mitmproxy/libpathod/pathod.py

import urllib, threading, re, logging, socket, sys
from netlib import tcp, http, odict, wsgi
import version, app, rparse


class PathodError(Exception): pass


class PathodHandler(tcp.BaseHandler):
    wbufsize = 0
    sni = None
    def debug(self, s):
        logging.debug("%s:%s: %s"%(self.client_address[0], self.client_address[1], str(s)))

    def info(self, s):
        logging.info("%s:%s: %s"%(self.client_address[0], self.client_address[1], str(s)))

    def handle_sni(self, connection):
        self.sni = connection.get_servername()

    def handle_request(self):
        """
            Returns True if handling should continue.
        """
        line = self.rfile.readline()
        if line == "\r\n" or line == "\n": # Possible leftover from previous message
            line = self.rfile.readline()
        if line == "":
            return

        parts = http.parse_init_http(line)
        if not parts:
            s = "Invalid first line: %s"%repr(line)
            self.info(s)
            self.server.add_log(
                dict(
                    type = "error",
                    msg = s
                )
            )
            return
        method, path, httpversion = parts

        headers = http.read_headers(self.rfile)
        try:
            content = http.read_http_body_request(
                        self.rfile, self.wfile, headers, httpversion, None
                    )
        except http.HttpError, s:
            s = str(s)
            self.info(s)
            self.server.add_log(
                dict(
                    type = "error",
                    msg = s
                )
            )
            return

        crafted = None
        for i in self.server.anchors:
            if i[0].match(path):
                crafted = i[1]

        if not crafted and path.startswith(self.server.prefix):
            spec = urllib.unquote(path)[len(self.server.prefix):]
            try:
                crafted = rparse.parse_response(self.server.request_settings, spec)
            except rparse.ParseException, v:
                crafted = rparse.PathodErrorResponse(
                    "Parse Error",
                    "Error parsing response spec: %s\n"%v.msg + v.marked()
                )
            except rparse.FileAccessDenied:
                crafted = rparse.PathodErrorResponse("Access Denied")

        request_log = dict(
            path = path,
            method = method,
            headers = headers.lst,
            sni = self.sni,
            remote_address = self.client_address,
            httpversion = httpversion,
        )
        if crafted:
            response_log = crafted.serve(self.wfile, self.server.check_size)
            self.server.add_log(
                dict(
                    type = "crafted",
                    request=request_log,
                    response=response_log
                )
            )
            if response_log["disconnect"]:
                return False
            return True

        if self.server.noweb:
            crafted = rparse.PathodErrorResponse("Access Denied")
            crafted.serve(self.wfile, self.server.check_size)
            return False
        else:
            cc = wsgi.ClientConn(self.client_address)
            req = wsgi.Request(cc, "http", method, path, headers, content)
            sn = self.connection.getsockname()
            app = wsgi.WSGIAdaptor(
                self.server.app,
                sn[0],
                self.server.port,
                version.NAMEVERSION
            )
            app.serve(req, self.wfile)
            self.debug("%s %s"%(method, path))
            return True

    def handle(self):
        if self.server.ssloptions:
            try:
                self.convert_to_ssl(
                    self.server.ssloptions["certfile"],
                    self.server.ssloptions["keyfile"],
                )
            except tcp.NetLibError, v:
                s = str(v)
                self.server.add_log(
                    dict(
                        type = "error",
                        msg = s
                    )
                )
                self.info(s)
                return

        while not self.finished:
            try:
                if not self.handle_request():
                    return
            except tcp.NetLibDisconnect: # pragma: no cover
                self.info("Disconnect")
                self.server.add_log(
                    dict(
                        type = "error",
                        msg = "Disconnect"
                    )
                )
                return


