例源码
我们从Python开源项目中,提取了以下38个代码示例,用于说明如何使用httplib.NOT_FOUND。
def test_validate_URL_existence_url_not_found(self, mock_cs, mock_url):
url_not_found = Foo()
setattr(url_not_found, "code", httplib.NOT_FOUND)
mock_url.side_effect = [url_not_found]
mock_cs.side_effect = [None]
api = API.apiCalls.ApiCalls("", "", "")
validate_URL = api.validate_URL_existence
url = "notAWebSite"
valid = False
is_valid = validate_URL(url)
self.assertEqual(is_valid, valid)
API.apiCalls.urlopen.assert_called_with(url, timeout=api.max_wait_time)
def does_bucket_exist(self, bucket_name, config=None):
"""
Check whether there is a bucket with specific name
:param bucket_name: None
:type bucket_name: str
:return:True or False
:rtype: bool
"""
try:
self._send_request(http_methods.HEAD, config=config)
return True
except BceHttpClientError as e:
if isinstance(e.last_error, BceServerError):
if e.last_error.status_code == httplib.FORBIDDEN:
return True
if e.last_error.status_code == httplib.NOT_FOUND:
return False
raise e
def does_bucket_exist(self, BceServerError):
if e.last_error.status_code == httplib.FORBIDDEN:
return True
if e.last_error.status_code == httplib.NOT_FOUND:
return False
raise e
def check_endpoint_for_error(resource, operation=None):
def _decorator(func):
def _execute(name=None):
try:
return func(name), httplib.OK
except error.NotFoundError:
return connexion.problem(
httplib.NOT_FOUND,
'{} not found'.format(resource),
'Requested {} `{}` not found.'
.format(resource.lower(), name))
except error.TobedoneError:
return connexion.problem(
httplib.NOT_IMPLEMENTED,
'{} handler not implemented'.format(operation),
'Requested operation `{}` on {} not implemented.'
.format(operation.lower(), resource.lower()))
return _execute
return _decorator
def _copy(gcs_stub, filename, headers):
"""copy file.
Args:
gcs_stub: an instance of gcs stub.
filename: dst filename of format /bucket/filename
headers: a dict of request headers. Must contain _XGoogcopySource header.
Returns:
An _FakeUrlFetchResult instance.
"""
source = _XGoogcopySource(headers).value
result = _handle_head(gcs_stub, source)
if result.status_code == httplib.NOT_FOUND:
return result
directive = headers.pop('x-goog-Metadata-directive', 'copY')
if directive == 'REPLACE':
gcs_stub.put_copy(source, headers)
else:
gcs_stub.put_copy(source, None)
return _FakeUrlFetchResult(httplib.OK, {}, '')
def _handle_get(gcs_stub, param_dict, headers):
"""Handle GET object and GET bucket."""
mo = re.match(BUCKET_ONLY_PATH, filename)
if mo is not None:
return _handle_get_bucket(gcs_stub, mo.group(1), param_dict)
else:
result = _handle_head(gcs_stub, filename)
if result.status_code == httplib.NOT_FOUND:
return result
start, end = _Range(headers).value
st_size = result.headers['x-goog-stored-content-length']
if end is not None:
result.status_code = httplib.PARTIAL_CONTENT
end = min(end, st_size - 1)
result.headers['content-range'] = 'bytes %d-%d/%d' % (start, end, st_size)
result.content = gcs_stub.get_object(filename, start, end)
result.headers['content-length'] = len(result.content)
return result
def _handle_head(gcs_stub, filename):
"""Handle HEAD request."""
