mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-30 03:14:22 +00:00
Allow execution of specs from file, using +./path
This commit is contained in:
parent
33208b8720
commit
1b03fd6780
@ -1,4 +1,4 @@
|
|||||||
import sys
|
import sys, os
|
||||||
from netlib import tcp, http
|
from netlib import tcp, http
|
||||||
import rparse
|
import rparse
|
||||||
|
|
||||||
@ -18,14 +18,19 @@ def print_full(fp, httpversion, code, msg, headers, content):
|
|||||||
class Pathoc(tcp.TCPClient):
|
class Pathoc(tcp.TCPClient):
|
||||||
def __init__(self, host, port):
|
def __init__(self, host, port):
|
||||||
tcp.TCPClient.__init__(self, host, port)
|
tcp.TCPClient.__init__(self, host, port)
|
||||||
|
self.settings = dict(
|
||||||
|
staticdir = os.getcwd(),
|
||||||
|
unconstrained_file_access = True
|
||||||
|
)
|
||||||
|
|
||||||
def request(self, spec):
|
def request(self, spec):
|
||||||
"""
|
"""
|
||||||
Return an (httpversion, code, msg, headers, content) tuple.
|
Return an (httpversion, code, msg, headers, content) tuple.
|
||||||
|
|
||||||
May raise rparse.ParseException and netlib.http.HttpError.
|
May raise rparse.ParseException, netlib.http.HttpError or
|
||||||
|
rparse.FileAccessDenied.
|
||||||
"""
|
"""
|
||||||
r = rparse.parse_request({}, spec)
|
r = rparse.parse_request(self.settings, spec)
|
||||||
ret = r.serve(self.wfile)
|
ret = r.serve(self.wfile)
|
||||||
self.wfile.flush()
|
self.wfile.flush()
|
||||||
return http.read_response(self.rfile, r.method, None)
|
return http.read_response(self.rfile, r.method, None)
|
||||||
@ -37,7 +42,7 @@ class Pathoc(tcp.TCPClient):
|
|||||||
"""
|
"""
|
||||||
for i in reqs:
|
for i in reqs:
|
||||||
try:
|
try:
|
||||||
r = rparse.parse_request({}, i)
|
r = rparse.parse_request(self.settings, i)
|
||||||
req = r.serve(self.wfile)
|
req = r.serve(self.wfile)
|
||||||
if reqdump:
|
if reqdump:
|
||||||
print >> fp, "\n>>", req["method"], repr(req["path"])
|
print >> fp, "\n>>", req["method"], repr(req["path"])
|
||||||
@ -52,6 +57,9 @@ class Pathoc(tcp.TCPClient):
|
|||||||
print >> fp, "Error parsing request spec: %s"%v.msg
|
print >> fp, "Error parsing request spec: %s"%v.msg
|
||||||
print >> fp, v.marked()
|
print >> fp, v.marked()
|
||||||
return
|
return
|
||||||
|
except rparse.FileAccessDenied, v:
|
||||||
|
print >> fp, "File access error: %s"%v
|
||||||
|
return
|
||||||
except http.HttpError, v:
|
except http.HttpError, v:
|
||||||
print >> fp, "<<", v.msg
|
print >> fp, "<<", v.msg
|
||||||
return
|
return
|
||||||
|
@ -71,6 +71,11 @@ class PathodHandler(tcp.BaseHandler):
|
|||||||
800,
|
800,
|
||||||
"Error parsing response spec: %s\n"%v.msg + v.marked()
|
"Error parsing response spec: %s\n"%v.msg + v.marked()
|
||||||
)
|
)
|
||||||
|
except rparse.FileAccessDenied:
|
||||||
|
crafted = rparse.InternalResponse(
|
||||||
|
800,
|
||||||
|
"Access Denied"
|
||||||
|
)
|
||||||
|
|
||||||
request_log = dict(
|
request_log = dict(
|
||||||
path = path,
|
path = path,
|
||||||
|
@ -6,6 +6,8 @@ import utils
|
|||||||
BLOCKSIZE = 1024
|
BLOCKSIZE = 1024
|
||||||
TRUNCATE = 1024
|
TRUNCATE = 1024
|
||||||
|
|
||||||
|
class FileAccessDenied(Exception): pass
|
||||||
|
|
||||||
class ParseException(Exception):
|
class ParseException(Exception):
|
||||||
def __init__(self, msg, s, col):
|
def __init__(self, msg, s, col):
|
||||||
Exception.__init__(self)
|
Exception.__init__(self)
|
||||||
@ -675,7 +677,29 @@ class InternalResponse(Response):
|
|||||||
return d
|
return d
|
||||||
|
|
||||||
|
|
||||||
|
FILESTART = "+"
|
||||||
|
def read_file(settings, s):
|
||||||
|
uf = settings.get("unconstrained_file_access")
|
||||||
|
sd = settings.get("staticdir")
|
||||||
|
if not sd:
|
||||||
|
raise FileAccessDenied("File access disabled.")
|
||||||
|
sd = os.path.normpath(os.path.abspath(sd))
|
||||||
|
s = s[1:]
|
||||||
|
s = os.path.expanduser(s)
|
||||||
|
s = os.path.normpath(os.path.abspath(os.path.join(sd, s)))
|
||||||
|
if not uf and not s.startswith(sd):
|
||||||
|
raise FileAccessDenied("File access outside of configured directory")
|
||||||
|
if not os.path.isfile(s):
|
||||||
|
raise FileAccessDenied("File not readable")
|
||||||
|
return file(s, "r").read()
|
||||||
|
|
||||||
|
|
||||||
def parse_response(settings, s):
|
def parse_response(settings, s):
|
||||||
|
"""
|
||||||
|
May raise ParseException or FileAccessDenied
|
||||||
|
"""
|
||||||
|
if s.startswith(FILESTART):
|
||||||
|
s = read_file(settings, s)
|
||||||
try:
|
try:
|
||||||
return CraftedResponse(settings, s, Response.expr().parseString(s, parseAll=True))
|
return CraftedResponse(settings, s, Response.expr().parseString(s, parseAll=True))
|
||||||
except pp.ParseException, v:
|
except pp.ParseException, v:
|
||||||
@ -683,6 +707,11 @@ def parse_response(settings, s):
|
|||||||
|
|
||||||
|
|
||||||
def parse_request(settings, s):
|
def parse_request(settings, s):
|
||||||
|
"""
|
||||||
|
May raise ParseException or FileAccessDenied
|
||||||
|
"""
|
||||||
|
if s.startswith(FILESTART):
|
||||||
|
s = read_file(settings, s)
|
||||||
try:
|
try:
|
||||||
return CraftedRequest(settings, s, Request.expr().parseString(s, parseAll=True))
|
return CraftedRequest(settings, s, Request.expr().parseString(s, parseAll=True))
|
||||||
except pp.ParseException, v:
|
except pp.ParseException, v:
|
||||||
|
@ -109,7 +109,7 @@
|
|||||||
<h1>Executing specs from file</h1>
|
<h1>Executing specs from file</h1>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<pre class="example">=./path/to/spec</pre>
|
<pre class="example">+./path/to/spec</pre>
|
||||||
|
|
||||||
|
|
||||||
<div class="page-header">
|
<div class="page-header">
|
||||||
|
1
test/data/request
Normal file
1
test/data/request
Normal file
@ -0,0 +1 @@
|
|||||||
|
get:/foo
|
1
test/data/response
Normal file
1
test/data/response
Normal file
@ -0,0 +1 @@
|
|||||||
|
202
|
@ -41,3 +41,8 @@ class TestDaemon:
|
|||||||
|
|
||||||
def test_conn_err(self):
|
def test_conn_err(self):
|
||||||
assert "Invalid server response" in self.tval(["get:'/p/200:d2'"])
|
assert "Invalid server response" in self.tval(["get:'/p/200:d2'"])
|
||||||
|
|
||||||
|
def test_fileread(self):
|
||||||
|
d = tutils.test_data.path("data/request")
|
||||||
|
assert "foo" in self.tval(["+%s"%d])
|
||||||
|
assert "File" in self.tval(["+/nonexistent"])
|
||||||
|
@ -121,6 +121,10 @@ class _DaemonTests:
|
|||||||
assert l["type"] == "error"
|
assert l["type"] == "error"
|
||||||
assert "Invalid" in l["msg"]
|
