def _match(self, path):
match = self._pattern.match(path)
if match is None:
return None
else:
return {key: unquote(value) for key, value in
match.groupdict().items()}
def modify_request(self, request):
"""
Apply common path conventions eg. / > /index.html, /foobar > /foobar.html
"""
filename = unquote(request.match_info['filename'])
raw_path = self._directory.joinpath(filename)
try:
filepath = raw_path.resolve()
if not filepath.exists():
# simulate strict=True for python 3.6 which is not permitted with 3.5
raise FileNotFoundError()
except FileNotFoundError:
try:
html_file = raw_path.with_name(raw_path.name +
'.html').resolve().relative_to(
self._directory)
except (FileNotFoundError, ValueError):
pass
else:
request.match_info['filename'] = str(html_file)
else:
if filepath.is_dir():
index_file = filepath / 'index.html'
if index_file.exists():
try:
request.match_info['filename'] = str(
index_file.relative_to(self._directory))
except ValueError:
# path is not not relative to self._directory
pass
def _match(self, path):
match = self._pattern.fullmatch(path)
if match is None:
return None
else:
return {key: unquote(value) for key, value in
match.groupdict().items()}
async def handle_event(self, request):
data = await request.read()
try:
data = json.loads(data.decode('utf-8'))
path = yarl.unquote(data['path'])
except (TypeError, ValueError, KeyError) as error:
self.logger.error('error parsing request: %s', data)
response_msg = self._make_response(msg=type(error).__name__)
else:
session = await self.session_manager.add_or_update_session(
data, self.redis_client)
self.logger.info('Requested path %s', path)
await self.dorks.extract_path(path, self.redis_client)
detection = await self.base_handler.handle(data, session)
session.set_attack_type(path, detection["name"])
response_msg = self._make_response(
msg=dict(detection=detection, sess_uuid=session.get_uuid()))
self.logger.info('TANNER response %s', response_msg)
session_data = data
session_data['response_msg'] = response_msg
# Log to Mongo
if TannerConfig.get('MONGO', 'enabled') == 'True':
db = mongo_report()
session_id = db.create_session(session_data)
self.logger.info(
"Writing session to DB: {}".format(session_id))
if TannerConfig.get('LOCALLOG', 'enabled') == 'True':
lr = local_report()
lr.create_session(session_data)
return web.json_response(response_msg)
async def _handle(self, request):
filename = unquote(request.match_info['filename'])
filepath = None
ret = None
for directory in self._directories:
try:
filepath = directory.joinpath(filename).resolve()
if not self._follow_symlinks:
filepath.relative_to(directory)
except (ValueError, FileNotFoundError) as error:
# relatively safe
pass
except Exception as error:
# perm error or other kind!
request.app.logger.exception(error)
if not filepath:
continue
# on opening a dir, load it's contents if allowed
if filepath.is_file():
ret = FileResponse(filepath, chunk_size=self._chunk_size)
if request.app['env'] == 'development':
ret.headers['Cache-control'] = 'no-cache'
break
else:
continue
if not ret:
raise HTTPNotFound()
return ret
def handle(self, request):
filename = unquote(request.match_info['filename'])
try:
filepath = self._directory.joinpath(filename).resolve()
filepath.relative_to(self._directory)
except (ValueError, FileNotFoundError) as error:
# relatively safe
raise HTTPNotFound() from error
except Exception as error:
# perm error or other kind!
request.app.logger.exception(error)
raise HTTPNotFound() from error
# on opening a dir, load it's contents if allowed
if filepath.is_dir():
if self._show_index:
try:
ret = Response(text=self._directory_as_html(filepath),
content_type="text/html")
except PermissionError:
raise HTTPForbidden()
else:
raise HTTPForbidden()
elif filepath.is_file():
ret = yield from self._file_sender.send(request, filepath)
else:
raise HTTPNotFound
return ret
def _handle(self, request):
filename = unquote(request.match_info['filename'])
try:
filepath = self._directory.joinpath(filename).resolve()
if not self._follow_symlinks:
filepath.relative_to(self._directory)
except (ValueError, FileNotFoundError) as error:
# relatively safe
raise HTTPNotFound() from error
except Exception as error:
# perm error or other kind!
request.app.logger.exception(error)
raise HTTPNotFound() from error
# on opening a dir, load it's contents if allowed
if filepath.is_dir():
if self._show_index:
try:
ret = Response(text=self._directory_as_html(filepath),
content_type="text/html")
except PermissionError:
raise HTTPForbidden()
else:
raise HTTPForbidden()
elif filepath.is_file():
ret = yield from self._file_sender.send(request, filepath)
else:
raise HTTPNotFound
return ret
def resolve(self, request):
route, params = self.tree.match_route(
METHOD_STR_TO_INT[request._method],
request.rel_url.raw_path.encode())
if route:
match_dict = {k.decode(): unquote(v.decode()) for k, v in params}
return web.UrlMappingMatchInfo(match_dict, route)
result = yield from super().resolve(request)
return result
def resolve(self, method, path):
allowed_methods = {'GET', 'HEAD'}
if not path.startswith(self._prefix):
return None, set()
if method not in allowed_methods:
return None, allowed_methods
match_dict = {'filename': unquote(path[self._prefix_len:])}
return (UrlMappingMatchInfo(match_dict,
self._routes[method]), allowed_methods)
def function876(self, arg619):
var838 = arg619.rel_url.raw_path
var2090 = arg619._method
var1046 = set(self.attribute347)
if (not var838.startswith(self.attribute2375)):
return (None, set())
if (var2090 not in var1046):
return (None, var1046)
var2640 = {'filename': unquote(var838[(len(self.attribute2375) + 1):]), }
return (Class231(var2640, self.attribute347[var2090]), var1046)
yield
def resolve(self, method, path):
allowed_methods = {'GET', 'HEAD'}
if not path.startswith(self._prefix):
return None, set()
if method not in allowed_methods:
return None, allowed_methods
match_dict = {'filename': unquote(path[self._prefix_len:])}
return (UrlMappingMatchInfo(match_dict, self._routes[method]),
allowed_methods)
async def resolve(self, request):
path = request.rel_url.raw_path
method = request.method
allowed_methods = set(self._routes)
if not path.startswith(self._prefix):
return None, set()
if method not in allowed_methods:
return None, allowed_methods
match_dict = {'filename': unquote(path[len(self._prefix) + 1:])}
return (UrlMappingMatchInfo(match_dict,
self._routes[method]), allowed_methods)
def resolve(self, request):
path = request.rel_url.raw_path
method = request._method
allowed_methods = set(self._routes)
if not path.startswith(self._prefix):
return None, set()
if method not in allowed_methods:
return None, allowed_methods
match_dict = {'filename': unquote(path[len(self._prefix)+1:])}
return (UrlMappingMatchInfo(match_dict, self._routes[method]),
allowed_methods)
yield # pragma: no cover
def _handle(self, request):
filename = unquote(request.match_info['filename'])
try:
# PyLint is wrong about resolve not being a member.
# pylint: disable=no-member
filepath = self._directory.joinpath(filename).resolve()
if not self._follow_symlinks:
filepath.relative_to(self._directory)
except (ValueError, FileNotFoundError) as error:
# relatively safe
raise HTTPNotFound() from error
except Exception as error:
# perm error or other kind!
request.app.logger.exception(error)
raise HTTPNotFound() from error
if filepath.is_dir():
return (yield from super()._handle(request))
elif filepath.is_file():
return CachingFileResponse(filepath, chunk_size=self._chunk_size)
else:
raise HTTPNotFound
def _handle(self, request):
filename = unquote(request.match_info['filename'])
try:
# PyLint is wrong about resolve not being a member.
# pylint: disable=no-member
filepath = self._directory.joinpath(filename).resolve()
if not self._follow_symlinks:
filepath.relative_to(self._directory)
except (ValueError, FileNotFoundError) as error:
# relatively safe
raise HTTPNotFound() from error
except Exception as error:
# perm error or other kind!
request.app.logger.exception(error)
raise HTTPNotFound() from error
if filepath.is_dir():
return (yield from super()._handle(request))
elif filepath.is_file():
return CachingFileResponse(filepath, chunk_size=self._chunk_size)
else:
raise HTTPNotFound
def function1508(self, arg898):
var2382 = unquote(arg898.match_info['filename'])
try:
var3973 = self.attribute383.joinpath(var2382).function876()
if (not self.attribute1148):
var3973.relative_to(self.attribute383)
except (ValueError, FileNotFoundError) as var2612:
raise HTTPNotFound() from error
except Exception as var2612:
arg898.app.logger.exception(var2612)
raise HTTPNotFound() from error
if var3973.is_dir():
if self.attribute1436:
try:
var3821 = Response(text=self.function392(var3973), content_type='text/html')
except PermissionError:
raise HTTPForbidden()
else:
raise HTTPForbidden()
elif var3973.is_file():
var3821 = FileResponse(var3973, chunk_size=self.attribute340)
else:
raise HTTPNotFound
return var3821
def _handle(self, request):
"""Handle incoming requests (pass to handle_file)."""
filename = unquote(request.match_info['filename'])
ret = yield from self.handle_file(request, filename)
return ret
def match(self, path):
if not path.startswith(self._prefix):
return None
return {'filename': unquote(path[self._prefix_len:])}
def function2049(self, arg707):
var1246 = self.attribute1255.fullmatch(arg707)
if (var1246 is None):
return None
else:
return {key: unquote(var3271, unsafe='+') for (var1915, var3271) in var1246.groupdict().items()}
