py_tasks_melange: comparison thirdparty/google_appengine/google/appengine/tools/dev

equal deleted inserted replaced

-:a440ced9a75f
+:df109be0567c
 import errno
 import httplib
 import imp
 import inspect
 import itertools
+import locale
 import logging
 import mimetools
 import mimetypes
 import os
 import pickle
 ('.csv', 'text/comma-separated-values'),
 ('.rss', 'application/rss+xml'),
 ('.text', 'text/plain'),
 ('.wbmp', 'image/vnd.wap.wbmp')):
 mimetypes.add_type(mime_type, ext)
+MAX_RUNTIME_RESPONSE_SIZE = 1 << 20
+MAX_REQUEST_SIZE = 10 * 1024 * 1024
 class Error(Exception):
 """Base-class for exceptions in this module."""
 def FakeUname():
 """Fake version of os.uname."""
 return ('Linux', '', '', '', '')
+def FakeSetLocale(category, value=None, original_setlocale=locale.setlocale):
+"""Fake version of locale.setlocale that only supports the default."""
+if value not in (None, '', 'C', 'POSIX'):
+raise locale.Error, 'locale emulation only supports "C" locale'
+return original_setlocale(category, 'C')
 def IsPathInSubdirectories(filename,
 subdirectories,
 normcase=os.path.normcase):
 """Determines if a filename is contained within one of a set of directories.
 ALLOWED_FILES = set(os.path.normcase(filename)
 for filename in mimetypes.knownfiles
 if os.path.isfile(filename))
 ALLOWED_DIRS = set([
-os.path.normcase(os.path.realpath(os.path.dirname(os.__file__)))
+os.path.normcase(os.path.realpath(os.path.dirname(os.__file__))),
+os.path.normcase(os.path.abspath(os.path.dirname(os.__file__))),
 ])
 NOT_ALLOWED_DIRS = set([
 hardened environment.
 Args:
 root_path: Path to the root of the application.
 """
-FakeFile._application_paths = set(os.path.abspath(path)
+FakeFile._application_paths = (set(os.path.realpath(path)
-for path in application_paths)
+for path in application_paths) |
+set(os.path.abspath(path)
+for path in application_paths))
 @staticmethod
 def IsFileAccessible(filename, normcase=os.path.normcase):
 """Determines if a file's path is accessible.
 normcase=normcase)):
 return True
 return False
-def __init__(self, filename, mode='r', **kwargs):
+def __init__(self, filename, mode='r', bufsize=-1, **kwargs):
 """Initializer. See file built-in documentation."""
 if mode not in FakeFile.ALLOWED_MODES:
 raise IOError('invalid mode: %s' % mode)
 if not FakeFile.IsFileAccessible(filename):
 raise IOError(errno.EACCES, 'file not accessible')
-super(FakeFile, self).__init__(filename, mode, **kwargs)
+super(FakeFile, self).__init__(filename, mode, bufsize, **kwargs)
 class RestrictedPathFunction(object):
 """Enforces access restrictions for functions that have a file or
 directory path as their first argument."""
 'socket',
 'tempfile',
 ]
 _MODULE_OVERRIDES = {
+'locale': {
+'setlocale': FakeSetLocale,
+},
 'os': {
 'listdir': RestrictedPathFunction(os.listdir),
-'lstat': RestrictedPathFunction(os.lstat),
+'lstat': RestrictedPathFunction(os.stat),
 'stat': RestrictedPathFunction(os.stat),
 'uname': FakeUname,
 'urandom': FakeURandom,
 },
 depth_count = module_fullname.count('.')
 if cgi_path.endswith('__init__.py') or not cgi_path.endswith('.py'):
 depth_count += 1
 for index in xrange(depth_count):
-current_init_file = os.path.join(module_base, '__init__.py')
+current_init_file = os.path.abspath(
+os.path.join(module_base, '__init__.py'))
 if not isfile(current_init_file):
 missing_init_files.append(current_init_file)
 module_base = os.path.abspath(os.path.join(module_base, os.pardir))
 if require_indexes:
 dev_appserver_index.SetupIndexes(config.application, root_path)
 infile = cStringIO.StringIO(self.rfile.read(
 int(self.headers.get('content-length', 0))))
+request_size = len(infile.getvalue())
+if request_size > MAX_REQUEST_SIZE:
+msg = ('HTTP request was too large: %d.  The limit is: %d.'
+% (request_size, MAX_REQUEST_SIZE))
+logging.error(msg)
+self.send_response(httplib.REQUEST_ENTITY_TOO_LARGE, msg)
+return
 outfile = cStringIO.StringIO()
 try:
 dispatcher.Dispatch(self.path,
 None,
 self.headers,
 finally:
 self.module_manager.UpdateModuleFileModificationTimes()
 outfile.flush()
 outfile.seek(0)
 status_code, status_message, header_data, body = RewriteResponse(outfile)
+runtime_response_size = len(outfile.getvalue())
+if runtime_response_size > MAX_RUNTIME_RESPONSE_SIZE:
+status_code = 403
+status_message = 'Forbidden'
+new_headers = []
+for header in header_data.split('\n'):
+if not header.lower().startswith('content-length'):
+new_headers.append(header)
+header_data = '\n'.join(new_headers)
+body = ('HTTP response was too large: %d.  The limit is: %d.'
+% (runtime_response_size, MAX_RUNTIME_RESPONSE_SIZE))
 except yaml_errors.EventListenerError, e:
 title = 'Fatal error when loading application configuration'
 msg = '%s:\n%s' % (title, str(e))
 logging.error(msg)

changeset 686	df109be0567c
parent 297	35211afcd563
child 828	f5fd65cc3bf3