o ix_@sHddlmZddlZddlZddlZddlZddlmZmZm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZddl mZmZmZddl mZddlmZmZdZGd d d eZGd d d eZ Gd ddeZ!dZ"dZ#dZ$dZ%e&de'e%Z(e&dZ)e&dZ*e&dZ+ddZ,GdddZ-Gddde-Z.dS))IntEnumN) ChunkedReader LengthReader EOFReaderBody) InvalidHeaderInvalidHeaderName NoMoreDataInvalidRequestLineInvalidRequestMethodInvalidHTTPVersionLimitRequestLineLimitRequestHeadersUnsupportedTransferCodingObsoleteFoldingExpectationFailed)InvalidProxyLineInvalidProxyHeaderForbiddenProxyRequest)InvalidSchemeHeaders) bytes_to_strsplit_request_uris QUIT c@seZdZdZdZdZdS) PPCommandzPROXY protocol v2 commands.rN)__name__ __module__ __qualname____doc__LOCALPROXYr r I/home/ubuntu/.local/lib/python3.10/site-packages/gunicorn/http/message.pyrsrc@s eZdZdZdZdZdZdZdS)PPFamilyz#PROXY protocol v2 address families.rrN)rrrrUNSPECINETINET6UNIXr r r r!r""s r"c@seZdZdZdZdZdZdS) PPProtocolz&PROXY protocol v2 transport protocols.rrr#N)rrrrr%STREAMDGRAMr r r r!r)*s r)iiz!#$%&'*+-.^_`|~z[%s0-9a-zA-Z]+z[a-z#]zHTTP/(\d)\.(\d)z[\0\r\n]cCsLd|vrdSzt|}Wn tyYdSw|D] }||vr#dSqdS)zCheck if IP address is in the allow list. Args: ip_str: The IP address string to check allow_list: The original allow list (strings, may contain "*") networks: Pre-computed ipaddress.ip_network objects from config *TF) ipaddress ip_address ValueError)ip_str allow_listnetworksipnetworkr r r!_ip_in_allow_list>s r5c@s>eZdZddZddZddZddd Zd d Zd d ZdS)MessagecCs||_||_||_||_d|_g|_g|_d|_|jrdnd|_ d|_ d|_ |j |_ |j dks4|j t kr7t |_ |j|_|jdkrCt|_|jpGt}|j |dd|_||j}|j||dS)NhttpshttpFrr#)cfgunreader peer_addr remote_addrversionheaderstrailersbodyis_sslscheme must_close_expected_100_continuelimit_request_fields MAX_HEADERSlimit_request_field_sizeDEFAULT_MAX_HEADERFIELD_SIZEmax_buffer_headersparseunreadset_body_reader)selfr:r;r<max_header_field_sizeunusedr r r!__init__Ss6       zMessage.__init__cCs d|_dS)NT)rDrNr r r! force_closers zMessage.force_closecCstN)NotImplementedError)rNr;r r r!rKusz Message.parseFcCs|j}g}dd|dD}d}i}g}|rnt|jtr*t|jd|j|r0|j}|j }|rBt ||j kr>t d| d} t | t d} | ddkrVt| | dd \} } |jjrg| d } t| spt| | } | d g} |r|dd r|jjst| | d} | t | t d7} | |jkrdkrt d | | d |r|dd sd| } t| rt| | |jkrdkrt d |s| dkr| dkr|j dkrnd|_!nt"| | |vr| || k} | rdnd}|r||j#krt$nd}||_#d| vr9| |vs$d|vr%n|jj%dkr-n |jj%dkr5q0t| || | f|s3|S)NcSg|]}t|qSr r).0liner r r! }z)Message.parse_headers.. Frzlimit request headers fieldsz :r )  z!limit request headers fields sizez r_EXPECTz 100-continuerrTr7r8_r, dangerousdrop)&r:split isinstancer<tupler5forwarded_allow_ipsforwarded_allow_networkssecure_scheme_headersforwarder_headerslenrFrpopfindrstrip_header_spacesrstripTOKEN_RE fullmatchrupperstrip startswithpermit_obsolete_foldingrrHappendjoin!RFC9110_5_5_INVALID_AND_DANGEROUSsearchlowerr>rErrCr header_map)rNdata from_trailerr:r?lines scheme_headerrkrlcurr header_lengthnamevaluesecurerCr r r! parse_headersxs              YzMessage.parse_headerscCsd}d}|jD]^\}}|dkr|durtd|d|}q|dkredd|dD}|D]8}|dkr?|r.,chunkedTidentity)compressdeflategziprbr)r?rrfr|rSrr>rrr;rAstr isnumericintr/rr)rNrcontent_lengthrrvalsvalr r r!rMsV                 zMessage.set_body_readercCsZ|jrdS|jD]\}}|dkr'|d}|dkrdS|dkr%dSnq|jdkS)NT CONNECTIONr^closez keep-aliveFrr)rDr?r|rur>)rNhrr r r! should_close&s zMessage.should_closeNF) rrrrQrSrKrrMrr r r r!r6Rs r |dddkr>||||S|S)ztHandle PROXY protocol detection and parsing. Returns the buffer with proxy protocol data consumed. )v2autoN)v1rsPROXY )rmrPP_V2_SIGNATUREproxy_protocol_access_check_parse_proxy_protocol_v2_parse_proxy_protocol_v1)rNr;rrr r r!rs     zRequest._handle_proxy_protocolcCs>t|jtrt|jd|jj|jst|jddSdS)z2Check if proxy protocol is allowed from this peer.rN)rgr<rhr5r:proxy_allow_ipsproxy_allow_networksrrRr r r!rs z#Request.proxy_protocol_access_checkc Cst|}d|vr|||t|}d|vs|d}t|d|}t||dd}|d}t|dkrHrr9r#zunsupported version %dzunsupported command %drNrzonly TCP protocol is supportedz"insufficient address data for IPv4 r$z"insufficient address data for IPv6 "rr%zunsupported address family %d)rmrstructunpackrrrrrrrr)r*r"r&r inet_ntoprr'rr%)rNr;rver_cmd fam_protolengthr>commandtotal_header_sizefamilyprotocol addr_datarrrrrr r r!rsz               z Request._parse_proxy_protocol_v2cCsdd|ddD}t|dkrtt||d|_|jjs?t|jr+t |jdt|dkr9dks?nt |jt |jsJt |j|jj rT|j |_|d|_t|jdkrftt|zt|j}Wn tyztt|w|jpd |_|jpd |_|jpd |_t |d}|durt|dt|dt|df|_d |jkrd ksn|jjst|jdSdS) NcSrVr rW)rXbitr r r!rZOr[z.Request.parse_request_line.. r#r$rrr)r#r)rfrmr rrr:!permit_unconventional_http_methodMETHOD_BADCHAR_REr{r rrrscasefold_http_methodrtrrr/rrr VERSION_REr rgroupr>"permit_unconventional_http_version)rN line_bytesrpartsmatchr r r!rNsB                  zRequest.parse_request_linecs2tt|jjtrtt|jd|_dSdSr) rrMrgrAreaderrrrr;rRrr r!rMs zRequest.set_body_reader)rr)r)rrrrQrrKrrrrrrrrrM __classcell__r r rr!r4s  ' =]7r)/enumrr-rerrgunicorn.http.bodyrrrrgunicorn.http.errorsrrr r r r r rrrrrrrr gunicorn.utilrrrrr"r)rrGrIRFC9110_5_6_2_TOKEN_SPECIALScompileescaperrrrrzr5r6rr r r r!s4 4    c