filestat = gcs_stub.head_object(filename)
if not filestat:
return _FakeUrlFetchResult(httplib.NOT_FOUND, '')
http_time = common.posix_time_to_http(filestat.st_ctime)
response_headers = {
'x-goog-stored-content-length': filestat.st_size,
'content-length': 0,
'content-type': filestat.content_type,
'etag': filestat.etag,
'last-modified': http_time
}
if filestat.Metadata:
response_headers.update(filestat.Metadata)
return _FakeUrlFetchResult(httplib.OK, response_headers, '')
def test_check_resp_status_and_retry_image_not_found(self):
mock_resp_badgateway = mock.Mock()
mock_resp_badgateway.status = httplib.NOT_FOUND
self.glance.XenAPI.Failure = FakeXenAPIException
self.assertRaises(
self.glance.XenAPI.Failure,
self.glance.check_resp_status_and_retry,
mock_resp_badgateway,
'fake_image_id',
'fake_url')
def tenant_not_found(message):
status_code = httplib.NOT_FOUND
response = jsonify({"error": message, "status_code": status_code})
response.status_code = status_code
return response
def _blob_exists(self, digest):
"""Check the remote for the given layer."""
# HEAD the blob,and check for a 200
resp, unused_content = self._transport.Request(
'{base_url}/blobs/{digest}'.format(
base_url=self._base_url(),
digest=digest),
method='HEAD', accepted_codes=[httplib.OK, httplib.NOT_FOUND])
return resp.status == httplib.OK # pytype: disable=attribute-error
def _manifest_exists(self, image):
"""Check the remote for the given manifest by digest."""
# GET the manifest by digest,and check for 200
resp, unused_content = self._transport.Request(
'{base_url}/manifests/{digest}'.format(
base_url=self._base_url(), digest=image.digest()),
method='GET',
accepted_codes=[httplib.OK, httplib.NOT_FOUND],
accepted_mimes=[image.media_type()])
return resp.status == httplib.OK # pytype: disable=attribute-error
def _remote_tag_digest(self):
"""Check the remote for the given manifest by digest."""
# GET the tag we're pushing
resp, unused_content = self._transport.Request(
'{base_url}/manifests/{tag}'.format(
base_url=self._base_url(),
tag=self._name.tag), # pytype: disable=attribute-error
method='GET', httplib.NOT_FOUND])
if resp.status == httplib.NOT_FOUND: # pytype: disable=attribute-error
return None
return resp.get('docker-content-digest')
def exists(self):
try:
manifest = json.loads(self.manifest(validate=False))
return (manifest['schemaVersion'] == 2 and
'layers' in manifest and
self.media_type() in self._accepted_mimes)
except docker_http.V2DiagnosticException as err:
if err.status == httplib.NOT_FOUND:
return False
raise
def exists(self):
try:
manifest = json.loads(self.manifest(validate=False))
return manifest['schemaVersion'] == 2 and 'manifests' in manifest
except docker_http.V2DiagnosticException as err:
if err.status == httplib.NOT_FOUND:
return False
raise
def _blob_exists(self, httplib.NOT_FOUND])
return resp.status == httplib.OK # pytype: disable=attribute-error
def _manifest_exists(self,
digest=image.digest()), httplib.NOT_FOUND])
return resp.status == httplib.OK # pytype: disable=attribute-error
def _remote_tag_digest(self):
"""Check the remote for the given manifest by digest."""
# GET the tag we're pushing
resp, httplib.NOT_FOUND])
if resp.status == httplib.NOT_FOUND: # pytype: disable=attribute-error
return None
return resp.get('docker-content-digest')
def exists(self):
try:
self.manifest(validate=False)
return True
except docker_http.V2DiagnosticException as err:
if err.status == httplib.NOT_FOUND:
return False
raise
def validate_URL_existence(self, url, use_session=False):
"""
tries to validate existence of given url by trying to open it.
