D2768: hgweb: use a capped reader for WSGI input stream
This revision was automatically updated to reflect the committed changes. Closed by commit rHG290fc4c3d1e0: hgweb: use a capped reader for WSGI input stream (authored by indygreg, committed by ). REPOSITORY rHG Mercurial CHANGES SINCE LAST UPDATE https://phab.mercurial-scm.org/D2768?vs=6830=6905 REVISION DETAIL https://phab.mercurial-scm.org/D2768 AFFECTED FILES mercurial/hgweb/request.py CHANGE DETAILS diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py --- a/mercurial/hgweb/request.py +++ b/mercurial/hgweb/request.py @@ -234,6 +234,14 @@ raise RuntimeError("Unknown and unsupported WSGI version %d.%d" % version) self.inp = wsgienv[r'wsgi.input'] + +if r'HTTP_CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'HTTP_CONTENT_LENGTH'])) +elif r'CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'CONTENT_LENGTH'])) + self.err = wsgienv[r'wsgi.errors'] self.threaded = wsgienv[r'wsgi.multithread'] self.multiprocess = wsgienv[r'wsgi.multiprocess'] To: indygreg, #hg-reviewers, durin42 Cc: mercurial-devel ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
D2768: hgweb: use a capped reader for WSGI input stream
indygreg updated this revision to Diff 6830. indygreg edited the summary of this revision. REPOSITORY rHG Mercurial CHANGES SINCE LAST UPDATE https://phab.mercurial-scm.org/D2768?vs=6812=6830 REVISION DETAIL https://phab.mercurial-scm.org/D2768 AFFECTED FILES mercurial/hgweb/request.py CHANGE DETAILS diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py --- a/mercurial/hgweb/request.py +++ b/mercurial/hgweb/request.py @@ -234,6 +234,14 @@ raise RuntimeError("Unknown and unsupported WSGI version %d.%d" % version) self.inp = wsgienv[r'wsgi.input'] + +if r'HTTP_CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'HTTP_CONTENT_LENGTH'])) +elif r'CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'CONTENT_LENGTH'])) + self.err = wsgienv[r'wsgi.errors'] self.threaded = wsgienv[r'wsgi.multithread'] self.multiprocess = wsgienv[r'wsgi.multiprocess'] To: indygreg, #hg-reviewers Cc: mercurial-devel ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
D2768: hgweb: use a capped reader for WSGI input stream
indygreg created this revision. Herald added a subscriber: mercurial-devel. Herald added a reviewer: hg-reviewers. REVISION SUMMARY Per PEP-, the input stream from WSGI should respect EOF and prevent reads past the end of the request body. However, not all WSGI servers guarantee this. Notably, our BaseHTTPServer based built-in HTTP server doesn't. Instead, it exposes the raw socket and you can read() from it all you want, getting the connection in a bad state by doing so. We have a "cappedreader" utility class that proxies a file object and prevents reading past a limit. This commit converts the WSGI input stream into a capped reader when the input length is advertised via Content-Length headers. "cappedreader" only exposes a read() method. PEP- states that the input stream MUST also support readline(), readlines(hint), and __iter__(). However, since our code only calls read and we're not implementing a spec conforming WSGI server (just a WSGI application at this point), we don't need to support these additional methods. So the limited functionality of "cappedreader" is sufficient for our WSGI application. REPOSITORY rHG Mercurial REVISION DETAIL https://phab.mercurial-scm.org/D2768 AFFECTED FILES mercurial/hgweb/request.py CHANGE DETAILS diff --git a/mercurial/hgweb/request.py b/mercurial/hgweb/request.py --- a/mercurial/hgweb/request.py +++ b/mercurial/hgweb/request.py @@ -234,6 +234,14 @@ raise RuntimeError("Unknown and unsupported WSGI version %d.%d" % version) self.inp = wsgienv[r'wsgi.input'] + +if r'HTTP_CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'HTTP_CONTENT_LENGTH'])) +elif r'CONTENT_LENGTH' in wsgienv: +self.inp = util.cappedreader(self.inp, + int(wsgienv[r'CONTENT_LENGTH'])) + self.err = wsgienv[r'wsgi.errors'] self.threaded = wsgienv[r'wsgi.multithread'] self.multiprocess = wsgienv[r'wsgi.multiprocess'] To: indygreg, #hg-reviewers Cc: mercurial-devel ___ Mercurial-devel mailing list Mercurial-devel@mercurial-scm.org https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel