Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-02-01 07:49:10 +00:00
Code Issues Projects Releases Wiki Activity

Use configured size limit to keep previews in check.

Browse Source
This commit is contained in:
Aldo Cortesi 2012-07-23 15:38:06 +12:00
parent 5283bb2507
commit 3027aae142
3 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libpathod/app.py
View File

@ -62,7 +62,6 @@ def onelog(lid):
return render_template("onelog.html", section="log", alog=l, lid=lid) return render_template("onelog.html", section="log", alog=l, lid=lid)
SANITY = 1024*1024
@app.route('/preview') @app.route('/preview')
def preview(): def preview():
spec = request.args["spec"] spec = request.args["spec"]
@ -78,11 +77,8 @@ def preview():
args["syntaxerror"] = str(v) args["syntaxerror"] = str(v)
args["marked"] = v.marked() args["marked"] = v.marked()
return render_template("preview.html", **args) return render_template("preview.html", **args)
if r.length() > SANITY:
error = "Refusing to preview a response of %s bytes. This is for your own good."%r.length() s = cStringIO.StringIO()
args["error"] = error r.serve(s, check=app.config["pathod"].check_size)
else: args["output"] = s.getvalue()
s = cStringIO.StringIO()
r.serve(s)
args["output"] = s.getvalue()
return render_template("preview.html", **args) return render_template("preview.html", **args)

15
libpathod/pathod.py
View File

@ -83,7 +83,7 @@ class PathodHandler(tcp.BaseHandler):
httpversion = httpversion, httpversion = httpversion,
) )
if crafted: if crafted:
response_log = crafted.serve(self.wfile, self.check_size) response_log = crafted.serve(self.wfile, self.server.check_size)
self.server.add_log( self.server.add_log(
dict( dict(
type = "crafted", type = "crafted",
@ -107,11 +107,6 @@ class PathodHandler(tcp.BaseHandler):
self.debug("%s %s"%(method, path)) self.debug("%s %s"%(method, path))
return True return True
def check_size(self, req, actions):
if self.server.sizelimit and req.effective_length(actions) > self.server.sizelimit:
return "Response too large."
return False
def handle(self): def handle(self):
if self.server.ssloptions: if self.server.ssloptions:
try: try:
@ -179,6 +174,14 @@ class Pathod(tcp.TCPServer):
raise PathodError("Invalid page spec in anchor: '%s', %s"%(i[1], str(v))) raise PathodError("Invalid page spec in anchor: '%s', %s"%(i[1], str(v)))
self.anchors.append((arex, aresp)) self.anchors.append((arex, aresp))
def check_size(self, req, actions):
"""
A policy check that verifies the request size is withing limits.
"""
if self.sizelimit and req.effective_length(actions) > self.sizelimit:
return "Response too large."
return False
@property @property
def request_settings(self): def request_settings(self):
return dict( return dict(

2
libpathod/rparse.py
View File

@ -708,7 +708,7 @@ class PathodErrorResponse(Response):
Response.__init__(self) Response.__init__(self)
self.code = 800 self.code = 800
self.msg = LiteralGenerator(msg) self.msg = LiteralGenerator(msg)
self.body = LiteralGenerator(body or msg) self.body = LiteralGenerator("pathod error: " + (body or msg))
self.headers = [ self.headers = [
( (
LiteralGenerator("Content-Type"), LiteralGenerator("Content-Type"),