我们从Python开源项目中,提取了以下38个代码示例,用于说明如何使用httplib.NOT_FOUND。
def test_validate_URL_existence_url_not_found(self, mock_cs, mock_url): url_not_found = Foo() setattr(url_not_found, "code", httplib.NOT_FOUND) mock_url.side_effect = [url_not_found] mock_cs.side_effect = [None] api = API.apiCalls.ApiCalls("", "", "", "", "") validate_URL = api.validate_URL_existence url = "notAWebSite" valid = False is_valid = validate_URL(url) self.assertEqual(is_valid, valid) API.apiCalls.urlopen.assert_called_with(url, timeout=api.max_wait_time)
def does_bucket_exist(self, bucket_name, config=None): """ Check whether there is a bucket with specific name :param bucket_name: None :type bucket_name: str :return:True or False :rtype: bool """ try: self._send_request(http_methods.HEAD, bucket_name, config=config) return True except BceHttpClientError as e: if isinstance(e.last_error, BceServerError): if e.last_error.status_code == httplib.FORBIDDEN: return True if e.last_error.status_code == httplib.NOT_FOUND: return False raise e
def check_endpoint_for_error(resource, operation=None): def _decorator(func): def _execute(name=None): try: return func(name), httplib.OK except error.NotFoundError: return connexion.problem( httplib.NOT_FOUND, '{} not found'.format(resource), 'Requested {} `{}` not found.' .format(resource.lower(), name)) except error.ToBeDoneError: return connexion.problem( httplib.NOT_IMPLEMENTED, '{} handler not implemented'.format(operation), 'Requested operation `{}` on {} not implemented.' .format(operation.lower(), resource.lower())) return _execute return _decorator
def _copy(gcs_stub, filename, headers): """Copy file. Args: gcs_stub: an instance of gcs stub. filename: dst filename of format /bucket/filename headers: a dict of request headers. Must contain _XGoogCopySource header. Returns: An _FakeUrlFetchResult instance. """ source = _XGoogCopySource(headers).value result = _handle_head(gcs_stub, source) if result.status_code == httplib.NOT_FOUND: return result directive = headers.pop('x-goog-metadata-directive', 'COPY') if directive == 'REPLACE': gcs_stub.put_copy(source, filename, headers) else: gcs_stub.put_copy(source, filename, None) return _FakeUrlFetchResult(httplib.OK, {}, '')
def _handle_get(gcs_stub, filename, param_dict, headers): """Handle GET object and GET bucket.""" mo = re.match(BUCKET_ONLY_PATH, filename) if mo is not None: return _handle_get_bucket(gcs_stub, mo.group(1), param_dict) else: result = _handle_head(gcs_stub, filename) if result.status_code == httplib.NOT_FOUND: return result start, end = _Range(headers).value st_size = result.headers['x-goog-stored-content-length'] if end is not None: result.status_code = httplib.PARTIAL_CONTENT end = min(end, st_size - 1) result.headers['content-range'] = 'bytes %d-%d/%d' % (start, end, st_size) result.content = gcs_stub.get_object(filename, start, end) result.headers['content-length'] = len(result.content) return result
def _handle_head(gcs_stub, filename): """Handle HEAD request.""" filestat = gcs_stub.head_object(filename) if not filestat: return _FakeUrlFetchResult(httplib.NOT_FOUND, {}, '') http_time = common.posix_time_to_http(filestat.st_ctime) response_headers = { 'x-goog-stored-content-length': filestat.st_size, 'content-length': 0, 'content-type': filestat.content_type, 'etag': filestat.etag, 'last-modified': http_time } if filestat.metadata: response_headers.update(filestat.metadata) return _FakeUrlFetchResult(httplib.OK, response_headers, '')
def test_check_resp_status_and_retry_image_not_found(self): mock_resp_badgateway = mock.Mock() mock_resp_badgateway.status = httplib.NOT_FOUND self.glance.XenAPI.Failure = FakeXenAPIException self.assertRaises( self.glance.XenAPI.Failure, self.glance.check_resp_status_and_retry, mock_resp_badgateway, 'fake_image_id', 'fake_url')
def tenant_not_found(message): status_code = httplib.NOT_FOUND response = jsonify({"error": message, "status_code": status_code}) response.status_code = status_code return response
