blob: fb4ae1928ba467948508f2a51dfe8407701b7e93 [file] [log] [blame]
Georg Brandlb533e262008-05-25 18:19:30 +00001"""Unittests for the various HTTPServer modules.
2
3Written by Cody A.W. Somerville <cody-somerville@ubuntu.com>,
4Josip Dzolonga, and Michael Otteneder for the 2007/08 GHOP contest.
5"""
6
Georg Brandl24420152008-05-26 16:32:26 +00007from http.server import BaseHTTPRequestHandler, HTTPServer, \
8 SimpleHTTPRequestHandler, CGIHTTPRequestHandler
Serhiy Storchakac0a23e62015-03-07 11:51:37 +02009from http import server, HTTPStatus
Georg Brandlb533e262008-05-25 18:19:30 +000010
11import os
12import sys
Senthil Kumaran0f476d42010-09-30 06:09:18 +000013import re
Georg Brandlb533e262008-05-25 18:19:30 +000014import base64
Martin Panterd274b3f2016-04-18 03:45:18 +000015import ntpath
Georg Brandlb533e262008-05-25 18:19:30 +000016import shutil
Pierre Quentel351adda2017-04-02 12:26:12 +020017import email.message
18import email.utils
Serhiy Storchakacb5bc402014-08-17 08:22:11 +030019import html
Georg Brandl24420152008-05-26 16:32:26 +000020import http.client
Pierre Quentel351adda2017-04-02 12:26:12 +020021import urllib.parse
Georg Brandlb533e262008-05-25 18:19:30 +000022import tempfile
Berker Peksag04bc5b92016-03-14 06:06:03 +020023import time
Pierre Quentel351adda2017-04-02 12:26:12 +020024import datetime
Stéphane Wirtela17a2f52017-05-24 09:29:06 +020025from unittest import mock
Senthil Kumaran0f476d42010-09-30 06:09:18 +000026from io import BytesIO
Georg Brandlb533e262008-05-25 18:19:30 +000027
28import unittest
29from test import support
Victor Stinner45df8202010-04-28 22:31:17 +000030threading = support.import_module('threading')
Georg Brandlb533e262008-05-25 18:19:30 +000031
Georg Brandlb533e262008-05-25 18:19:30 +000032class NoLogRequestHandler:
33 def log_message(self, *args):
34 # don't write log messages to stderr
35 pass
36
Barry Warsaw820c1202008-06-12 04:06:45 +000037 def read(self, n=None):
38 return ''
39
Georg Brandlb533e262008-05-25 18:19:30 +000040
41class TestServerThread(threading.Thread):
42 def __init__(self, test_object, request_handler):
43 threading.Thread.__init__(self)
44 self.request_handler = request_handler
45 self.test_object = test_object
Georg Brandlb533e262008-05-25 18:19:30 +000046
47 def run(self):
Antoine Pitroucb342182011-03-21 00:26:51 +010048 self.server = HTTPServer(('localhost', 0), self.request_handler)
49 self.test_object.HOST, self.test_object.PORT = self.server.socket.getsockname()
Antoine Pitrou08911bd2010-04-25 22:19:43 +000050 self.test_object.server_started.set()
51 self.test_object = None
Georg Brandlb533e262008-05-25 18:19:30 +000052 try:
Antoine Pitrou08911bd2010-04-25 22:19:43 +000053 self.server.serve_forever(0.05)
Georg Brandlb533e262008-05-25 18:19:30 +000054 finally:
55 self.server.server_close()
56
57 def stop(self):
58 self.server.shutdown()
59
60
61class BaseTestCase(unittest.TestCase):
62 def setUp(self):
Antoine Pitrou45ebeb82009-10-27 18:52:30 +000063 self._threads = support.threading_setup()
Nick Coghlan6ead5522009-10-18 13:19:33 +000064 os.environ = support.EnvironmentVarGuard()
Antoine Pitrou08911bd2010-04-25 22:19:43 +000065 self.server_started = threading.Event()
Georg Brandlb533e262008-05-25 18:19:30 +000066 self.thread = TestServerThread(self, self.request_handler)
67 self.thread.start()
Antoine Pitrou08911bd2010-04-25 22:19:43 +000068 self.server_started.wait()
Georg Brandlb533e262008-05-25 18:19:30 +000069
70 def tearDown(self):
Georg Brandlb533e262008-05-25 18:19:30 +000071 self.thread.stop()
Antoine Pitrouf7270822012-09-30 01:05:30 +020072 self.thread = None
Nick Coghlan6ead5522009-10-18 13:19:33 +000073 os.environ.__exit__()
Antoine Pitrou45ebeb82009-10-27 18:52:30 +000074 support.threading_cleanup(*self._threads)
