( )⚙ D2768 hgweb: use a capped reader for WSGI input stream

This is an archive of the discontinued Mercurial Phabricator instance.

hgweb: use a capped reader for WSGI input stream
ClosedPublic

Authored by indygreg on Mar 9 2018, 8:23 PM.

Details

Summary

Per PEP 3333, the input stream from WSGI should respect EOF and
prevent reads past the end of the request body. However, not all
WSGI servers guarantee this. Notably, our BaseHTTPServer based
built-in HTTP server doesn't. Instead, it exposes the raw socket
and you can read() from it all you want, getting the connection in
a bad state by doing so.

We have a "cappedreader" utility class that proxies a file object
and prevents reading past a limit.

This commit converts the WSGI input stream into a capped reader when
the input length is advertised via Content-Length headers.

"cappedreader" only exposes a read() method. PEP 3333 states that
the input stream MUST also support readline(), readlines(hint), and
iter(). However, since our WSGI application code only calls
read() and since we're not manipulating the stream exposed by the
WSGI server, we're not violating the spec here.

Diff Detail

Repository
rHG Mercurial
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

indygreg created this revision.Mar 9 2018, 8:23 PM
indygreg edited the summary of this revision. (Show Details)Mar 10 2018, 3:03 PM
indygreg updated this revision to Diff 6830.
durin42 accepted this revision.Mar 12 2018, 4:55 PM
This revision is now accepted and ready to land.Mar 12 2018, 4:55 PM
This revision was automatically updated to reflect the committed changes.