def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
media_type, param_str = field_value.split(";", 1)
except ValueError:
media_type, param_str = field_value, ''
media_type = media_type.lower()
param_dict = headers.parse_params(param_str, add_note, ['charset'])
return media_type, param_dict
def test_parse_params(self):
i = 0
for (instr, expected_pd, expected_notes, delim) in [
('foo=bar', {
'foo': 'bar'
}, [], ';'), ('foo="bar"', {
'foo': 'bar'
}, [], ';'),
('foo="bar"; baz=bat', {
'foo': 'bar',
'baz': 'bat'
}, [], ';'),
('foo="bar"; baz="b=t"; bam="boom"', {
'foo': 'bar',
'baz': 'b=t',
'bam': 'boom'
}, [], ';'), (r'foo="b\"ar"', {
'foo': 'b"ar'
}, [], ';'),
(r'foo=bar; foo=baz', {
'foo': 'baz'
}, [headers.PARAM_REPEATS], ';'),
('foo=bar; baz="b;at"', {
'foo': 'bar',
'baz': "b;at"
}, [], ';'),
('foo=bar, baz="bat"', {
'foo': 'bar',
'baz': "bat"
}, [], ','),
('foo=bar, baz="b,at"', {
'foo': 'bar',
'baz': "b,at"
}, [], ','),
("foo=bar; baz='bat'", {
'foo': 'bar',
'baz': "'bat'"
}, [headers.PARAM_SINGLE_QUOTED], ';'),
("foo*=\"UTF-8''a%cc%88.txt\"", {
'foo*': u'a\u0308.txt'
}, [headers.PARAM_STAR_QUOTED], ';'),
("foo*=''a%cc%88.txt", {}, [headers.PARAM_STAR_NOCHARSET], ';'),
("foo*=utf-16''a%cc%88.txt", {}, [headers.PARAM_STAR_CHARSET],
';'),
("nostar*=utf-8''a%cc%88.txt", {}, [headers.PARAM_STAR_BAD], ';'),
("NOstar*=utf-8''a%cc%88.txt", {}, [headers.PARAM_STAR_BAD], ';')
]:
self.red.__init__()
param_dict = headers.parse_params(
instr, partial(self.red.add_note, "test"), ['nostar'], delim)
diff = set([n.__name__ for n in expected_notes
]).symmetric_difference(set(self.red.note_classes))
self.assertEqual(len(diff), 0,
"[%s] Mismatched notes: %s" % (i, diff))
self.assertEqual(
expected_pd, param_dict,
"[%s] %s != %s" % (i, str(expected_pd), str(param_dict)))
i += 1
def parse(subject, value, red):
try:
media_type, params = value.split(";", 1)
except ValueError:
media_type, params = value, ''
media_type = media_type.lower()
param_dict = rh.parse_params(red, subject, params, ['charset'])
# TODO: check charset to see if it's known
return (media_type, param_dict)
def parse(self, field_value: str,
add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
media_type, param_str = field_value.split(";", 1)
except ValueError:
media_type, param_str = field_value, ''
media_type = media_type.lower()
param_dict = headers.parse_params(param_str, add_note, ['charset'])
return media_type, param_dict
def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
media_type, param_str = field_value.split(";", 1)
except ValueError:
media_type, param_str = field_value, ""
media_type = media_type.lower()
param_dict = headers.parse_params(param_str, add_note, ["charset"])
# TODO: check charset to see if it's known
return media_type, param_dict
def parse(subject, value, red):
try:
coding, params = value.split(";", 1)
except ValueError:
coding, params = value, ""
coding = coding.lower()
param_dict = rh.parse_params(red, subject, params, True)
if param_dict:
red.add_note(subject, rs.TRANSFER_CODING_PARAM)
return coding
def parse(self, field_value: str, add_note: AddNoteMethodType) -> str:
try:
coding, param_str = field_value.split(";", 1)
except ValueError:
coding, param_str = field_value, ""
coding = coding.lower()
param_dict = headers.parse_params(param_str, add_note, True)
if param_dict:
add_note(TRANSFER_CODING_PARAM)
return coding
def parse(self, field_value: str, add_note: AddNoteMethodType) -> str:
try:
coding, param_str = field_value.split(";", 1)
except ValueError:
coding, param_str = field_value, ""
coding = coding.lower()
param_dict = headers.parse_params(param_str, add_note, True)
if param_dict:
add_note(TRANSFER_CODING_PARAM)
