def check_body():
"""校验post、put参数,返回值有效说明校验不通过"""
allow_origin = request.form.get("allow_origin")
allow_ip = request.form.get("allow_ip")
allow_ep = request.form.get("allow_ep")
allow_method = request.form.get("allow_method")
er = request.form.get("exterior_relation")
ir = request.form.get("interior_relation")
if allow_origin:
origins = parse_valid_comma(allow_origin)
if not origins or not isinstance(origins, (tuple, list)):
return "Invalid url address"
for url in origins:
if url and not check_origin(url):
return "Invalid url address"
if allow_ip:
ips = parse_valid_comma(allow_ip)
if not ips or not isinstance(ips, (tuple, list)):
return "Invalid IP address"
for ip in ips:
if ip and not check_ip(ip):
return "Invalid IP address"
if allow_ep:
eps = parse_valid_comma(allow_ep)
if not eps or not isinstance(eps, (tuple, list)):
return "Not found the endpoint"
for ep in eps:
if ep and ep not in current_app.view_functions.keys():
return "Not found the endpoint"
if allow_method:
methods = parse_valid_comma(allow_method)
if not methods or not isinstance(methods, (tuple, list)):
return "Invalid HTTP method"
for md in methods:
if md and md.upper() not in ["GET", "POST", "PUT", "DELETE"]:
return "Invalid HTTP method"
if er:
if not er_pat.match(er.strip()):
return "Invalid exterior_relation"
if ir:
if not ir_pat.match(ir.strip()):
return "Invalid interior_relation"
else:
try:
check_ir(ir)
except (ValueError, TypeError):
return "Invalid interior_relation"
def test_checkorigin(self):
self.assertTrue(check_origin("http://127.0.0.1"))
self.assertTrue(check_origin("http://localhost:5000"))
self.assertTrue(check_origin("https://abc.com"))
self.assertTrue(check_origin("https://abc.com:8443"))
self.assertFalse(check_origin("ftp://192.168.1.2"))
self.assertFalse(check_origin("rsync://192.168.1.2"))
self.assertFalse(check_origin("192.168.1.2"))
self.assertFalse(check_origin("example.com"))
self.assertFalse(check_origin("localhost"))
self.assertFalse(check_origin("127.0.0.1:8000"))
self.assertFalse(check_origin("://127.0.0.1/hello-world"))
self.assertEqual(get_origin("http://abc.com/hello"), "http://abc.com")
self.assertEqual(get_origin("https://abc.com/"), "https://abc.com")
self.assertTrue(check_ip("127.0.0.1"))
self.assertTrue(check_ip("1.2.3.4"))
self.assertTrue(check_ip("255.255.255.0"))
self.assertFalse(check_ip("1.2.3"))
self.assertFalse(check_ip("a.1.2.3"))
self.assertFalse(check_ip("999.1.2.3"))
def test_checkorigin(self):
self.assertTrue(check_origin('http://127.0.0.1'))
self.assertTrue(check_origin('http://localhost:5000'))
self.assertTrue(check_origin('https://abc.com'))
self.assertTrue(check_origin('https://abc.com:8443'))
self.assertFalse(check_origin('ftp://192.168.1.2'))
self.assertFalse(check_origin('rsync://192.168.1.2'))
self.assertFalse(check_origin('192.168.1.2'))
self.assertFalse(check_origin('example.com'))
self.assertFalse(check_origin('localhost'))
self.assertFalse(check_origin('127.0.0.1:8000'))
self.assertFalse(check_origin('://127.0.0.1/hello-world'))
self.assertEqual(get_origin("http://abc.com/hello"), "http://abc.com")
self.assertEqual(get_origin("https://abc.com/"), "https://abc.com")
self.assertTrue(check_ip("127.0.0.1"))
self.assertTrue(check_ip("1.2.3.4"))
self.assertTrue(check_ip("255.255.255.0"))
self.assertFalse(check_ip("1.2.3"))
self.assertFalse(check_ip("a.1.2.3"))
self.assertFalse(check_ip("999.1.2.3"))