assert "Invalid" in l["msg"]
|
||||||
|
|
||||||
|
def test_access_denied(self):
|
||||||
|
rsp = self.get("=nonexistent")
|
||||||
|
assert rsp.status_code == 800
|
||||||
|
|
||||||
|
|
||||||
class TestDaemon(_DaemonTests):
|
class TestDaemon(_DaemonTests):
|
||||||
SSL = False
|
SSL = False
|
||||||
|
@ -229,6 +229,12 @@ class TestPauses:
|
|||||||
|
|
||||||
|
|
||||||
class TestParseRequest:
|
class TestParseRequest:
|
||||||
|
def test_file(self):
|
||||||
|
p = tutils.test_data.path("data")
|
||||||
|
d = dict(staticdir=p)
|
||||||
|
r = rparse.parse_request(d, "+request")
|
||||||
|
assert r.path == "/foo"
|
||||||
|
|
||||||
def test_err(self):
|
def test_err(self):
|
||||||
tutils.raises(rparse.ParseException, rparse.parse_request, {}, 'GET')
|
tutils.raises(rparse.ParseException, rparse.parse_request, {}, 'GET')
|
||||||
|
|
||||||
@ -394,6 +400,12 @@ class TestResponse:
|
|||||||
def dummy_response(self):
|
def dummy_response(self):
|
||||||
return rparse.parse_response({}, "400'msg'")
|
return rparse.parse_response({}, "400'msg'")
|
||||||
|
|
||||||
|
def test_file(self):
|
||||||
|
p = tutils.test_data.path("data")
|
||||||
|
d = dict(staticdir=p)
|
||||||
|
r = rparse.parse_response(d, "+response")
|
||||||
|
assert r.code == 202
|
||||||
|
|
||||||
def test_response(self):
|
def test_response(self):
|
||||||
r = rparse.parse_response({}, "400'msg'")
|
r = rparse.parse_response({}, "400'msg'")
|
||||||
assert r.code == 400
|
assert r.code == 400
|
||||||
@ -417,3 +429,18 @@ class TestResponse:
|
|||||||
testlen(rparse.parse_response({}, "400'msg'"))
|
testlen(rparse.parse_response({}, "400'msg'"))
|
||||||
testlen(rparse.parse_response({}, "400'msg':h'foo'='bar'"))
|
testlen(rparse.parse_response({}, "400'msg':h'foo'='bar'"))
|
||||||
testlen(rparse.parse_response({}, "400'msg':h'foo'='bar':b@100b"))
|
testlen(rparse.parse_response({}, "400'msg':h'foo'='bar':b@100b"))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def test_read_file():
|
||||||
|
tutils.raises(rparse.FileAccessDenied, rparse.read_file, {}, "=/foo")
|
||||||
|
p = tutils.test_data.path("data")
|
||||||
|
d = dict(staticdir=p)
|
||||||
|
assert rparse.read_file(d, "+./file").strip() == "testfile"
|
||||||
|
assert rparse.read_file(d, "+file").strip() == "testfile"
|
||||||
|
tutils.raises(rparse.FileAccessDenied, rparse.read_file, d, "+./nonexistent")
|
||||||
|
tutils.raises(rparse.FileAccessDenied, rparse.read_file, d, "+/nonexistent")
|
||||||
|
|
||||||
|
tutils.raises(rparse.FileAccessDenied, rparse.read_file, d, "+../test_rparse.py")
|
||||||
|
d["unconstrained_file_access"] = True
|
||||||
|
assert rparse.read_file(d, "+../test_rparse.py")
|
||||||
|
Loading…
Reference in New Issue
Block a user