true if HTTP OK,false if HTTP NOT FOUND otherwise
raises error containing error code and message
arguments:
url -- the url link to open and validate
use_session -- if True then this uses self.session.get(url) instead
of urlopen(url) to get response
returns
true if http response OK 200
false if http response NOT FOUND 404
"""
if use_session:
response = self.session.get(url)
if response.status_code == httplib.OK:
return True
elif response.status_code == httplib.NOT_FOUND:
return False
else:
raise Exception(
str(response.status_code) + " " + response.reason)
else:
response = urlopen(url, timeout=self.max_wait_time)
if response.code == httplib.OK:
return True
elif response.code == httplib.NOT_FOUND:
return False
else:
raise Exception(str(response.code) + " " + response.msg)
def list_article_attachments(self, article_id):
try:
return self._get('articles/{}/attachments.json'.format(article_id)).get('article_attachments', [])
except APIError as e:
if e.error_code == httplib.NOT_FOUND:
return []
raise e
def test_get_qpi_not_found(app_client):
response_not_found = app_client.get("/v1.0/qpis/fake.yaml")
response_data = json.loads(response_not_found.data)
assert response_not_found.status_code == httplib.NOT_FOUND
assert response_data['title'] == "QPI not found"
def cBoxDownload():
'''Returns the file's content for a given valid access token. Used as a download URL,
so that the file's path is never explicitly visible.'''
try:
acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256'])
if acctok['exp'] < time.time():
raise jwt.exceptions.ExpiredSignatureError
resp = flask.Response(xrdcl.readfile(acctok['filename'], acctok['ruid'], acctok['rgid']), mimetype='application/octet-stream')
resp.headers['Content-disposition'] = 'attachment; filename="%s"' % os.path.basename(acctok['filename'])
resp.status_code = httplib.OK
Wopi.log.info('msg="cBoxDownload: direct download succeeded" filename="%s" user="%s:%s" token="%s"' % \
(acctok['filename'], acctok['rgid'], flask.request.args['access_token'][-20:]))
return resp
except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e:
Wopi.log.warning('msg="Signature verification Failed" client="%s" requestedUrl="%s" token="%s"' % \
(flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token']))
return 'Invalid access token', httplib.NOT_FOUND
except IOError, e:
Wopi.log.info('msg="Requested file not found" filename="%s" token="%s" error="%s"' % \
(acctok['filename'], flask.request.args['access_token'][-20:], e))
return 'File not found', httplib.NOT_FOUND
except KeyError, e:
Wopi.log.error('msg="Invalid access token or request argument" error="%s"' % e)
return 'Invalid access token', httplib.UNAUTHORIZED
except Exception, e:
return _logGeneralExceptionAndReturn(e, flask.request)
def wopiFilesPost(fileid):
'''A dispatcher metod for all POST operations on files'''
Wopi.refreshconfig()
try:
acctok = jwt.decode(flask.request.args['access_token'], algorithms=['HS256'])
if acctok['exp'] < time.time():
raise jwt.exceptions.ExpiredSignatureError
headers = flask.request.headers
op = headers['X-WOPI-Override'] # must be one of the following strings,throws KeyError if missing
if op in ('LOCK', 'REFRESH_LOCK'):
return wopiLock(fileid, headers, acctok)
elif op == 'UNLOCK':
return wopiUnlock(fileid, acctok)
elif op == 'GET_LOCK':
return wopiGetLock(fileid, acctok)
elif op == 'PUT_RELATIVE':
return wopiPutRelative(fileid, acctok)
elif op == 'DELETE':
return wopiDeleteFile(fileid, acctok)
elif op == 'RENAME_FILE':
return wopiRenameFile(fileid, acctok)
#elif op == 'PUT_USER_INFO': https://wopirest.readthedocs.io/en/latest/files/PutUserInfo.html
else:
Wopi.log.warning('msg="UnkNown/unsupported operation" operation="%s"' % op)
return 'Not supported operation found in header', httplib.NOT_IMPLEMENTED
except (jwt.exceptions.DecodeError, httplib.NOT_FOUND
except Exception, flask.request)
def _handle_delete(gcs_stub, filename):
"""Handle DELETE object."""