class Pathod(tcp.TCPServer):
    LOGBUF = 500
    def __init__(   self,
                    addr, ssloptions=None, prefix="/p/", staticdir=None, anchors=None,
                    sizelimit=None, noweb=False
                ):
        """
            addr: (address, port) tuple. If port is 0, a free port will be
            automatically chosen.
            ssloptions: a dictionary containing certfile and keyfile specifications.
            prefix: string specifying the prefix at which to anchor response generation.
            staticdir: path to a directory of static resources, or None.
            anchors: A list of (regex, spec) tuples, or None.
            sizelimit: Limit size of served data.
        """
        tcp.TCPServer.__init__(self, addr)
        self.ssloptions = ssloptions
        self.staticdir = staticdir
        self.prefix = prefix
        self.sizelimit = sizelimit
        self.app = app.app
        self.noweb = noweb
        self.app.config["pathod"] = self
        self.log = []
        self.logid = 0
        self.anchors = []
        if anchors:
            for i in anchors:
                try:
                    arex = re.compile(i[0])
                except re.error:
                    raise PathodError("Invalid regex in anchor: %s"%i[0])
                try:
                    aresp = rparse.parse_response(self.request_settings, i[1])
                except rparse.ParseException, v:
                    raise PathodError("Invalid page spec in anchor: '%s', %s"%(i[1], str(v)))
                self.anchors.append((arex, aresp))

    def check_size(self, req, actions):
        """
            A policy check that verifies the request size is withing limits.
        """
        if self.sizelimit and req.effective_length(actions) > self.sizelimit:
            return "Response too large."
        return False

    @property
    def request_settings(self):
        return dict(
            staticdir = self.staticdir
        )

    def handle_connection(self, request, client_address):
        h = PathodHandler(request, client_address, self)
        h.handle()
        h.finish()

    def add_log(self, d):
        lock = threading.Lock()
        with lock:
            d["id"] = self.logid
            self.log.insert(0, d)
            if len(self.log) > self.LOGBUF:
                self.log.pop()
            self.logid += 1
        return d["id"]

    def clear_log(self):
        lock = threading.Lock()
        with lock:
            self.log = []

    def log_by_id(self, id):
        for i in self.log:
            if i["id"] == id:
                return i

    def get_log(self):
        return self.log
Catch errors that may happen on interpreter shutdown. 2012-06-27 04:15:22 +00:00			`import urllib, threading, re, logging, socket, sys`
Bump version, adapt for API canges in netlib. 2012-06-23 02:06:54 +00:00			`from netlib import tcp, http, odict, wsgi`
Basic response generation. 2012-06-19 22:51:37 +00:00			`import version, app, rparse`
Start porting web app to Flask. 2012-06-19 04:57:57 +00:00
Logging truss for pathod. 2012-06-24 09:40:31 +00:00
Enable anchors on command line. 2012-06-24 04:38:32 +00:00			`class PathodError(Exception): pass`

Refactor application definitions and startup. Also, create one of the dodgiest web testing trusses in history. Tornado just seems to have no nice way of doing this. 2012-04-28 22:56:33 +00:00
Porting to netlib proceeds apace. 2012-06-19 01:23:07 +00:00			`class PathodHandler(tcp.BaseHandler):`
Fixed the WSGI server hang in netlib, remove fudge. 2012-06-26 02:49:40 +00:00			`wbufsize = 0`
Port pathoc to new netlib API. Add SNI. 2012-06-25 22:15:11 +00:00			`sni = None`
Allow naked value literal for pathoc path specifications. 2012-06-26 03:36:59 +00:00			`def debug(self, s):`
			`logging.debug("%s:%s: %s"%(self.client_address[0], self.client_address[1], str(s)))`

Handle invalid first line errors, add an error log buffer type. 2012-07-19 23:40:37 +00:00			`def info(self, s):`
			`logging.info("%s:%s: %s"%(self.client_address[0], self.client_address[1], str(s)))`

Port pathoc to new netlib API. Add SNI. 2012-06-25 22:15:11 +00:00			`def handle_sni(self, connection):`
			`self.sni = connection.get_servername()`