Georg Brandlb533e262008-05-25 18:19:30 +000075
76 def request(self, uri, method='GET', body=None, headers={}):
Antoine Pitroucb342182011-03-21 00:26:51 +010077 self.connection = http.client.HTTPConnection(self.HOST, self.PORT)
Georg Brandlb533e262008-05-25 18:19:30 +000078 self.connection.request(method, uri, body, headers)
79 return self.connection.getresponse()
80
81
82class BaseHTTPServerTestCase(BaseTestCase):
83 class request_handler(NoLogRequestHandler, BaseHTTPRequestHandler):
84 protocol_version = 'HTTP/1.1'
85 default_request_version = 'HTTP/1.1'
86
87 def do_TEST(self):
Serhiy Storchakac0a23e62015-03-07 11:51:37 +020088 self.send_response(HTTPStatus.NO_CONTENT)
Georg Brandlb533e262008-05-25 18:19:30 +000089 self.send_header('Content-Type', 'text/html')
90 self.send_header('Connection', 'close')
91 self.end_headers()
92
93 def do_KEEP(self):
Serhiy Storchakac0a23e62015-03-07 11:51:37 +020094 self.send_response(HTTPStatus.NO_CONTENT)
Georg Brandlb533e262008-05-25 18:19:30 +000095 self.send_header('Content-Type', 'text/html')
96 self.send_header('Connection', 'keep-alive')
97 self.end_headers()
98
99 def do_KEYERROR(self):
100 self.send_error(999)
101
Senthil Kumaran52d27202012-10-10 23:16:21 -0700102 def do_NOTFOUND(self):
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200103 self.send_error(HTTPStatus.NOT_FOUND)
Senthil Kumaran52d27202012-10-10 23:16:21 -0700104
Senthil Kumaran26886442013-03-15 07:53:21 -0700105 def do_EXPLAINERROR(self):
106 self.send_error(999, "Short Message",
Martin Panter46f50722016-05-26 05:35:26 +0000107 "This is a long \n explanation")
Senthil Kumaran26886442013-03-15 07:53:21 -0700108
Georg Brandlb533e262008-05-25 18:19:30 +0000109 def do_CUSTOM(self):
110 self.send_response(999)
111 self.send_header('Content-Type', 'text/html')
112 self.send_header('Connection', 'close')
113 self.end_headers()
114
Armin Ronacher8d96d772011-01-22 13:13:05 +0000115 def do_LATINONEHEADER(self):
116 self.send_response(999)
117 self.send_header('X-Special', 'Dängerous Mind')
Armin Ronacher59531282011-01-22 13:44:22 +0000118 self.send_header('Connection', 'close')
Armin Ronacher8d96d772011-01-22 13:13:05 +0000119 self.end_headers()
Armin Ronacher59531282011-01-22 13:44:22 +0000120 body = self.headers['x-special-incoming'].encode('utf-8')
121 self.wfile.write(body)
Armin Ronacher8d96d772011-01-22 13:13:05 +0000122
Martin Pantere42e1292016-06-08 08:29:13 +0000123 def do_SEND_ERROR(self):
124 self.send_error(int(self.path[1:]))
125
126 def do_HEAD(self):
127 self.send_error(int(self.path[1:]))
128
Georg Brandlb533e262008-05-25 18:19:30 +0000129 def setUp(self):
130 BaseTestCase.setUp(self)
Antoine Pitroucb342182011-03-21 00:26:51 +0100131 self.con = http.client.HTTPConnection(self.HOST, self.PORT)
Georg Brandlb533e262008-05-25 18:19:30 +0000132 self.con.connect()
133
134 def test_command(self):
135 self.con.request('GET', '/')
136 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200137 self.assertEqual(res.status, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000138
139 def test_request_line_trimming(self):
140 self.con._http_vsn_str = 'HTTP/1.1\n'
R David Murray14199f92014-06-24 16:39:49 -0400141 self.con.putrequest('XYZBOGUS', '/')
Georg Brandlb533e262008-05-25 18:19:30 +0000142 self.con.endheaders()
143 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200144 self.assertEqual(res.status, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000145
146 def test_version_bogus(self):
147 self.con._http_vsn_str = 'FUBAR'
148 self.con.putrequest('GET', '/')
149 self.con.endheaders()
150 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200151 self.assertEqual(res.status, HTTPStatus.BAD_REQUEST)
Georg Brandlb533e262008-05-25 18:19:30 +0000152
153 def test_version_digits(self):