if gcs_stub.delete_object(filename):
return _FakeUrlFetchResult(httplib.NO_CONTENT, '')
else:
return _FakeUrlFetchResult(httplib.NOT_FOUND, '')
def drop_index(cnx, config):
"""Delete index
Parameters:
cnx: HTTP connection to Elastic Search
config: Some settings (including the name of the index)
"""
sys.stderr.write( "Deleting Elastic Search index %s\n" % config.index)
####################################
cnx.request("DELETE",config.index) #
####################################
resp=cnx.getresponse()
sys.stderr.write( resp.read()+"\n")
if resp.status == httplib.NOT_FOUND:
sys.stderr.write( " WARNING: Index %s does not exist - cannot delete\n" % config.index)
elif resp.status != httplib.OK:
raise Exception(" ERROR when deleting " + config.index + ": %d %s" % (resp.status, resp.reason))
else:
sys.stderr.write( " Index deleted\n")
########
# MAIN #
########
def testQuery_noparticipants(self):
self.send_get('Participant/P1/Summary', expected_status=httplib.NOT_FOUND)
response = self.send_get('ParticipantSummary')
self.assertBundle([], response)
def testQuery_noSummaries(self):
participant = self.send_post('Participant', {"providerLink": [self.provider_link]})
participant_id = participant['participantId']
self.send_get('Participant/%s/Summary' % participant_id, response)
def main(args):
client = Client(parse_cli=False, creds_file=args.creds_file, default_instance=args.instance)
config_path = 'Config/%s' % args.key if args.key else 'Config'
try:
config_server = client.request_json(config_path, 'GET')
formatted_server_config = _json_to_sorted_string(config_server)
except HttpException as e:
if e.code == httplib.NOT_FOUND:
formatted_server_config = ''
else:
raise
if not args.config:
logging.info('----------------- Current Server Config --------------------')
_log_and_write_config_lines(formatted_server_config.split('\n'), args.config_output)
else:
with open(args.config) as config_file:
config_file = json.load(config_file)
if not args.key or args.key == 'current_config':
with open(BASE_CONfig_FILE) as base_config_file:
combined_config = json.load(base_config_file)
combined_config.update(config_file)
else:
combined_config = config_file
comparable_file = _json_to_sorted_string(combined_config)
configs_match = _compare_configs(comparable_file, formatted_server_config, args.config_output)
if not configs_match and args.update:
logging.info('-------------- Updating Server -------------------')
method = 'POST' if args.key else 'PUT'
client.request_json(config_path, method, combined_config)
def check_resp_status_and_retry(resp, image_id, url):
# Note(Jesse): This branch sorts errors into those that are permanent,
# those that are ephemeral,and those that are unexpected.
if resp.status in (httplib.BAD_REQUEST, # 400
httplib.UNAUTHORIZED, # 401
httplib.PAYMENT_required, # 402
httplib.FORBIDDEN, # 403
httplib.METHOD_NOT_ALLOWED, # 405
httplib.NOT_ACCEPTABLE, # 406
httplib.PROXY_AUTHENTICATION_required, # 407
httplib.CONFLICT, # 409
httplib.GONE, # 410
httplib.LENGTH_required, # 411
httplib.PRECONDITION_Failed, # 412
httplib.REQUEST_ENTITY_TOO_LARGE, # 413
httplib.REQUEST_URI_TOO_LONG, # 414
httplib.UNSUPPORTED_MEDIA_TYPE, # 415
httplib.REQUESTED_RANGE_NOT_SATISFIABLE, # 416
httplib.EXPECTATION_Failed, # 417
httplib.UNPROCESSABLE_ENTITY, # 422
httplib.LOCKED, # 423
httplib.Failed_DEPENDENCY, # 424
httplib.UPGRADE_required, # 426
httplib.NOT_IMPLEMENTED, # 501
httplib.HTTP_VERSION_NOT_SUPPORTED, # 505
httplib.NOT_EXTENDED, # 510
):
raise PluginError("Got Permanent Error response [%i] while "
"uploading image [%s] to glance [%s]"
% (resp.status, url))
# Nova service would process the exception
elif resp.status == httplib.NOT_FOUND: # 404
exc = XenAPI.Failure('ImageNotFound')