More robust response handling. 2012-07-21 08:50:41 +00:00			`def handle_request(self):`
			`"""`
			`Returns True if handling should continue.`
			`"""`
			`line = self.rfile.readline()`
			`if line == "\r\n" or line == "\n": # Possible leftover from previous message`
			`line = self.rfile.readline()`
			`if line == "":`
			`return`

			`parts = http.parse_init_http(line)`
			`if not parts:`
Escape special characters in first line error log. 2012-07-22 00:40:27 +00:00			`s = "Invalid first line: %s"%repr(line)`
More robust response handling. 2012-07-21 08:50:41 +00:00			`self.info(s)`
			`self.server.add_log(`
			`dict(`
			`type = "error",`
			`msg = s`
			`)`
			`)`
			`return`
			`method, path, httpversion = parts`

			`headers = http.read_headers(self.rfile)`
Handle invalid content length headers. 2012-07-22 00:30:10 +00:00			`try:`
			`content = http.read_http_body_request(`
			`self.rfile, self.wfile, headers, httpversion, None`
			`)`
			`except http.HttpError, s:`
			`s = str(s)`
			`self.info(s)`
			`self.server.add_log(`
			`dict(`
			`type = "error",`
			`msg = s`
More robust response handling. 2012-07-21 08:50:41 +00:00			`)`
Handle invalid content length headers. 2012-07-22 00:30:10 +00:00			`)`
			`return`
More robust response handling. 2012-07-21 08:50:41 +00:00
			`crafted = None`
			`for i in self.server.anchors:`
			`if i[0].match(path):`
			`crafted = i[1]`

			`if not crafted and path.startswith(self.server.prefix):`
			`spec = urllib.unquote(path)[len(self.server.prefix):]`
			`try:`
			`crafted = rparse.parse_response(self.server.request_settings, spec)`
			`except rparse.ParseException, v:`
Refactor rparse.InternalResponse -> rparse.PathodErrorResponse 2012-07-23 03:11:40 +00:00			`crafted = rparse.PathodErrorResponse(`
			`"Parse Error",`
More robust response handling. 2012-07-21 08:50:41 +00:00			`"Error parsing response spec: %s\n"%v.msg + v.marked()`
			`)`
Allow execution of specs from file, using +./path 2012-07-22 11:37:46 +00:00			`except rparse.FileAccessDenied:`
Refactor rparse.InternalResponse -> rparse.PathodErrorResponse 2012-07-23 03:11:40 +00:00			`crafted = rparse.PathodErrorResponse("Access Denied")`
More robust response handling. 2012-07-21 08:50:41 +00:00
			`request_log = dict(`
			`path = path,`
			`method = method,`
			`headers = headers.lst,`
			`sni = self.sni,`
			`remote_address = self.client_address,`
			`httpversion = httpversion,`
			`)`
			`if crafted:`
Use configured size limit to keep previews in check. 2012-07-23 03:38:06 +00:00			`response_log = crafted.serve(self.wfile, self.server.check_size)`
More robust response handling. 2012-07-21 08:50:41 +00:00			`self.server.add_log(`
			`dict(`
			`type = "crafted",`
			`request=request_log,`
			`response=response_log`
			`)`
			`)`
Use policy hook to apply a size limit in pathod, add corresponding cmdline arg. 2012-07-23 03:03:56 +00:00			`if response_log["disconnect"]:`
Add a --noweb option to turn web iface off, refactor unit tests. 2012-07-23 07:55:33 +00:00			`return False`
			`return True`