def _blob_exists(self, digest): """Check the remote for the given layer.""" # HEAD the blob, and check for a 200 resp, unused_content = self._transport.Request( '{base_url}/blobs/{digest}'.format( base_url=self._base_url(), digest=digest), method='HEAD', accepted_codes=[httplib.OK, httplib.NOT_FOUND]) return resp.status == httplib.OK # pytype: disable=attribute-error
def _manifest_exists(self, image): """Check the remote for the given manifest by digest.""" # GET the manifest by digest, and check for 200 resp, unused_content = self._transport.Request( '{base_url}/manifests/{digest}'.format( base_url=self._base_url(), digest=image.digest()), method='GET', accepted_codes=[httplib.OK, httplib.NOT_FOUND], accepted_mimes=[image.media_type()]) return resp.status == httplib.OK # pytype: disable=attribute-error
def _remote_tag_digest(self): """Check the remote for the given manifest by digest.""" # GET the tag we're pushing resp, unused_content = self._transport.Request( '{base_url}/manifests/{tag}'.format( base_url=self._base_url(), tag=self._name.tag), # pytype: disable=attribute-error method='GET', accepted_codes=[httplib.OK, httplib.NOT_FOUND]) if resp.status == httplib.NOT_FOUND: # pytype: disable=attribute-error return None return resp.get('docker-content-digest')
def exists(self): try: manifest = json.loads(self.manifest(validate=False)) return (manifest['schemaVersion'] == 2 and 'layers' in manifest and self.media_type() in self._accepted_mimes) except docker_http.V2DiagnosticException as err: if err.status == httplib.NOT_FOUND: return False raise
def exists(self): try: manifest = json.loads(self.manifest(validate=False)) return manifest['schemaVersion'] == 2 and 'manifests' in manifest except docker_http.V2DiagnosticException as err: if err.status == httplib.NOT_FOUND: return False raise
def _manifest_exists(self, image): """Check the remote for the given manifest by digest.""" # GET the manifest by digest, and check for 200 resp, unused_content = self._transport.Request( '{base_url}/manifests/{digest}'.format( base_url=self._base_url(), digest=image.digest()), method='GET', accepted_codes=[httplib.OK, httplib.NOT_FOUND]) return resp.status == httplib.OK # pytype: disable=attribute-error
def exists(self): try: self.manifest(validate=False) return True except docker_http.V2DiagnosticException as err: if err.status == httplib.NOT_FOUND: return False raise
def validate_URL_existence(self, url, use_session=False): """ tries to validate existence of given url by trying to open it. true if HTTP OK, false if HTTP NOT FOUND otherwise raises error containing error code and message arguments: url -- the url link to open and validate use_session -- if True then this uses self.session.get(url) instead of urlopen(url) to get response returns true if http response OK 200 false if http response NOT FOUND 404 """ if use_session: response = self.session.get(url) if response.status_code == httplib.OK: return True elif response.status_code == httplib.NOT_FOUND: return False else: raise Exception( str(response.status_code) + " " + response.reason) else: response = urlopen(url, timeout=self.max_wait_time) if response.code == httplib.OK: return True elif response.code == httplib.NOT_FOUND: return False else: raise Exception(str(response.code) + " " + response.msg)
def list_article_attachments(self, article_id): try: return self._get('articles/{}/attachments.json'.format(article_id)).get('article_attachments', []) except APIError as e: if e.error_code == httplib.NOT_FOUND: return [] raise e
def test_get_qpi_not_found(app_client): response_not_found = app_client.get("/v1.0/qpis/fake.yaml") response_data = json.loads(response_not_found.data) assert response_not_found.status_code == httplib.NOT_FOUND assert response_data['title'] == "QPI not found"