raise exc
# NOTE(nikhil): Only a sub-set of the 500 errors are retryable. We
# optimistically retry on 500 errors below.
elif resp.status in (httplib.REQUEST_TIMEOUT, # 408
httplib.INTERNAL_SERVER_ERROR, # 500
httplib.BAD_GATEWAY, # 502
httplib.SERVICE_UNAVAILABLE, # 503
httplib.GATEWAY_TIMEOUT, # 504
httplib.INSUFFICIENT_STORAGE, # 507
):
raise RetryableError("Got Ephemeral Error response [%i] while "
"uploading image [%s] to glance [%s]"
% (resp.status, url))
else:
# Note(Jesse): Assume unexpected errors are retryable. If you are
# seeing this error message,the error should probably be added
# to either the ephemeral or permanent error list.
raise RetryableError("Got Unexpected Error response [%i] while "
"uploading image [%s] to glance [%s]"
% (resp.status, url))
def _apply_patches(app):
"""
Apply special fixes and/or monkey patches. These fixes will hopefully
become obsolete with proper fixes made to these libraries in the future.
"""
# "X-Forwarded-For" remote_ip fixup when running behind a load balancer.
# Assuming we are running behind two proxies (or load balancers),the API
# router,and the auto-scaling group.
num_proxies = 1
import socket
if socket.gethostname().startswith("ip-10-60-"):
num_proxies = 2
app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=num_proxies)
# Fixing SCRIPT_NAME/url_scheme when behind reverse proxy (i.e. the
# API router).
app.wsgi_app = ReverseProxied(app.wsgi_app)
# Datetime fix
app.json_encoder = CustomJSONEncoder
# Euthanize Flask Restful exception handlers. This may get fixed
# soon in "Error handling re-worked #544"
# https://github.com/flask-restful/flask-restful/pull/544
def patched_init_app(self, app):
if len(self.resources) > 0:
for resource, urls, kwargs in self.resources:
self._register_view(app, resource, *urls, **kwargs)
Api._init_app = patched_init_app
# Install proper json dumper for Flask Restful library.
# This is needed because we need to use Flask's JSON converter which can
# handle more variety of Python types than the standard converter.
def output_json(obj, code, headers=None):
resp = make_response(dumps(obj, indent=4), code)
resp.headers.extend(headers or {})
return resp
if isinstance(flask_restful.DEFAULT_REPRESENTATIONS, dict):
flask_restful.DEFAULT_REPRESENTATIONS['application/json'] = output_json
else:
flask_restful.DEFAULT_REPRESENTATIONS = [('application/json', output_json)]
def tenant_not_found(message):
status_code = httplib.NOT_FOUND
response = jsonify({"error": message, "status_code": status_code})
response.status_code = status_code
return response
@app.errorhandler(TenantNotFoundError)
def bad_request_handler(error):
return tenant_not_found(error.message)
def check_status(status, expected, path, headers=None,
resp_headers=None, body=None, extras=None):
"""Check HTTP response status is expected.
Args:
status: HTTP response status. int.
expected: a list of expected statuses. A list of ints.
path: filename or a path prefix.
headers: HTTP request headers.
resp_headers: HTTP response headers.
body: HTTP response body.
extras: extra info to be logged verbatim if error occurs.
Raises:
AuthorizationError: if authorization Failed.
NotFoundError: if an object that's expected to exist doesn't.
TimeoutError: if HTTP request timed out.
ServerError: if server experienced some errors.
FatalError: if any other unexpected errors occurred.