			`if self.server.noweb:`
			`crafted = rparse.PathodErrorResponse("Access Denied")`
			`crafted.serve(self.wfile, self.server.check_size)`
			`return False`
More robust response handling. 2012-07-21 08:50:41 +00:00			`else:`
			`cc = wsgi.ClientConn(self.client_address)`
			`req = wsgi.Request(cc, "http", method, path, headers, content)`
			`sn = self.connection.getsockname()`
			`app = wsgi.WSGIAdaptor(`
			`self.server.app,`
			`sn[0],`
			`self.server.port,`
			`version.NAMEVERSION`
			`)`
			`app.serve(req, self.wfile)`
			`self.debug("%s %s"%(method, path))`
Add a --noweb option to turn web iface off, refactor unit tests. 2012-07-23 07:55:33 +00:00			`return True`
More robust response handling. 2012-07-21 08:50:41 +00:00
Start refactoring towards netlib, adding SNI and client testing. 2012-06-16 19:57:24 +00:00			`def handle(self):`
Re-enable SSL service. 2012-06-19 22:59:38 +00:00			`if self.server.ssloptions:`
Catch and log SSL connection errors. Improve log format. 2012-06-25 23:03:35 +00:00			`try:`
			`self.convert_to_ssl(`
			`self.server.ssloptions["certfile"],`
			`self.server.ssloptions["keyfile"],`
			`)`
			`except tcp.NetLibError, v:`
Extend test suite to cover SSL. Log SSL connection errors. 2012-07-20 01:21:33 +00:00			`s = str(v)`
			`self.server.add_log(`
			`dict(`
			`type = "error",`
			`msg = s`
			`)`
			`)`
			`self.info(s)`
More robust response handling. 2012-07-21 08:50:41 +00:00			`return`
Re-enable SSL service. 2012-06-19 22:59:38 +00:00
Handle client close more gracefully. 2012-06-24 23:34:29 +00:00			`while not self.finished:`
More robust response handling. 2012-07-21 08:50:41 +00:00			`try:`
			`if not self.handle_request():`
			`return`
pathod.py unit tests++ 2012-07-23 05:53:17 +00:00			`except tcp.NetLibDisconnect: # pragma: no cover`
More robust response handling. 2012-07-21 08:50:41 +00:00			`self.info("Disconnect")`
Handle invalid first line errors, add an error log buffer type. 2012-07-19 23:40:37 +00:00			`self.server.add_log(`
			`dict(`
			`type = "error",`
More robust response handling. 2012-07-21 08:50:41 +00:00			`msg = "Disconnect"`
Handle invalid first line errors, add an error log buffer type. 2012-07-19 23:40:37 +00:00			`)`
			`)`
More robust response handling. 2012-07-21 08:50:41 +00:00			`return`
Start porting web app to Flask. 2012-06-19 04:57:57 +00:00
Refactor application definitions and startup. Also, create one of the dodgiest web testing trusses in history. Tornado just seems to have no nice way of doing this. 2012-04-28 22:56:33 +00:00
Porting to netlib proceeds apace. 2012-06-19 01:23:07 +00:00			`class Pathod(tcp.TCPServer):`
Restore client argument parsing. Add thread-safe logging subsystem. 2012-06-21 02:29:49 +00:00			`LOGBUF = 500`
Add a --noweb option to turn web iface off, refactor unit tests. 2012-07-23 07:55:33 +00:00			`def __init__( self,`
			`addr, ssloptions=None, prefix="/p/", staticdir=None, anchors=None,`
			`sizelimit=None, noweb=False`
			`):`
Re-enable anchors. 2012-06-24 04:20:50 +00:00			`"""`
			`addr: (address, port) tuple. If port is 0, a free port will be`
			`automatically chosen.`
			`ssloptions: a dictionary containing certfile and keyfile specifications.`
Enable anchors on command line. 2012-06-24 04:38:32 +00:00			`prefix: string specifying the prefix at which to anchor response generation.`
Re-enable anchors. 2012-06-24 04:20:50 +00:00			`staticdir: path to a directory of static resources, or None.`
			`anchors: A list of (regex, spec) tuples, or None.`
Add hooks for policy checks of served data. 2012-07-23 02:37:00 +00:00			`sizelimit: Limit size of served data.`
Re-enable anchors. 2012-06-24 04:20:50 +00:00			`"""`
Porting to netlib proceeds apace. 2012-06-19 01:23:07 +00:00			`tcp.TCPServer.__init__(self, addr)`
Re-enable SSL service. 2012-06-19 22:59:38 +00:00			`self.ssloptions = ssloptions`
Fix disconnect, improve coverage, enable file value specifier. 2012-06-24 03:07:45 +00:00			`self.staticdir = staticdir`
Basic response generation. 2012-06-19 22:51:37 +00:00			`self.prefix = prefix`
Add hooks for policy checks of served data. 2012-07-23 02:37:00 +00:00			`self.sizelimit = sizelimit`
Start porting web app to Flask. 2012-06-19 04:57:57 +00:00			`self.app = app.app`
Add a --noweb option to turn web iface off, refactor unit tests. 2012-07-23 07:55:33 +00:00			`self.noweb = noweb`
Start porting web app to Flask. 2012-06-19 04:57:57 +00:00			`self.app.config["pathod"] = self`
Restore client argument parsing. Add thread-safe logging subsystem. 2012-06-21 02:29:49 +00:00			`self.log = []`
			`self.logid = 0`
Re-enable anchors. 2012-06-24 04:20:50 +00:00			`self.anchors = []`
			`if anchors:`
			`for i in anchors:`
Enable anchors on command line. 2012-06-24 04:38:32 +00:00			`try:`
			`arex = re.compile(i[0])`
			`except re.error:`
			`raise PathodError("Invalid regex in anchor: %s"%i[0])`
			`try:`
Refactor to extract ready_actions and write_values. 2012-06-24 05:01:04 +00:00			`aresp = rparse.parse_response(self.request_settings, i[1])`
Enable anchors on command line. 2012-06-24 04:38:32 +00:00			`except rparse.ParseException, v:`
			`raise PathodError("Invalid page spec in anchor: '%s', %s"%(i[1], str(v)))`
Re-enable anchors. 2012-06-24 04:20:50 +00:00			`self.anchors.append((arex, aresp))`
We can't sensibly unit test pages withhout firing up a server. We've just added functionality to do this ourselves, so rip out the old stuff. 2012-06-07 04:35:54 +00:00
Use configured size limit to keep previews in check. 2012-07-23 03:38:06 +00:00			`def check_size(self, req, actions):`
			`"""`
			`A policy check that verifies the request size is withing limits.`
			`"""`
			`if self.sizelimit and req.effective_length(actions) > self.sizelimit:`
			`return "Response too large."`
			`return False`