154 self.con._http_vsn_str = 'HTTP/9.9.9'
155 self.con.putrequest('GET', '/')
156 self.con.endheaders()
157 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200158 self.assertEqual(res.status, HTTPStatus.BAD_REQUEST)
Georg Brandlb533e262008-05-25 18:19:30 +0000159
160 def test_version_none_get(self):
161 self.con._http_vsn_str = ''
162 self.con.putrequest('GET', '/')
163 self.con.endheaders()
164 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200165 self.assertEqual(res.status, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000166
167 def test_version_none(self):
R David Murray14199f92014-06-24 16:39:49 -0400168 # Test that a valid method is rejected when not HTTP/1.x
Georg Brandlb533e262008-05-25 18:19:30 +0000169 self.con._http_vsn_str = ''
R David Murray14199f92014-06-24 16:39:49 -0400170 self.con.putrequest('CUSTOM', '/')
Georg Brandlb533e262008-05-25 18:19:30 +0000171 self.con.endheaders()
172 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200173 self.assertEqual(res.status, HTTPStatus.BAD_REQUEST)
Georg Brandlb533e262008-05-25 18:19:30 +0000174
175 def test_version_invalid(self):
176 self.con._http_vsn = 99
177 self.con._http_vsn_str = 'HTTP/9.9'
178 self.con.putrequest('GET', '/')
179 self.con.endheaders()
180 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200181 self.assertEqual(res.status, HTTPStatus.HTTP_VERSION_NOT_SUPPORTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000182
183 def test_send_blank(self):
184 self.con._http_vsn_str = ''
185 self.con.putrequest('', '')
186 self.con.endheaders()
187 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200188 self.assertEqual(res.status, HTTPStatus.BAD_REQUEST)
Georg Brandlb533e262008-05-25 18:19:30 +0000189
190 def test_header_close(self):
191 self.con.putrequest('GET', '/')
192 self.con.putheader('Connection', 'close')
193 self.con.endheaders()
194 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200195 self.assertEqual(res.status, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000196
Berker Peksag20853612016-08-25 01:13:34 +0300197 def test_header_keep_alive(self):
Georg Brandlb533e262008-05-25 18:19:30 +0000198 self.con._http_vsn_str = 'HTTP/1.1'
199 self.con.putrequest('GET', '/')
200 self.con.putheader('Connection', 'keep-alive')
201 self.con.endheaders()
202 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200203 self.assertEqual(res.status, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000204
205 def test_handler(self):
206 self.con.request('TEST', '/')
207 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200208 self.assertEqual(res.status, HTTPStatus.NO_CONTENT)
Georg Brandlb533e262008-05-25 18:19:30 +0000209
210 def test_return_header_keep_alive(self):
211 self.con.request('KEEP', '/')
212 res = self.con.getresponse()
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000213 self.assertEqual(res.getheader('Connection'), 'keep-alive')
Georg Brandlb533e262008-05-25 18:19:30 +0000214 self.con.request('TEST', '/')
Brian Curtin61d0d602010-10-31 00:34:23 +0000215 self.addCleanup(self.con.close)
Georg Brandlb533e262008-05-25 18:19:30 +0000216
217 def test_internal_key_error(self):
218 self.con.request('KEYERROR', '/')
219 res = self.con.getresponse()
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000220 self.assertEqual(res.status, 999)
Georg Brandlb533e262008-05-25 18:19:30 +0000221
222 def test_return_custom_status(self):
223 self.con.request('CUSTOM', '/')
224 res = self.con.getresponse()
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000225 self.assertEqual(res.status, 999)
Georg Brandlb533e262008-05-25 18:19:30 +0000226
Senthil Kumaran26886442013-03-15 07:53:21 -0700227 def test_return_explain_error(self):
228 self.con.request('EXPLAINERROR', '/')