"""
if status in expected:
return
msg = ('Expect status %r from Google Storage. But got status %d.\n'
'Path: %r.\n'
'Request headers: %r.\n'
'Response headers: %r.\n'
'Body: %r.\n'
'Extra info: %r.\n' %
(expected, status, resp_headers, body, extras))
if status == httplib.UNAUTHORIZED:
raise AuthorizationError(msg)
elif status == httplib.FORBIDDEN:
raise ForbiddenError(msg)
elif status == httplib.NOT_FOUND:
raise NotFoundError(msg)
elif status == httplib.REQUEST_TIMEOUT:
raise TimeoutError(msg)
elif status == httplib.REQUESTED_RANGE_NOT_SATISFIABLE:
raise InvalidRange(msg)
elif (status == httplib.OK and 308 in expected and
httplib.OK not in expected):
raise FileClosedError(msg)
elif status >= 500:
raise ServerError(msg)
else:
raise FatalError(msg)
def cBoxOpen():
'''Returns a WOPISrc target and an access token to be passed to Microsoft Office online for
accessing a given file for a given user. This is the most sensitive call as it provides direct
access to any user's file,therefore it is protected both by IP and a shared secret. The shared
secret protection is disabled when running in plain http mode for testing purposes.'''
Wopi.refreshconfig()
req = flask.request
# if running in https mode,first check if the shared secret matches ours
if Wopi.useHttps and ('Authorization' not in req.headers or req.headers['Authorization'] != 'Bearer ' + Wopi.ocsecret):
Wopi.log.warning('msg="cBoxOpen: unauthorized access attempt,missing authorization token" client="%s"' % req.remote_addr)
return 'Client not authorized', httplib.UNAUTHORIZED
# Now validate the user identity and deny root access
try:
ruid = int(req.args['ruid'])
rgid = int(req.args['rgid'])
if ruid == 0 or rgid == 0:
raise ValueError
except ValueError:
Wopi.log.warning('msg="cBoxOpen: invalid user/group in request" client="%s" user="%s:%s"' % \
(req.remote_addr, req.args['ruid'], req.args['rgid']))
return 'Client not authorized', httplib.UNAUTHORIZED
# then resolve the client: only our OwnCloud servers shall use this API
allowedclients = Wopi.config.get('general', 'allowedclients').split()
for c in allowedclients:
try:
for ip in socket.getaddrinfo(c, None):
if ip[4][0] == req.remote_addr:
# we got a match,generate the access token
filename = urllib.unquote(req.args['filename'])
canedit = 'canedit' in req.args and req.args['canedit'].lower() == 'true'
username = req.args['username'] if 'username' in req.args else ''
folderurl = urllib.unquote(req.args['folderurl'])
try:
Wopi.log.info('msg="cBoxOpen: access granted,generating token" client="%s" user="%d:%d" friendlyname="%s" canedit="%s"' % \
(req.remote_addr, ruid, rgid, username, canedit))
inode, acctok = _generateAccesstoken(str(ruid), str(rgid), canedit, folderurl)
# return an URL-encoded WOPISrc URL for the Office Online server
return urllib.quote_plus('%s/wopi/files/%s' % (_ourHostName(), inode)) + \
'&access_token=%s' % acctok # no need to URL-encode the JWT token
except IOError:
return 'Remote error or file not found', httplib.NOT_FOUND
except socket.gaierror:
Wopi.log.warning('msg="cBoxOpen: %s found in configured allowed clients but unkNown by DNS resolution,ignoring"' % c)
# no match found,fail
Wopi.log.warning('msg="cBoxOpen: unauthorized access attempt,client IP not whitelisted" client="%s"' % req.remote_addr)
return 'Client not authorized', httplib.UNAUTHORIZED
def checkConnection(suppressOutput=False):
if not any((conf.proxy, conf.tor, conf.dummy)):
try:
socket.getaddrinfo(conf.hostname, None)
except socket.gaierror:
errMsg = "host '%s' does not exist" % conf.hostname
raise sqlmapConnectionException(errMsg)
except socket.error, ex:
errMsg = "problem occurred while "
errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, str(ex))
raise sqlmapConnectionException(errMsg)
if not suppressOutput and not conf.dummy:
infoMsg = "testing connection to the target URL"
logger.info(infoMsg)
try:
page, _ = Request.queryPage(content=True, noteResponseTime=False)
kb.originalPage = kb.pageTemplate = page
kb.errorIsNone = False
if not kb.originalPage and wasLastResponseHTTPError():
errMsg = "unable to retrieve page content"
raise sqlmapConnectionException(errMsg)
elif wasLastResponseDBMSError():
warnMsg = "there is a DBMS error found in the HTTP response body "
warnMsg += "which Could interfere with the results of the tests"
logger.warn(warnMsg)
elif wasLastResponseHTTPError():
warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError()
warnMsg += "which Could interfere with the results of the tests"
logger.warn(warnMsg)
else:
kb.errorIsNone = True
except sqlmapConnectionException, errMsg:
if conf.ipv6:
warnMsg = "check connection to a provided "
warnMsg += "IPv6 address with a tool like ping6 "
warnMsg += "(e.g. 'ping6 -I eth0 %s') " % conf.hostname
warnMsg += "prior to running sqlmap to avoid "
warnMsg += "any addressing issues"
singleTimeWarnMessage(warnMsg)
if any(code in kb.httpErrorCodes for code in (httplib.NOT_FOUND, )):
errMsg = getUnicode(errMsg)
logger.critical(errMsg)
if conf.multipleTargets:
return False
msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] "
if readInput(msg, default="Y") not in ("n", "N"):
raise sqlmapSilentQuitException
else:
kb.ignoreNotFound = True
else:
raise
return True
def check_status(status, extras))
if status == httplib.UNAUTHORIZED:
raise AuthorizationError(msg)
elif status == httplib.FORBIDDEN:
raise ForbiddenError(msg)
elif status == httplib.NOT_FOUND:
raise NotFoundError(msg)
elif status == httplib.REQUEST_TIMEOUT:
raise TimeoutError(msg)
elif status == httplib.REQUESTED_RANGE_NOT_SATISFIABLE:
raise InvalidRange(msg)
elif (status == httplib.OK and 308 in expected and
httplib.OK not in expected):
raise FileClosedError(msg)
elif status >= 500:
raise ServerError(msg)
else:
raise FatalError(msg)
def do_GET(self):
path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "")
code, content, params, cursor = httplib.OK, HTML_PREFIX, dict((match.group("parameter"), urllib.unquote(','.join(re.findall(r"(?:\A|[?&])%s=([^&]+)" % match.group("parameter"), query)))) for match in re.finditer(r"((\A|[?&])(?P<parameter>[\w\[\]]+)=)([^&]+)", query)), connection.cursor()
try:
if path == '/':
if "id" in params:
cursor.execute("SELECT id,username,name,surname FROM users WHERE id=" + params["id"])
content += "<div><span>Result(s):</span></div><table><thead><th>id</th><th>username</th><th>name</th><th>surname</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX)
elif "v" in params:
content += re.sub(r"(v<b>)[^<]+(</b>)", r"\g<1>%s\g<2>" % params["v"], HTML_POSTFIX)
elif "object" in params:
content = str(pickle.loads(params["object"]))
elif "path" in params:
content = (open(os.path.abspath(params["path"]), "rb") if not "://" in params["path"] else urllib.urlopen(params["path"])).read()
elif "domain" in params:
content = subprocess.check_output("nslookup " + params["domain"], shell=True, stderr=subprocess.STDOUT, stdin=subprocess.PIPE)
elif "xml" in params:
content = lxml.etree.tostring(lxml.etree.parse(cStringIO.StringIO(params["xml"]), lxml.etree.XMLParser(no_network=False)), pretty_print=True)
elif "name" in params:
found = lxml.etree.parse(cStringIO.StringIO(USERS_XML)).xpath(".//user[name/text()='%s']" % params["name"])