return coding
def parse(subject, value, red):
try:
protect, param_str = value.split(';', 1)
except ValueError:
protect, param_str = value, ""
protect = int(protect)
params = rh.parse_params(red, subject, param_str, True)
if protect == 0:
red.add_note(subject, rs.XSS_PROTECTION_OFF)
else: # 1
if params.get('mode', None) == "block":
red.add_note(subject, rs.XSS_PROTECTION_BLOCK)
else:
red.add_note(subject, rs.XSS_PROTECTION_ON)
return protect, params
def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
disposition, param_str = field_value.split(";", 1)
except ValueError:
disposition, param_str = field_value, ''
disposition = disposition.lower()
param_dict = headers.parse_params(param_str, add_note)
if disposition not in ['inline', 'attachment']:
add_note(DISPOSITION_UNKNOWN, disposition=disposition)
if 'filename' not in param_dict:
add_note(DISPOSITION_OMITS_FILENAME)
if "%" in param_dict.get('filename', ''):
add_note(DISPOSITION_FILENAME_PERCENT)
if "/" in param_dict.get('filename', '') or r"\\" in param_dict.get('filename*', ''):
add_note(DISPOSITION_FILENAME_PATH_CHAR)
return disposition, param_dict
def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
link_value, param_str = field_value.split(";", 1)
except ValueError:
link_value, param_str = field_value, ''
link_value = link_value.strip()[1:-1] # trim the angle brackets
param_dict = headers.parse_params(param_str, add_note,
['rel', 'rev', 'anchor', 'hreflang', 'type', 'media'])
if 'rel' in param_dict: # relation_types
pass
if 'rev' in param_dict:
add_note(LINK_REV, link=link_value, rev=param_dict['rev'])
if 'anchor' in param_dict: # URI-Reference
if not re.match(r"^\s*%s\s*$" % rfc3986.URI_reference,
param_dict['anchor'], re.VERBOSE):
add_note(LINK_BAD_ANCHOR, link=link_value, anchor=param_dict['anchor'])
return link_value, param_dict
def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[int, ParamDictType]:
try:
protect, param_str = field_value.split(';', 1)
except ValueError:
protect, param_str = field_value, ""
try:
protect_int = int(protect)
except ValueError:
raise
params = headers.parse_params(param_str, add_note, True)
if protect_int == 0:
add_note(XSS_PROTECTION_OFF)
else: # 1
if params.get('mode', None) == "block":
add_note(XSS_PROTECTION_BLOCK)
else:
add_note(XSS_PROTECTION_ON)
return protect_int, params
def parse(self, field_value: str,
add_note: AddNoteMethodType) -> Tuple[int, ParamDictType]:
try:
protect, param_str = field_value.split(';', 1)
except ValueError:
protect, param_str = field_value, ""
try:
protect_int = int(protect)
except ValueError:
raise
params = headers.parse_params(param_str, add_note, True)
if protect_int == 0:
add_note(XSS_PROTECTION_OFF)
else: # 1
if params.get('mode', None) == "block":
add_note(XSS_PROTECTION_BLOCK)
else:
add_note(XSS_PROTECTION_ON)
return protect_int, params
def parse(self, field_value: str, add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
link_value, param_str = field_value.split(";", 1)
except ValueError:
link_value, param_str = field_value, ''
link_value = link_value.strip()[1:-1] # trim the angle brackets
param_dict = headers.parse_params(param_str, add_note,
['rel', 'rev', 'anchor', 'hreflang', 'type', 'media'])
if 'rel' in param_dict: # relation_types
pass # TODO: check relation type
if 'rev' in param_dict:
add_note(LINK_REV, link=link_value, rev=param_dict['rev'])
if 'anchor' in param_dict: # URI-Reference
if not re.match(r"^\s*%s\s*$" % rfc3986.URI_reference,
param_dict['anchor'], re.VERBOSE):
add_note(LINK_BAD_ANCHOR, link=link_value, anchor=param_dict['anchor'])
# TODO: check media-type in 'type'
# TODO: check language tag in 'hreflang'
return link_value, param_dict