229 res = self.con.getresponse()
230 self.assertEqual(res.status, 999)
231 self.assertTrue(int(res.getheader('Content-Length')))
232
Armin Ronacher8d96d772011-01-22 13:13:05 +0000233 def test_latin1_header(self):
Armin Ronacher59531282011-01-22 13:44:22 +0000234 self.con.request('LATINONEHEADER', '/', headers={
235 'X-Special-Incoming': 'Ärger mit Unicode'
236 })
Armin Ronacher8d96d772011-01-22 13:13:05 +0000237 res = self.con.getresponse()
238 self.assertEqual(res.getheader('X-Special'), 'Dängerous Mind')
Armin Ronacher59531282011-01-22 13:44:22 +0000239 self.assertEqual(res.read(), 'Ärger mit Unicode'.encode('utf-8'))
Armin Ronacher8d96d772011-01-22 13:13:05 +0000240
Senthil Kumaran52d27202012-10-10 23:16:21 -0700241 def test_error_content_length(self):
242 # Issue #16088: standard error responses should have a content-length
243 self.con.request('NOTFOUND', '/')
244 res = self.con.getresponse()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200245 self.assertEqual(res.status, HTTPStatus.NOT_FOUND)
246
Senthil Kumaran52d27202012-10-10 23:16:21 -0700247 data = res.read()
Senthil Kumaran52d27202012-10-10 23:16:21 -0700248 self.assertEqual(int(res.getheader('Content-Length')), len(data))
249
Martin Pantere42e1292016-06-08 08:29:13 +0000250 def test_send_error(self):
251 allow_transfer_encoding_codes = (HTTPStatus.NOT_MODIFIED,
252 HTTPStatus.RESET_CONTENT)
253 for code in (HTTPStatus.NO_CONTENT, HTTPStatus.NOT_MODIFIED,
254 HTTPStatus.PROCESSING, HTTPStatus.RESET_CONTENT,
255 HTTPStatus.SWITCHING_PROTOCOLS):
256 self.con.request('SEND_ERROR', '/{}'.format(code))
257 res = self.con.getresponse()
258 self.assertEqual(code, res.status)
259 self.assertEqual(None, res.getheader('Content-Length'))
260 self.assertEqual(None, res.getheader('Content-Type'))
261 if code not in allow_transfer_encoding_codes:
262 self.assertEqual(None, res.getheader('Transfer-Encoding'))
263
264 data = res.read()
265 self.assertEqual(b'', data)
266
267 def test_head_via_send_error(self):
268 allow_transfer_encoding_codes = (HTTPStatus.NOT_MODIFIED,
269 HTTPStatus.RESET_CONTENT)
270 for code in (HTTPStatus.OK, HTTPStatus.NO_CONTENT,
271 HTTPStatus.NOT_MODIFIED, HTTPStatus.RESET_CONTENT,
272 HTTPStatus.SWITCHING_PROTOCOLS):
273 self.con.request('HEAD', '/{}'.format(code))
274 res = self.con.getresponse()
275 self.assertEqual(code, res.status)
276 if code == HTTPStatus.OK:
277 self.assertTrue(int(res.getheader('Content-Length')) > 0)
278 self.assertIn('text/html', res.getheader('Content-Type'))
279 else:
280 self.assertEqual(None, res.getheader('Content-Length'))
281 self.assertEqual(None, res.getheader('Content-Type'))
282 if code not in allow_transfer_encoding_codes:
283 self.assertEqual(None, res.getheader('Transfer-Encoding'))
284
285 data = res.read()
286 self.assertEqual(b'', data)
287
Georg Brandlb533e262008-05-25 18:19:30 +0000288
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200289class RequestHandlerLoggingTestCase(BaseTestCase):
290 class request_handler(BaseHTTPRequestHandler):
291 protocol_version = 'HTTP/1.1'
292 default_request_version = 'HTTP/1.1'
293
294 def do_GET(self):
295 self.send_response(HTTPStatus.OK)
296 self.end_headers()
297
298 def do_ERROR(self):
299 self.send_error(HTTPStatus.NOT_FOUND, 'File not found')
300
301 def test_get(self):
302 self.con = http.client.HTTPConnection(self.HOST, self.PORT)
303 self.con.connect()
304
305 with support.captured_stderr() as err:
306 self.con.request('GET', '/')
307 self.con.getresponse()
308
309 self.assertTrue(
310 err.getvalue().endswith('"GET / HTTP/1.1" 200 -\n'))
311
312 def test_err(self):
313 self.con = http.client.HTTPConnection(self.HOST, self.PORT)
314 self.con.connect()
315
316 with support.captured_stderr() as err:
317 self.con.request('ERROR', '/')
318 self.con.getresponse()
319
320 lines = err.getvalue().split('\n')
321 self.assertTrue(lines[0].endswith('code 404, message File not found'))
322 self.assertTrue(lines[1].endswith('"ERROR / HTTP/1.1" 404 -'))
323
324
Georg Brandlb533e262008-05-25 18:19:30 +0000325class SimpleHTTPServerTestCase(BaseTestCase):
326 class request_handler(NoLogRequestHandler, SimpleHTTPRequestHandler):
327 pass
328
329 def setUp(self):
330 BaseTestCase.setUp(self)
331 self.cwd = os.getcwd()
332 basetempdir = tempfile.gettempdir()
333 os.chdir(basetempdir)
334 self.data = b'We are the knights who say Ni!'
335 self.tempdir = tempfile.mkdtemp(dir=basetempdir)
336 self.tempdir_name = os.path.basename(self.tempdir)
Martin Panterfc475a92016-04-09 04:56:10 +0000337 self.base_url = '/' + self.tempdir_name
Victor Stinner28ce07a2017-07-28 18:15:02 +0200338 tempname = os.path.join(self.tempdir, 'test')
339 with open(tempname, 'wb') as temp:
Brett Cannon105df5d2010-10-29 23:43:42 +0000340 temp.write(self.data)
Victor Stinner28ce07a2017-07-28 18:15:02 +0200341 temp.flush()
342 mtime = os.stat(tempname).st_mtime
Pierre Quentel351adda2017-04-02 12:26:12 +0200343 # compute last modification datetime for browser cache tests
344 last_modif = datetime.datetime.fromtimestamp(mtime,
345 datetime.timezone.utc)
346 self.last_modif_datetime = last_modif.replace(microsecond=0)
347 self.last_modif_header = email.utils.formatdate(
348 last_modif.timestamp(), usegmt=True)
Georg Brandlb533e262008-05-25 18:19:30 +0000349
350 def tearDown(self):
351 try:
352 os.chdir(self.cwd)
353 try:
354 shutil.rmtree(self.tempdir)
355 except:
356 pass
357 finally:
358 BaseTestCase.tearDown(self)
359
360 def check_status_and_reason(self, response, status, data=None):
Berker Peksagb5754322015-07-22 19:25:37 +0300361 def close_conn():
362 """Don't close reader yet so we can check if there was leftover
363 buffered input"""
364 nonlocal reader
365 reader = response.fp
366 response.fp = None
367 reader = None
368 response._close_conn = close_conn
369
Georg Brandlb533e262008-05-25 18:19:30 +0000370 body = response.read()
Benjamin Petersonc9c0f202009-06-30 23:06:06 +0000371 self.assertTrue(response)
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000372 self.assertEqual(response.status, status)
373 self.assertIsNotNone(response.reason)
Georg Brandlb533e262008-05-25 18:19:30 +0000374 if data:
375 self.assertEqual(data, body)
Berker Peksagb5754322015-07-22 19:25:37 +0300376 # Ensure the server has not set up a persistent connection, and has
377 # not sent any extra data
378 self.assertEqual(response.version, 10)
379 self.assertEqual(response.msg.get("Connection", "close"), "close")
380 self.assertEqual(reader.read(30), b'', 'Connection should be closed')
381
382 reader.close()
Serhiy Storchakacb5bc402014-08-17 08:22:11 +0300383 return body
384
Ned Deily14183202015-01-05 01:02:30 -0800385 @support.requires_mac_ver(10, 5)
Steve Dowere58571b2016-09-08 11:11:13 -0700386 @unittest.skipIf(sys.platform == 'win32',
387 'undecodable name cannot be decoded on win32')
Serhiy Storchakacb5bc402014-08-17 08:22:11 +0300388 @unittest.skipUnless(support.TESTFN_UNDECODABLE,
389 'need support.TESTFN_UNDECODABLE')
390 def test_undecodable_filename(self):
Serhiy Storchakaa64ce5d2014-08-17 12:20:02 +0300391 enc = sys.getfilesystemencoding()
Serhiy Storchakacb5bc402014-08-17 08:22:11 +0300392 filename = os.fsdecode(support.TESTFN_UNDECODABLE) + '.txt'
393 with open(os.path.join(self.tempdir, filename), 'wb') as f:
394 f.write(support.TESTFN_UNDECODABLE)
Martin Panterfc475a92016-04-09 04:56:10 +0000395 response = self.request(self.base_url + '/')
Serhiy Storchakad9e95282014-08-17 16:57:39 +0300396 if sys.platform == 'darwin':
