def name(s, sep='_'):
"""
Remove invalid characters.
"""
unixbadchars = ('\0', '/', '\\')
macbadchars = ('\0', ':', '/', '\\')
winbadchars = ('\0', '<', '>', ':', '"', '/', '\\', '|', '?', '*')
winbadwords = ('com1', 'com2', 'com3', 'com4', 'com5', 'com6', 'com7',
'com8', 'com9', 'lpt1', 'lpt2', 'lpt3', 'lpt4', 'lpt5',
'lpt6', 'lpt7', 'lpt8', 'lpt9', 'con', 'prn')
repl = ' '
if os.name == 'nt':
repl += r''.join(winbadchars)
elif sys.platform == 'darwin':
repl += r''.join(macbadchars)
else:
repl += r''.join(unixbadchars)
name = purge.chars(s.strip(), repl, sep).strip()
if os.name == 'nt' and name in winbadwords:
name = '_' + name
return name
def download_file(self, pyfile):
url = pyfile.url
for _ in range(5):
header = self.load(url, just_header=True)
# self.load does not raise a BadHeader on 404 responses, do it here
if 'code' in header and header['code'] == 404:
raise ResponseException(404)
if 'location' in header:
self.log_debug("Location: {0}".format(header['location']))
base = match(r'https?://[^/]+', url).group(0)
if header['location'].startswith("http"):
url = unquote(header['location'])
elif header['location'].startswith("/"):
url = base + unquote(header['location'])
else:
url = "{0}/{1}".format(base, unquote(header['location']))
else:
break
name = webpurge.escape(unquote(urlparse(url).path.split("/")[-1]))
if 'content-disposition' in header:
self.log_debug("Content-Disposition: {0}".format(
header['content-disposition']))
m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)",
header['content-disposition'])
if m:
disp = m.groupdict()
self.log_debug(disp)
if not disp['enc']:
disp['enc'] = 'utf-8'
name = purge.chars(disp['name'], "\"';").strip()
name = str(unquote(name), disp['enc'])
if not name:
name = url
pyfile.name = name
self.log_debug("Filename: {0}".format(pyfile.name))
self.download(url, disposition=True)
def download_file(self, pyfile):
url = pyfile.url
for _ in range(5):
header = self.load(url, just_header=True)
# self.load does not raise a BadHeader on 404 responses, do it here
if 'code' in header and header['code'] == 404:
raise ResponseException(404)
if 'location' in header:
self.log_debug("Location: {0}".format(header['location']))
base = match(r'https?://[^/]+', url).group(0)
if header['location'].startswith("http"):
url = unquote(header['location'])
elif header['location'].startswith("/"):
url = base + unquote(header['location'])
else:
url = "{0}/{1}".format(base, unquote(header['location']))
else:
break
name = webpurge.escape(unquote(urlparse(url).path.split("/")[-1]))
if 'content-disposition' in header:
self.log_debug(
"Content-Disposition: {0}".format(header['content-disposition']))
m = search("filename(?P<type>=|\*=(?P<enc>.+)'')(?P<name>.*)",
header['content-disposition'])
if m:
disp = m.groupdict()
self.log_debug(disp)
if not disp['enc']:
disp['enc'] = 'utf-8'
name = purge.chars(disp['name'], "\"';").strip()
name = str(unquote(name), disp['enc'])
if not name:
name = url
pyfile.name = name
self.log_debug("Filename: {0}".format(pyfile.name))
self.download(url, disposition=True)
def normalize(domain):
"""
Normalize domain/plugin name, so they are comparable.
"""
return purge.chars(domain.strip().lower(), "-.")
def normalize(domain):
"""
Normalize domain/plugin name, so they are comparable.
"""
return purge.chars(domain.strip().lower(), "-.")
def call_api(func, args=""):
add_json_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(purge.chars(request.params.get('session'), "'\""))
elif auth:
user = API.check_auth(auth[0], auth[1],
request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user:
s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return error(401, "Unauthorized")
if not API.is_authorized(func, api.user):
return error(403, "Forbidden")
if not hasattr(API.EXTERNAL, func) or func.startswith("_"):
print("Invalid API call", func)
return error(404, "Not Found")
# TODO: possible encoding
# TODO: Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# file upload, reads whole file into memory
for name, f in request.files.items():
kwargs['filename'] = f.filename
with closing(io.StringIO()) as content:
f.save(content)
kwargs[name] = content.getvalue()
# convert arguments from json to obj separately
for x, y in request.params.items():
try:
if not x or not y or x == "session":
continue
kwargs[x] = loads(unquote(y))
except Exception as e:
# Unsupported input
msg = "Invalid Input {0}, {1} : {2}".format(x, y, e.message)
print_exc()
print(msg)
return error(415, msg)
try:
result = getattr(api, func)(*args, **kwargs)
# null is invalid json response
if result is None:
result = True
return json_response(result)
except ExceptionObject as e:
return error(400, e.message)
except Exception as e:
print_exc()
return error(500, {'error': e.message, 'traceback': format_exc()})