def parse(subject, value, red):
try:
disposition, params = value.split(";", 1)
except ValueError:
disposition, params = value, ''
disposition = disposition.lower()
param_dict = rh.parse_params(red, subject, params)
if disposition not in ['inline', 'attachment']:
red.add_note(subject,
rs.DISPOSITION_UNKNOWN,
disposition=disposition
)
if not param_dict.has_key('filename'):
red.add_note(subject, rs.DISPOSITION_OMITS_FILENAME)
if "%" in param_dict.get('filename', ''):
red.add_note(subject, rs.DISPOSITION_FILENAME_PERCENT)
if "/" in param_dict.get('filename', '') or \
r"\\" in param_dict.get('filename*', ''):
red.add_note(subject, rs.DISPOSITION_FILENAME_PATH_CHAR)
return disposition, param_dict
def parse(self, field_value: str,
add_note: AddNoteMethodType) -> Tuple[str, ParamDictType]:
try:
link_value, param_str = field_value.split(";", 1)
except ValueError:
link_value, param_str = field_value, ""
link_value = link_value.strip()[1:-1] # trim the angle brackets
param_dict = headers.parse_params(
param_str, add_note,
["rel", "rev", "anchor", "hreflang", "type", "media"])
if "rel" in param_dict: # relation_types
pass
if "rev" in param_dict:
add_note(LINK_REV, link=link_value, rev=param_dict["rev"])
if "anchor" in param_dict: # URI-Reference
if not re.match(r"^\s*%s\s*$" % rfc3986.URI_reference,
param_dict["anchor"], re.VERBOSE):
add_note(LINK_BAD_ANCHOR,
link=link_value,
anchor=param_dict["anchor"])
return link_value, param_dict
def parse(subject, value, red):
try:
link, params = value.split(";", 1)
except ValueError:
link, params = value, ''
link = link[1:-1] # trim the angle brackets
param_dict = rh.parse_params(red, subject, params,
['rel', 'rev', 'anchor', 'hreflang', 'type', 'media'])
if param_dict.has_key('rel'): # relation_types
pass # TODO: check relation type
if param_dict.has_key('rev'):
red.add_note(subject, rs.LINK_REV,
link=link, rev=param_dict['rev'])
if param_dict.has_key('anchor'): # URI-Reference
if not re.match(r"^\s*%s\s*$" % syntax.URI_reference,
param_dict['anchor'], re.VERBOSE):
red.add_note(subject, rs.LINK_BAD_ANCHOR,
link=link,
anchor=param_dict['anchor'])
# TODO: check media-type in 'type'
# TODO: check language tag in 'hreflang'
return link, param_dict
def test_parse_params(self):
i = 0
for (instr, expected_pd, expected_notes, delim) in [
('foo=bar', {'foo': 'bar'}, [], ';'),
('foo="bar"', {'foo': 'bar'}, [], ';'),
('foo="bar"; baz=bat', {'foo': 'bar', 'baz': 'bat'}, [], ';'),
('foo="bar"; baz="b=t"; bam="boom"',
{'foo': 'bar', 'baz': 'b=t', 'bam': 'boom'}, [], ';'
),
(r'foo="b\"ar"', {'foo': 'b"ar'}, [], ';'),
(r'foo=bar; foo=baz',
{'foo': 'baz'},
[rs.PARAM_REPEATS],
';'
),
('foo=bar; baz="b;at"',
{'foo': 'bar', 'baz': "b;at"},
[],
';'
),
('foo=bar, baz="bat"',
{'foo': 'bar', 'baz': "bat"},
[],
','
),
('foo=bar, baz="b,at"',
{'foo': 'bar', 'baz': "b,at"},
[],
','
),
("foo=bar; baz='bat'",
{'foo': 'bar', 'baz': "'bat'"},
[rs.PARAM_SINGLE_QUOTED],
';'
),
("foo*=\"UTF-8''a%cc%88.txt\"",
{'foo*': u'a\u0308.txt'},
[rs.PARAM_STAR_QUOTED],
';'
),
("foo*=''a%cc%88.txt",
{},
[rs.PARAM_STAR_NOCHARSET],
';'
),
("foo*=utf-16''a%cc%88.txt",
{},
[rs.PARAM_STAR_CHARSET],
';'
),
("nostar*=utf-8''a%cc%88.txt",
{},
[rs.PARAM_STAR_BAD],
';'
),
("NOstar*=utf-8''a%cc%88.txt",
{},
[rs.PARAM_STAR_BAD],
';'
)
]:
self.red.__init__()
param_dict = headers.parse_params(
self.red, 'test', instr, ['nostar'], delim
)
diff = set(
[n.__name__ for n in expected_notes]).symmetric_difference(
set(self.red.note_classes)
)
self.assertEqual(len(diff), 0,
"[%s] Mismatched notes: %s" % (i, diff)
)
self.assertEqual(expected_pd, param_dict,
"[%s] %s != %s" % (i, str(expected_pd), str(param_dict)))
i += 1