397 # On Mac OS the HFS+ filesystem replaces bytes that aren't valid
398 # UTF-8 into a percent-encoded value.
399 for name in os.listdir(self.tempdir):
400 if name != 'test': # Ignore a filename created in setUp().
401 filename = name
402 break
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200403 body = self.check_status_and_reason(response, HTTPStatus.OK)
Serhiy Storchakacb5bc402014-08-17 08:22:11 +0300404 quotedname = urllib.parse.quote(filename, errors='surrogatepass')
405 self.assertIn(('href="%s"' % quotedname)
Serhiy Storchakaa64ce5d2014-08-17 12:20:02 +0300406 .encode(enc, 'surrogateescape'), body)
Martin Panterda3bb382016-04-11 00:40:08 +0000407 self.assertIn(('>%s<' % html.escape(filename, quote=False))
Serhiy Storchakaa64ce5d2014-08-17 12:20:02 +0300408 .encode(enc, 'surrogateescape'), body)
Martin Panterfc475a92016-04-09 04:56:10 +0000409 response = self.request(self.base_url + '/' + quotedname)
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200410 self.check_status_and_reason(response, HTTPStatus.OK,
Serhiy Storchakacb5bc402014-08-17 08:22:11 +0300411 data=support.TESTFN_UNDECODABLE)
Georg Brandlb533e262008-05-25 18:19:30 +0000412
413 def test_get(self):
414 #constructs the path relative to the root directory of the HTTPServer
Martin Panterfc475a92016-04-09 04:56:10 +0000415 response = self.request(self.base_url + '/test')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200416 self.check_status_and_reason(response, HTTPStatus.OK, data=self.data)
Senthil Kumaran72c238e2013-09-13 00:21:18 -0700417 # check for trailing "/" which should return 404. See Issue17324
Martin Panterfc475a92016-04-09 04:56:10 +0000418 response = self.request(self.base_url + '/test/')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200419 self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
Martin Panterfc475a92016-04-09 04:56:10 +0000420 response = self.request(self.base_url + '/')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200421 self.check_status_and_reason(response, HTTPStatus.OK)
Martin Panterfc475a92016-04-09 04:56:10 +0000422 response = self.request(self.base_url)
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200423 self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY)
Martin Panterfc475a92016-04-09 04:56:10 +0000424 response = self.request(self.base_url + '/?hi=2')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200425 self.check_status_and_reason(response, HTTPStatus.OK)
Martin Panterfc475a92016-04-09 04:56:10 +0000426 response = self.request(self.base_url + '?hi=1')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200427 self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY)
Benjamin Peterson94cb7a22014-12-26 10:53:43 -0600428 self.assertEqual(response.getheader("Location"),
Martin Panterfc475a92016-04-09 04:56:10 +0000429 self.base_url + "/?hi=1")
Georg Brandlb533e262008-05-25 18:19:30 +0000430 response = self.request('/ThisDoesNotExist')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200431 self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
Georg Brandlb533e262008-05-25 18:19:30 +0000432 response = self.request('/' + 'ThisDoesNotExist' + '/')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200433 self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
Berker Peksagb5754322015-07-22 19:25:37 +0300434
435 data = b"Dummy index file\r\n"
436 with open(os.path.join(self.tempdir_name, 'index.html'), 'wb') as f:
437 f.write(data)
Martin Panterfc475a92016-04-09 04:56:10 +0000438 response = self.request(self.base_url + '/')
Berker Peksagb5754322015-07-22 19:25:37 +0300439 self.check_status_and_reason(response, HTTPStatus.OK, data)
440
441 # chmod() doesn't work as expected on Windows, and filesystem
442 # permissions are ignored by root on Unix.