def cboxDownload(): '''Returns the file's content for a given valid access token. Used as a download URL, so that the file's path is never explicitly visible.''' try: acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256']) if acctok['exp'] < time.time(): raise jwt.exceptions.ExpiredSignatureError resp = flask.Response(xrdcl.readfile(acctok['filename'], acctok['ruid'], acctok['rgid']), mimetype='application/octet-stream') resp.headers['Content-Disposition'] = 'attachment; filename="%s"' % os.path.basename(acctok['filename']) resp.status_code = httplib.OK Wopi.log.info('msg="cboxDownload: direct download succeeded" filename="%s" user="%s:%s" token="%s"' % \ (acctok['filename'], acctok['ruid'], acctok['rgid'], flask.request.args['access_token'][-20:])) return resp except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e: Wopi.log.warning('msg="Signature verification failed" client="%s" requestedUrl="%s" token="%s"' % \ (flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token'])) return 'Invalid access token', httplib.NOT_FOUND except IOError, e: Wopi.log.info('msg="Requested file not found" filename="%s" token="%s" error="%s"' % \ (acctok['filename'], flask.request.args['access_token'][-20:], e)) return 'File not found', httplib.NOT_FOUND except KeyError, e: Wopi.log.error('msg="Invalid access token or request argument" error="%s"' % e) return 'Invalid access token', httplib.UNAUTHORIZED except Exception, e: return _logGeneralExceptionAndReturn(e, flask.request)
def wopiFilesPost(fileid): '''A dispatcher metod for all POST operations on files''' Wopi.refreshconfig() try: acctok = jwt.decode(flask.request.args['access_token'], Wopi.wopisecret, algorithms=['HS256']) if acctok['exp'] < time.time(): raise jwt.exceptions.ExpiredSignatureError headers = flask.request.headers op = headers['X-WOPI-Override'] # must be one of the following strings, throws KeyError if missing if op in ('LOCK', 'REFRESH_LOCK'): return wopiLock(fileid, headers, acctok) elif op == 'UNLOCK': return wopiUnlock(fileid, headers, acctok) elif op == 'GET_LOCK': return wopiGetLock(fileid, headers, acctok) elif op == 'PUT_RELATIVE': return wopiPutRelative(fileid, headers, acctok) elif op == 'DELETE': return wopiDeleteFile(fileid, headers, acctok) elif op == 'RENAME_FILE': return wopiRenameFile(fileid, headers, acctok) #elif op == 'PUT_USER_INFO': https://wopirest.readthedocs.io/en/latest/files/PutUserInfo.html else: Wopi.log.warning('msg="Unknown/unsupported operation" operation="%s"' % op) return 'Not supported operation found in header', httplib.NOT_IMPLEMENTED except (jwt.exceptions.DecodeError, jwt.exceptions.ExpiredSignatureError) as e: Wopi.log.warning('msg="Signature verification failed" client="%s" requestedUrl="%s" token="%s"' % \ (flask.request.remote_addr, flask.request.base_url, flask.request.args['access_token'])) return 'Invalid access token', httplib.NOT_FOUND except Exception, e: return _logGeneralExceptionAndReturn(e, flask.request)
def _handle_delete(gcs_stub, filename): """Handle DELETE object.""" if gcs_stub.delete_object(filename): return _FakeUrlFetchResult(httplib.NO_CONTENT, {}, '') else: return _FakeUrlFetchResult(httplib.NOT_FOUND, {}, '')
def _not_found_404(environ, start_response): status = httplib.NOT_FOUND start_response('%d %s' % (status, httplib.responses[status]), [('Content-Type', 'text/plain')]) return ['%s not found' % environ['PATH_INFO']]
def drop_index(cnx, config): """Delete index Parameters: cnx: HTTP connection to Elastic Search config: Some settings (including the name of the index) """ sys.stderr.write( "Deleting Elastic Search index %s\n" % config.index) #################################### cnx.request("DELETE",config.index) # #################################### resp=cnx.getresponse() sys.stderr.write( resp.read()+"\n") if resp.status == httplib.NOT_FOUND: sys.stderr.write( " WARNING: Index %s does not exist - cannot delete\n" % config.index) elif resp.status != httplib.OK: raise Exception(" ERROR when deleting " + config.index + ": %d %s" % (resp.status, resp.reason)) else: sys.stderr.write( " Index deleted\n") ######## # MAIN # ########
def test_metrics(self): request = { 'start_date': '2017-01-21', 'end_date': '2017-01-22' } try: response = self.client.request_json('Metrics', 'POST', request) pprint.pprint(response) except HttpException as ex: if ex.code == httplib.NOT_FOUND: print "No metrics loaded" else: raise
def testQuery_noParticipants(self): self.send_get('Participant/P1/Summary', expected_status=httplib.NOT_FOUND) response = self.send_get('ParticipantSummary') self.assertBundle([], response)
def testQuery_noSummaries(self): participant = self.send_post('Participant', {"providerLink": [self.provider_link]}) participant_id = participant['participantId'] self.send_get('Participant/%s/Summary' % participant_id, expected_status=httplib.NOT_FOUND) response = self.send_get('ParticipantSummary') self.assertBundle([], response)
def main(args): client = Client(parse_cli=False, creds_file=args.creds_file, default_instance=args.instance) config_path = 'Config/%s' % args.key if args.key else 'Config' try: config_server = client.request_json(config_path, 'GET') formatted_server_config = _json_to_sorted_string(config_server) except HttpException as e: if e.code == httplib.NOT_FOUND: formatted_server_config = '' else: raise if not args.config: logging.info('----------------- Current Server Config --------------------') _log_and_write_config_lines(formatted_server_config.split('\n'), args.config_output) else: with open(args.config) as config_file: config_file = json.load(config_file) if not args.key or args.key == 'current_config': with open(BASE_CONFIG_FILE) as base_config_file: combined_config = json.load(base_config_file) combined_config.update(config_file) else: combined_config = config_file comparable_file = _json_to_sorted_string(combined_config) configs_match = _compare_configs(comparable_file, formatted_server_config, args.config_output) if not configs_match and args.update: logging.info('-------------- Updating Server -------------------') method = 'POST' if args.key else 'PUT' client.request_json(config_path, method, combined_config)
def check_resp_status_and_retry(resp, image_id, url): # Note(Jesse): This branch sorts errors into those that are permanent, # those that are ephemeral, and those that are unexpected. if resp.status in (httplib.BAD_REQUEST, # 400 httplib.UNAUTHORIZED, # 401 httplib.PAYMENT_REQUIRED, # 402 httplib.FORBIDDEN, # 403 httplib.METHOD_NOT_ALLOWED, # 405 httplib.NOT_ACCEPTABLE, # 406 httplib.PROXY_AUTHENTICATION_REQUIRED, # 407 httplib.CONFLICT, # 409 httplib.GONE, # 410 httplib.LENGTH_REQUIRED, # 411 httplib.PRECONDITION_FAILED, # 412 httplib.REQUEST_ENTITY_TOO_LARGE, # 413 httplib.REQUEST_URI_TOO_LONG, # 414 httplib.UNSUPPORTED_MEDIA_TYPE, # 415 httplib.REQUESTED_RANGE_NOT_SATISFIABLE, # 416 httplib.EXPECTATION_FAILED, # 417 httplib.UNPROCESSABLE_ENTITY, # 422 httplib.LOCKED, # 423 httplib.FAILED_DEPENDENCY, # 424 httplib.UPGRADE_REQUIRED, # 426 httplib.NOT_IMPLEMENTED, # 501 httplib.HTTP_VERSION_NOT_SUPPORTED, # 505 httplib.NOT_EXTENDED, # 510 ): raise PluginError("Got Permanent Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url)) # Nova service would process the exception elif resp.status == httplib.NOT_FOUND: # 404 exc = XenAPI.Failure('ImageNotFound') raise exc # NOTE(nikhil): Only a sub-set of the 500 errors are retryable. We # optimistically retry on 500 errors below. elif resp.status in (httplib.REQUEST_TIMEOUT, # 408 httplib.INTERNAL_SERVER_ERROR, # 500 httplib.BAD_GATEWAY, # 502 httplib.SERVICE_UNAVAILABLE, # 503 httplib.GATEWAY_TIMEOUT, # 504 httplib.INSUFFICIENT_STORAGE, # 507 ): raise RetryableError("Got Ephemeral Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url)) else: # Note(Jesse): Assume unexpected errors are retryable. If you are # seeing this error message, the error should probably be added # to either the ephemeral or permanent error list. raise RetryableError("Got Unexpected Error response [%i] while " "uploading image [%s] to glance [%s]" % (resp.status, image_id, url))
def _apply_patches(app): """ Apply special fixes and/or monkey patches. These fixes will hopefully become obsolete with proper fixes made to these libraries in the future. """ # "X-Forwarded-For" remote_ip fixup when running behind a load balancer. # Assuming we are running behind two proxies (or load balancers), the API # router, and the auto-scaling group. num_proxies = 1 import socket if socket.gethostname().startswith("ip-10-60-"): num_proxies = 2 app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=num_proxies) # Fixing SCRIPT_NAME/url_scheme when behind reverse proxy (i.e. the # API router). app.wsgi_app = ReverseProxied(app.wsgi_app) # Datetime fix app.json_encoder = CustomJSONEncoder # Euthanize Flask Restful exception handlers. This may get fixed # soon in "Error handling re-worked #544" # https://github.com/flask-restful/flask-restful/pull/544 def patched_init_app(self, app): if len(self.resources) > 0: for resource, urls, kwargs in self.resources: self._register_view(app, resource, *urls, **kwargs) Api._init_app = patched_init_app # Install proper json dumper for Flask Restful library. # This is needed because we need to use Flask's JSON converter which can # handle more variety of Python types than the standard converter. def output_json(obj, code, headers=None): resp = make_response(dumps(obj, indent=4), code) resp.headers.extend(headers or {}) return resp if isinstance(flask_restful.DEFAULT_REPRESENTATIONS, dict): flask_restful.DEFAULT_REPRESENTATIONS['application/json'] = output_json else: flask_restful.DEFAULT_REPRESENTATIONS = [('application/json', output_json)] def tenant_not_found(message): status_code = httplib.NOT_FOUND response = jsonify({"error": message, "status_code": status_code}) response.status_code = status_code return response @app.errorhandler(TenantNotFoundError) def bad_request_handler(error): return tenant_not_found(error.message)
def check_status(status, expected, path, headers=None, resp_headers=None, body=None, extras=None): """Check HTTP response status is expected. Args: status: HTTP response status. int. expected: a list of expected statuses. A list of ints. path: filename or a path prefix. headers: HTTP request headers. resp_headers: HTTP response headers. body: HTTP response body. extras: extra info to be logged verbatim if error occurs. Raises: AuthorizationError: if authorization failed. NotFoundError: if an object that's expected to exist doesn't. TimeoutError: if HTTP request timed out. ServerError: if server experienced some errors. FatalError: if any other unexpected errors occurred. """ if status in expected: return msg = ('Expect status %r from Google Storage. But got status %d.\n' 'Path: %r.\n' 'Request headers: %r.\n' 'Response headers: %r.\n' 'Body: %r.\n' 'Extra info: %r.\n' % (expected, status, path, headers, resp_headers, body, extras)) if status == httplib.UNAUTHORIZED: raise AuthorizationError(msg) elif status == httplib.FORBIDDEN: raise ForbiddenError(msg) elif status == httplib.NOT_FOUND: raise NotFoundError(msg) elif status == httplib.REQUEST_TIMEOUT: raise TimeoutError(msg) elif status == httplib.REQUESTED_RANGE_NOT_SATISFIABLE: raise InvalidRange(msg) elif (status == httplib.OK and 308 in expected and httplib.OK not in expected): raise FileClosedError(msg) elif status >= 500: raise ServerError(msg) else: raise FatalError(msg)
def cboxOpen(): '''Returns a WOPISrc target and an access token to be passed to Microsoft Office online for accessing a given file for a given user. This is the most sensitive call as it provides direct access to any user's file, therefore it is protected both by IP and a shared secret. The shared secret protection is disabled when running in plain http mode for testing purposes.''' Wopi.refreshconfig() req = flask.request # if running in https mode, first check if the shared secret matches ours if Wopi.useHttps and ('Authorization' not in req.headers or req.headers['Authorization'] != 'Bearer ' + Wopi.ocsecret): Wopi.log.warning('msg="cboxOpen: unauthorized access attempt, missing authorization token" client="%s"' % req.remote_addr) return 'Client not authorized', httplib.UNAUTHORIZED # now validate the user identity and deny root access try: ruid = int(req.args['ruid']) rgid = int(req.args['rgid']) if ruid == 0 or rgid == 0: raise ValueError except ValueError: Wopi.log.warning('msg="cboxOpen: invalid user/group in request" client="%s" user="%s:%s"' % \ (req.remote_addr, req.args['ruid'], req.args['rgid'])) return 'Client not authorized', httplib.UNAUTHORIZED # then resolve the client: only our OwnCloud servers shall use this API allowedclients = Wopi.config.get('general', 'allowedclients').split() for c in allowedclients: try: for ip in socket.getaddrinfo(c, None): if ip[4][0] == req.remote_addr: # we got a match, generate the access token filename = urllib.unquote(req.args['filename']) canedit = 'canedit' in req.args and req.args['canedit'].lower() == 'true' username = req.args['username'] if 'username' in req.args else '' folderurl = urllib.unquote(req.args['folderurl']) try: Wopi.log.info('msg="cboxOpen: access granted, generating token" client="%s" user="%d:%d" friendlyname="%s" canedit="%s"' % \ (req.remote_addr, ruid, rgid, username, canedit)) inode, acctok = _generateAccessToken(str(ruid), str(rgid), filename, canedit, username, folderurl) # return an URL-encoded WOPISrc URL for the Office Online server return urllib.quote_plus('%s/wopi/files/%s' % (_ourHostName(), inode)) + \ '&access_token=%s' % acctok # no need to URL-encode the JWT token except IOError: return 'Remote error or file not found', httplib.NOT_FOUND except socket.gaierror: Wopi.log.warning('msg="cboxOpen: %s found in configured allowed clients but unknown by DNS resolution, ignoring"' % c) # no match found, fail Wopi.log.warning('msg="cboxOpen: unauthorized access attempt, client IP not whitelisted" client="%s"' % req.remote_addr) return 'Client not authorized', httplib.UNAUTHORIZED
def checkConnection(suppressOutput=False): if not any((conf.proxy, conf.tor, conf.dummy)): try: socket.getaddrinfo(conf.hostname, None) except socket.gaierror: errMsg = "host '%s' does not exist" % conf.hostname raise SqlmapConnectionException(errMsg) except socket.error, ex: errMsg = "problem occurred while " errMsg += "resolving a host name '%s' ('%s')" % (conf.hostname, str(ex)) raise SqlmapConnectionException(errMsg) if not suppressOutput and not conf.dummy: infoMsg = "testing connection to the target URL" logger.info(infoMsg) try: page, _ = Request.queryPage(content=True, noteResponseTime=False) kb.originalPage = kb.pageTemplate = page kb.errorIsNone = False if not kb.originalPage and wasLastResponseHTTPError(): errMsg = "unable to retrieve page content" raise SqlmapConnectionException(errMsg) elif wasLastResponseDBMSError(): warnMsg = "there is a DBMS error found in the HTTP response body " warnMsg += "which could interfere with the results of the tests" logger.warn(warnMsg) elif wasLastResponseHTTPError(): warnMsg = "the web server responded with an HTTP error code (%d) " % getLastRequestHTTPError() warnMsg += "which could interfere with the results of the tests" logger.warn(warnMsg) else: kb.errorIsNone = True except SqlmapConnectionException, errMsg: if conf.ipv6: warnMsg = "check connection to a provided " warnMsg += "IPv6 address with a tool like ping6 " warnMsg += "(e.g. 'ping6 -I eth0 %s') " % conf.hostname warnMsg += "prior to running sqlmap to avoid " warnMsg += "any addressing issues" singleTimeWarnMessage(warnMsg) if any(code in kb.httpErrorCodes for code in (httplib.NOT_FOUND, )): errMsg = getUnicode(errMsg) logger.critical(errMsg) if conf.multipleTargets: return False msg = "it is not recommended to continue in this kind of cases. Do you want to quit and make sure that everything is set up properly? [Y/n] " if readInput(msg, default="Y") not in ("n", "N"): raise SqlmapSilentQuitException else: kb.ignoreNotFound = True else: raise return True
def do_GET(self): path, query = self.path.split('?', 1) if '?' in self.path else (self.path, "") code, content, params, cursor = httplib.OK, HTML_PREFIX, dict((match.group("parameter"), urllib.unquote(','.join(re.findall(r"(?:\A|[?&])%s=([^&]+)" % match.group("parameter"), query)))) for match in re.finditer(r"((\A|[?&])(?P<parameter>[\w\[\]]+)=)([^&]+)", query)), connection.cursor() try: if path == '/': if "id" in params: cursor.execute("SELECT id, username, name, surname FROM users WHERE id=" + params["id"]) content += "<div><span>Result(s):</span></div><table><thead><th>id</th><th>username</th><th>name</th><th>surname</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX) elif "v" in params: content += re.sub(r"(v<b>)[^<]+(</b>)", r"\g<1>%s\g<2>" % params["v"], HTML_POSTFIX) elif "object" in params: content = str(pickle.loads(params["object"])) elif "path" in params: content = (open(os.path.abspath(params["path"]), "rb") if not "://" in params["path"] else urllib.urlopen(params["path"])).read() elif "domain" in params: content = subprocess.check_output("nslookup " + params["domain"], shell=True, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) elif "xml" in params: content = lxml.etree.tostring(lxml.etree.parse(cStringIO.StringIO(params["xml"]), lxml.etree.XMLParser(no_network=False)), pretty_print=True) elif "name" in params: found = lxml.etree.parse(cStringIO.StringIO(USERS_XML)).xpath(".