def _create_request_from_scope(self, send: Callable) -> Request:
headers = Headers()
headers["Remote-Addr"] = (self.scope.get("client") or ["<local>"])[0]
for name, value in self.scope["headers"]:
headers.add(name.decode("latin1").title(), value.decode("latin1"))
if self.scope["http_version"] < "1.1":
headers.setdefault("Host", self.app.config["SERVER_NAME"] or "")
path = self.scope["path"]
path = path if path[0] == "/" else urlparse(path).path
x_proto = self._get_real_value(1, headers.get("X-Forwarded-Proto"))
if x_proto:
self.scope["scheme"] = x_proto
x_host = self._get_real_value(1, headers.get("X-Forwarded-Host"))
if x_host:
headers["host"] = x_host.lower()
return self.app.request_class(
self.scope["method"],
self.scope["scheme"],
path,
self.scope["query_string"],
headers,
self.scope.get("root_path", ""),
self.scope["http_version"],
max_content_length=self.app.config["MAX_CONTENT_LENGTH"],
body_timeout=self.app.config["BODY_TIMEOUT"],
send_push_promise=partial(self._send_push_promise, send),
scope=self.scope,
)
def werkzeug_headers():
from werkzeug.datastructures import Headers
Headers({"Access-Control-Allow-Origin": "*"}) # Noncompliant
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
headers = Headers({"Access-Control-Allow-Origin":
"trustedwebsite.com"}) # Compliant
headers.set("Access-Control-Allow-Origin", "*") # Noncompliant
# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
headers.setdefault("Access-Control-Allow-Origin", "*") # Noncompliant
headers["Access-Control-Allow-Origin"] = "*" # Noncompliant
headers.__setitem__("Access-Control-Allow-Origin", "*") # Noncompliant
headers.set("Access-Control-Allow-Credentials", "") # Compliant
headers.set("Access-Control-Expose-Headers", "") # Compliant
headers.set("Access-Control-Max-Age", "") # Compliant
headers.set("Access-Control-Allow-Methods", "") # Compliant
headers.set("Access-Control-Allow-Headers", "") # Compliant
Headers(1, 2)
def __data_request(self,
path,
*,
method,
query=None,
data=None,
headers=None):
if headers:
headers = Headers(headers)
else:
headers = Headers()
if data is not None:
headers.setdefault("Content-Type",
"application/x-www-form-urlencoded")
body = urlencode(data).encode("utf-8")
else:
body = None
return self.request(path,
method="POST",
query=query,
body=body,
headers=headers)
def make_response(rv=None):
"""
rv为视图函数返回值(body, status, headers)三元组、或响应实例
将返回Response对象实例
"""
status = headers = None
if isinstance(rv, (BaseResponse, HTTPException)):
return rv
if isinstance(rv, tuple):
len_rv = len(rv)
if len_rv == 3:
rv, status, headers = rv
elif len_rv == 2:
if isinstance(rv[1], (Headers, dict, tuple, list)):
rv, headers = rv
else:
rv, status = rv
elif len_rv == 1:
rv = rv[0]
else:
raise TypeError(
'视图函数返回值若为tuple至少要有响应体body,'
'可选status与headers,如(body, status, headers)'
)
if isinstance(rv, (dict, list)):
rv = compact_dumps(rv)
headers = Headers(headers)
headers.setdefault('Content-type', 'application/json')
elif rv is None:
pass
elif not isinstance(rv, (str, bytes, bytearray)):
raise TypeError(f'视图函数返回的响应体类型非法: {type(rv)}')
response = Response(rv, status=status, headers=headers)
return response
def test_headers():
# simple header tests
headers = Headers()
headers.add("Content-Type", "text/plain")
headers.add("X-Foo", "bar")
assert "x-Foo" in headers
assert "Content-type" in headers
headers["Content-Type"] = "foo/bar"
assert headers["Content-Type"] == "foo/bar"
assert len(headers.getlist("Content-Type")) == 1
# list conversion
assert headers.to_list() == [("Content-Type", "foo/bar"), ("X-Foo", "bar")]
assert str(headers) == ("Content-Type: foo/bar\r\n" "X-Foo: bar\r\n" "\r\n")
assert str(Headers()) == "\r\n"
# extended add
headers.add("Content-Disposition", "attachment", filename="foo")
assert headers["Content-Disposition"] == "attachment; filename=foo"
headers.add("x", "y", z='"')
assert headers["x"] == r'y; z="\""'
# defaults
headers = Headers([("Content-Type", "text/plain"), ("X-Foo", "bar"), ("X-Bar", "1"), ("X-Bar", "2")])
assert headers.getlist("x-bar") == ["1", "2"]
assert headers.get("x-Bar") == "1"
assert headers.get("Content-Type") == "text/plain"
assert headers.setdefault("X-Foo", "nope") == "bar"
assert headers.setdefault("X-Bar", "nope") == "1"
assert headers.setdefault("X-Baz", "quux") == "quux"
assert headers.setdefault("X-Baz", "nope") == "quux"
headers.pop("X-Baz")
# type conversion
assert headers.get("x-bar", type=int) == 1
assert headers.getlist("x-bar", type=int) == [1, 2]
# list like operations
assert headers[0] == ("Content-Type", "text/plain")
assert headers[:1] == Headers([("Content-Type", "text/plain")])
del headers[:2]
del headers[-1]