443 if os.name == 'posix' and os.geteuid() != 0:
444 os.chmod(self.tempdir, 0)
445 try:
Martin Panterfc475a92016-04-09 04:56:10 +0000446 response = self.request(self.base_url + '/')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200447 self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
Berker Peksagb5754322015-07-22 19:25:37 +0300448 finally:
Brett Cannon105df5d2010-10-29 23:43:42 +0000449 os.chmod(self.tempdir, 0o755)
Georg Brandlb533e262008-05-25 18:19:30 +0000450
451 def test_head(self):
452 response = self.request(
Martin Panterfc475a92016-04-09 04:56:10 +0000453 self.base_url + '/test', method='HEAD')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200454 self.check_status_and_reason(response, HTTPStatus.OK)
Georg Brandlb533e262008-05-25 18:19:30 +0000455 self.assertEqual(response.getheader('content-length'),
456 str(len(self.data)))
457 self.assertEqual(response.getheader('content-type'),
458 'application/octet-stream')
459
Pierre Quentel351adda2017-04-02 12:26:12 +0200460 def test_browser_cache(self):
461 """Check that when a request to /test is sent with the request header
462 If-Modified-Since set to date of last modification, the server returns
463 status code 304, not 200
464 """
465 headers = email.message.Message()
466 headers['If-Modified-Since'] = self.last_modif_header
467 response = self.request(self.base_url + '/test', headers=headers)
468 self.check_status_and_reason(response, HTTPStatus.NOT_MODIFIED)
469
470 # one hour after last modification : must return 304
471 new_dt = self.last_modif_datetime + datetime.timedelta(hours=1)
472 headers = email.message.Message()
473 headers['If-Modified-Since'] = email.utils.format_datetime(new_dt,
474 usegmt=True)
475 response = self.request(self.base_url + '/test', headers=headers)
Victor Stinner28ce07a2017-07-28 18:15:02 +0200476 self.check_status_and_reason(response, HTTPStatus.NOT_MODIFIED)
Pierre Quentel351adda2017-04-02 12:26:12 +0200477
478 def test_browser_cache_file_changed(self):
479 # with If-Modified-Since earlier than Last-Modified, must return 200
480 dt = self.last_modif_datetime
481 # build datetime object : 365 days before last modification
482 old_dt = dt - datetime.timedelta(days=365)
483 headers = email.message.Message()
484 headers['If-Modified-Since'] = email.utils.format_datetime(old_dt,
485 usegmt=True)
486 response = self.request(self.base_url + '/test', headers=headers)
487 self.check_status_and_reason(response, HTTPStatus.OK)
488
489 def test_browser_cache_with_If_None_Match_header(self):
490 # if If-None-Match header is present, ignore If-Modified-Since
491
492 headers = email.message.Message()
493 headers['If-Modified-Since'] = self.last_modif_header
494 headers['If-None-Match'] = "*"
495 response = self.request(self.base_url + '/test', headers=headers)
Victor Stinner28ce07a2017-07-28 18:15:02 +0200496 self.check_status_and_reason(response, HTTPStatus.OK)
Pierre Quentel351adda2017-04-02 12:26:12 +0200497
Georg Brandlb533e262008-05-25 18:19:30 +0000498 def test_invalid_requests(self):
499 response = self.request('/', method='FOO')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200500 self.check_status_and_reason(response, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000501 # requests must be case sensitive,so this should fail too
Terry Jan Reedydd09efd2014-10-18 17:10:09 -0400502 response = self.request('/', method='custom')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200503 self.check_status_and_reason(response, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000504 response = self.request('/', method='GETs')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200505 self.check_status_and_reason(response, HTTPStatus.NOT_IMPLEMENTED)