Finalize porting built-in web app to Flask. 2012-06-21 04:54:49 +00:00			`@property`
			`def request_settings(self):`
Fix disconnect, improve coverage, enable file value specifier. 2012-06-24 03:07:45 +00:00			`return dict(`
			`staticdir = self.staticdir`
			`)`
Finalize porting built-in web app to Flask. 2012-06-21 04:54:49 +00:00
Start refactoring towards netlib, adding SNI and client testing. 2012-06-16 19:57:24 +00:00			`def handle_connection(self, request, client_address):`
Move server to new explicit netlib API. 2012-06-24 23:22:44 +00:00			`h = PathodHandler(request, client_address, self)`
Handle invalid first line errors, add an error log buffer type. 2012-07-19 23:40:37 +00:00			`h.handle()`
Move server to new explicit netlib API. 2012-06-24 23:22:44 +00:00			`h.finish()`
Restore client argument parsing. Add thread-safe logging subsystem. 2012-06-21 02:29:49 +00:00
			`def add_log(self, d):`
			`lock = threading.Lock()`
			`with lock:`
			`d["id"] = self.logid`
			`self.log.insert(0, d)`
			`if len(self.log) > self.LOGBUF:`
			`self.log.pop()`
			`self.logid += 1`
			`return d["id"]`

			`def clear_log(self):`
			`lock = threading.Lock()`
			`with lock:`
			`self.log = []`

			`def log_by_id(self, id):`
			`for i in self.log:`
			`if i["id"] == id:`
			`return i`

			`def get_log(self):`
			`return self.log`