content += "<b>Surname:</b> %s%s" % (found[-1].find("surname").text if found else "-", HTML_POSTFIX)
elif "size" in params:
start, _ = time.time(), "<br>".join("#" * int(params["size"]) for _ in range(int(params["size"])))
content += "<b>Time required</b> (to 'resize image' to %dx%d): %.6f seconds%s" % (int(params["size"]), int(params["size"]), time.time() - start, HTML_POSTFIX)
elif "comment" in params or query == "comment=":
if "comment" in params:
cursor.execute("INSERT INTO comments VALUES(NULL,'%s','%s')" % (params["comment"], time.ctime()))
content += "Thank you for leaving the comment. Please click here <a href=\"/?comment=\">here</a> to see all comments%s" % HTML_POSTFIX
else:
cursor.execute("SELECT id,comment,time FROM comments")
content += "<div><span>Comment(s):</span></div><table><thead><th>id</th><th>comment</th><th>time</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX)
elif "include" in params:
backup, sys.stdout, program, envs = sys.stdout, cStringIO.StringIO(), (open(params["include"], "rb") if not "://" in params["include"] else urllib.urlopen(params["include"])).read(), {"DOCUMENT_ROOT": os.getcwd(), "HTTP_USER_AGENT": self.headers.get("User-Agent"), "REMOTE_ADDR": self.client_address[0], "REMOTE_PORT": self.client_address[1], "PATH": path, "QUERY_STRING": query}
exec(program) in envs
content += sys.stdout.getvalue()
sys.stdout = backup
elif "redir" in params:
content = content.replace("<head>", "<head><Meta http-equiv=\"refresh\" content=\"0; url=%s\"/>" % params["redir"])
if HTML_PREFIX in content and HTML_POSTFIX not in content:
content += "<div><span>Attacks:</span></div>\n<ul>%s\n</ul>\n" % ("".join("\n<li%s>%s - <a href=\"%s\">vulnerable</a>|<a href=\"%s\">exploit</a>|<a href=\"%s\" target=\"_blank\">info</a></li>" % (" class=\"disabled\" title=\"module 'python-lxml' not installed\"" if ("lxml.etree" not in sys.modules and any(_ in case[0].upper() for _ in ("XML", "XPATH"))) else "", case[0], case[1], case[2], case[3]) for case in CASES)).replace("<a href=\"None\">vulnerable</a>|", "<b>-</b>|")
elif path == "/users.json":
content = "%s%s%s" % ("" if not "callback" in params else "%s(" % params["callback"], json.dumps(dict((_.findtext("username"), _.findtext("surname")) for _ in xml.etree.ElementTree.fromstring(USERS_XML).findall("user"))), "" if not "callback" in params else ")")
elif path == "/login":
cursor.execute("SELECT * FROM users WHERE username='" + re.sub(r"[^\w]", params.get("username", "")) + "' AND password='" + params.get("password", "") + "'")
content += "Welcome <b>%s</b><Meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=%s; path=/\"><Meta http-equiv=\"refresh\" content=\"1; url=/\"/>" % (re.sub(r"[^\w]", "")), "".join(random.sample(string.letters + string.digits, 20))) if cursor.fetchall() else "The username and/or password is incorrect<Meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=; path=/; expires=Thu,01 Jan 1970 00:00:00 GMT\">"
else:
code = httplib.NOT_FOUND
except Exception, ex:
content = ex.output if isinstance(ex, subprocess.CalledProcessError) else traceback.format_exc()
code = httplib.INTERNAL_SERVER_ERROR
finally:
self.send_response(code)
self.send_header("Connection", "close")
self.send_header("X-XSS-Protection", "0")
self.send_header("Content-Type", "%s%s" % ("text/html" if content.startswith("<!DOCTYPE html>") else "text/plain", "; charset=%s" % params.get("charset", "utf8")))
self.end_headers()
self.wfile.write("%s%s" % (content, HTML_POSTFIX if HTML_PREFIX in content and GITHUB not in content else ""))
self.wfile.flush()
self.wfile.close()