//user[name/text()='%s']" % params["name"]) content += "<b>Surname:</b> %s%s" % (found[-1].find("surname").text if found else "-", HTML_POSTFIX) elif "size" in params: start, _ = time.time(), "<br>".join("#" * int(params["size"]) for _ in range(int(params["size"]))) content += "<b>Time required</b> (to 'resize image' to %dx%d): %.6f seconds%s" % (int(params["size"]), int(params["size"]), time.time() - start, HTML_POSTFIX) elif "comment" in params or query == "comment=": if "comment" in params: cursor.execute("INSERT INTO comments VALUES(NULL, '%s', '%s')" % (params["comment"], time.ctime())) content += "Thank you for leaving the comment. Please click here <a href=\"/?comment=\">here</a> to see all comments%s" % HTML_POSTFIX else: cursor.execute("SELECT id, comment, time FROM comments") content += "<div><span>Comment(s):</span></div><table><thead><th>id</th><th>comment</th><th>time</th></thead>%s</table>%s" % ("".join("<tr>%s</tr>" % "".join("<td>%s</td>" % ("-" if _ is None else _) for _ in row) for row in cursor.fetchall()), HTML_POSTFIX) elif "include" in params: backup, sys.stdout, program, envs = sys.stdout, cStringIO.StringIO(), (open(params["include"], "rb") if not "://" in params["include"] else urllib.urlopen(params["include"])).read(), {"DOCUMENT_ROOT": os.getcwd(), "HTTP_USER_AGENT": self.headers.get("User-Agent"), "REMOTE_ADDR": self.client_address[0], "REMOTE_PORT": self.client_address[1], "PATH": path, "QUERY_STRING": query} exec(program) in envs content += sys.stdout.getvalue() sys.stdout = backup elif "redir" in params: content = content.replace("<head>", "<head><meta http-equiv=\"refresh\" content=\"0; url=%s\"/>" % params["redir"]) if HTML_PREFIX in content and HTML_POSTFIX not in content: content += "<div><span>Attacks:</span></div>\n<ul>%s\n</ul>\n" % ("".join("\n<li%s>%s - <a href=\"%s\">vulnerable</a>|<a href=\"%s\">exploit</a>|<a href=\"%s\" target=\"_blank\">info</a></li>" % (" class=\"disabled\" title=\"module 'python-lxml' not installed\"" if ("lxml.etree" not in sys.modules and any(_ in case[0].upper() for _ in ("XML", "XPATH"))) else "", case[0], case[1], case[2], case[3]) for case in CASES)).replace("<a href=\"None\">vulnerable</a>|", "<b>-</b>|") elif path == "/users.json": content = "%s%s%s" % ("" if not "callback" in params else "%s(" % params["callback"], json.dumps(dict((_.findtext("username"), _.findtext("surname")) for _ in xml.etree.ElementTree.fromstring(USERS_XML).findall("user"))), "" if not "callback" in params else ")") elif path == "/login": cursor.execute("SELECT * FROM users WHERE username='" + re.sub(r"[^\w]", "", params.get("username", "")) + "' AND password='" + params.get("password", "") + "'") content += "Welcome <b>%s</b><meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=%s; path=/\"><meta http-equiv=\"refresh\" content=\"1; url=/\"/>" % (re.sub(r"[^\w]", "", params.get("username", "")), "".join(random.sample(string.letters + string.digits, 20))) if cursor.fetchall() else "The username and/or password is incorrect<meta http-equiv=\"Set-Cookie\" content=\"SESSIONID=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT\">" else: code = httplib.NOT_FOUND except Exception, ex: content = ex.output if isinstance(ex, subprocess.CalledProcessError) else traceback.format_exc() code = httplib.INTERNAL_SERVER_ERROR finally: self.send_response(code) self.send_header("Connection", "close") self.send_header("X-XSS-Protection", "0") self.send_header("Content-Type", "%s%s" % ("text/html" if content.startswith("<!DOCTYPE html>") else "text/plain", "; charset=%s" % params.get("charset", "utf8"))) self.end_headers() self.wfile.write("%s%s" % (content, HTML_POSTFIX if HTML_PREFIX in content and GITHUB not in content else "")) self.wfile.flush() self.wfile.close()