assert headers == Headers([("X-Bar", "1")])
# copying
a = Headers([("foo", "bar")])
b = a.copy()
a.add("foo", "baz")
assert a.getlist("foo") == ["bar", "baz"]
assert b.getlist("foo") == ["bar"]
headers = Headers([("a", 1)])
assert headers.pop("a") == 1
assert headers.pop("b", 2) == 2
assert_raises(KeyError, headers.pop, "c")
# set replaces and accepts same arguments as add
a = Headers()
a.set("Content-Disposition", "useless")
a.set("Content-Disposition", "attachment", filename="foo")
assert a["Content-Disposition"] == "attachment; filename=foo"
def test_headers():
# simple header tests
headers = Headers()
headers.add('Content-Type', 'text/plain')
headers.add('X-Foo', 'bar')
assert 'x-Foo' in headers
assert 'Content-type' in headers
headers['Content-Type'] = 'foo/bar'
assert headers['Content-Type'] == 'foo/bar'
assert len(headers.getlist('Content-Type')) == 1
# list conversion
assert headers.to_list() == [
('Content-Type', 'foo/bar'),
('X-Foo', 'bar')
]
assert str(headers) == (
"Content-Type: foo/bar\r\n"
"X-Foo: bar\r\n"
"\r\n")
assert str(Headers()) == "\r\n"
# extended add
headers.add('Content-Disposition', 'attachment', filename='foo')
assert headers['Content-Disposition'] == 'attachment; filename=foo'
headers.add('x', 'y', z='"')
assert headers['x'] == r'y; z="\""'
# defaults
headers = Headers([
('Content-Type', 'text/plain'),
('X-Foo', 'bar'),
('X-Bar', '1'),
('X-Bar', '2')
])
assert headers.getlist('x-bar') == ['1', '2']
assert headers.get('x-Bar') == '1'
assert headers.get('Content-Type') == 'text/plain'
assert headers.setdefault('X-Foo', 'nope') == 'bar'
assert headers.setdefault('X-Bar', 'nope') == '1'
assert headers.setdefault('X-Baz', 'quux') == 'quux'
assert headers.setdefault('X-Baz', 'nope') == 'quux'
headers.pop('X-Baz')
# type conversion
assert headers.get('x-bar', type=int) == 1
assert headers.getlist('x-bar', type=int) == [1, 2]
# list like operations
assert headers[0] == ('Content-Type', 'text/plain')
assert headers[:1] == Headers([('Content-Type', 'text/plain')])
del headers[:2]
del headers[-1]
assert headers == Headers([('X-Bar', '1')])
# copying
a = Headers([('foo', 'bar')])
b = a.copy()
a.add('foo', 'baz')
assert a.getlist('foo') == ['bar', 'baz']
assert b.getlist('foo') == ['bar']
headers = Headers([('a', 1)])
assert headers.pop('a') == 1
assert headers.pop('b', 2) == 2
assert_raises(KeyError, headers.pop, 'c')
# set replaces and accepts same arguments as add
a = Headers()
a.set('Content-Disposition', 'useless')
a.set('Content-Disposition', 'attachment', filename='foo')
assert a['Content-Disposition'] == 'attachment; filename=foo'
def test_headers():
# simple header tests
headers = Headers()
headers.add('Content-Type', 'text/plain')
headers.add('X-Foo', 'bar')
assert 'x-Foo' in headers
assert 'Content-type' in headers
headers['Content-Type'] = 'foo/bar'
assert headers['Content-Type'] == 'foo/bar'
assert len(headers.getlist('Content-Type')) == 1
# list conversion
assert headers.to_list() == [('Content-Type', 'foo/bar'), ('X-Foo', 'bar')]
assert str(headers) == ("Content-Type: foo/bar\r\n"
"X-Foo: bar\r\n"
"\r\n")
assert str(Headers()) == "\r\n"
# extended add
headers.add('Content-Disposition', 'attachment', filename='foo')
assert headers['Content-Disposition'] == 'attachment; filename=foo'
headers.add('x', 'y', z='"')
assert headers['x'] == r'y; z="\""'
# defaults
headers = Headers([('Content-Type', 'text/plain'), ('X-Foo', 'bar'),
('X-Bar', '1'), ('X-Bar', '2')])
assert headers.getlist('x-bar') == ['1', '2']
assert headers.get('x-Bar') == '1'
assert headers.get('Content-Type') == 'text/plain'
assert headers.setdefault('X-Foo', 'nope') == 'bar'
assert headers.setdefault('X-Bar', 'nope') == '1'
assert headers.setdefault('X-Baz', 'quux') == 'quux'
assert headers.setdefault('X-Baz', 'nope') == 'quux'
headers.pop('X-Baz')
# type conversion
assert headers.get('x-bar', type=int) == 1
assert headers.getlist('x-bar', type=int) == [1, 2]
# list like operations
assert headers[0] == ('Content-Type', 'text/plain')
assert headers[:1] == Headers([('Content-Type', 'text/plain')])
del headers[:2]
del headers[-1]
assert headers == Headers([('X-Bar', '1')])
# copying
a = Headers([('foo', 'bar')])
b = a.copy()
a.add('foo', 'baz')
assert a.getlist('foo') == ['bar', 'baz']
assert b.getlist('foo') == ['bar']
headers = Headers([('a', 1)])
assert headers.pop('a') == 1
assert headers.pop('b', 2) == 2
assert_raises(KeyError, headers.pop, 'c')
# set replaces and accepts same arguments as add
a = Headers()
a.set('Content-Disposition', 'useless')
a.set('Content-Disposition', 'attachment', filename='foo')
assert a['Content-Disposition'] == 'attachment; filename=foo'