Georg Brandlb533e262008-05-25 18:19:30 +0000506
Pierre Quentel351adda2017-04-02 12:26:12 +0200507 def test_last_modified(self):
508 """Checks that the datetime returned in Last-Modified response header
509 is the actual datetime of last modification, rounded to the second
510 """
511 response = self.request(self.base_url + '/test')
512 self.check_status_and_reason(response, HTTPStatus.OK, data=self.data)
513 last_modif_header = response.headers['Last-modified']
514 self.assertEqual(last_modif_header, self.last_modif_header)
515
Martin Panterfc475a92016-04-09 04:56:10 +0000516 def test_path_without_leading_slash(self):
517 response = self.request(self.tempdir_name + '/test')
518 self.check_status_and_reason(response, HTTPStatus.OK, data=self.data)
519 response = self.request(self.tempdir_name + '/test/')
520 self.check_status_and_reason(response, HTTPStatus.NOT_FOUND)
521 response = self.request(self.tempdir_name + '/')
522 self.check_status_and_reason(response, HTTPStatus.OK)
523 response = self.request(self.tempdir_name)
524 self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY)
525 response = self.request(self.tempdir_name + '/?hi=2')
526 self.check_status_and_reason(response, HTTPStatus.OK)
527 response = self.request(self.tempdir_name + '?hi=1')
528 self.check_status_and_reason(response, HTTPStatus.MOVED_PERMANENTLY)
529 self.assertEqual(response.getheader("Location"),
530 self.tempdir_name + "/?hi=1")
531
Martin Panterda3bb382016-04-11 00:40:08 +0000532 def test_html_escape_filename(self):
533 filename = '<test&>.txt'
534 fullpath = os.path.join(self.tempdir, filename)
535
536 try:
537 open(fullpath, 'w').close()
538 except OSError:
539 raise unittest.SkipTest('Can not create file %s on current file '
540 'system' % filename)
541
542 try:
543 response = self.request(self.base_url + '/')
544 body = self.check_status_and_reason(response, HTTPStatus.OK)
545 enc = response.headers.get_content_charset()
546 finally:
547 os.unlink(fullpath) # avoid affecting test_undecodable_filename
548
549 self.assertIsNotNone(enc)
550 html_text = '>%s<' % html.escape(filename, quote=False)
551 self.assertIn(html_text.encode(enc), body)
552
Georg Brandlb533e262008-05-25 18:19:30 +0000553
554cgi_file1 = """\
555#!%s
556
557print("Content-type: text/html")
558print()
559print("Hello World")
560"""
561
562cgi_file2 = """\
563#!%s
564import cgi
565
566print("Content-type: text/html")
567print()
568
569form = cgi.FieldStorage()
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000570print("%%s, %%s, %%s" %% (form.getfirst("spam"), form.getfirst("eggs"),
571 form.getfirst("bacon")))
Georg Brandlb533e262008-05-25 18:19:30 +0000572"""
573
Martin Pantera02e18a2015-10-03 05:38:07 +0000574cgi_file4 = """\
575#!%s
576import os
577
578print("Content-type: text/html")
579print()
580
581print(os.environ["%s"])
582"""
583
Charles-François Natalif7ed9fc2011-11-02 19:35:14 +0100584
585@unittest.skipIf(hasattr(os, 'geteuid') and os.geteuid() == 0,
586 "This test can't be run reliably as root (issue #13308).")
Georg Brandlb533e262008-05-25 18:19:30 +0000587class CGIHTTPServerTestCase(BaseTestCase):
588 class request_handler(NoLogRequestHandler, CGIHTTPRequestHandler):
589 pass
590
Antoine Pitroue768c392012-08-05 14:52:45 +0200591 linesep = os.linesep.encode('ascii')
592
Georg Brandlb533e262008-05-25 18:19:30 +0000593 def setUp(self):
594 BaseTestCase.setUp(self)
Victor Stinner0b0ca0c2010-10-17 19:46:36 +0000595 self.cwd = os.getcwd()
Georg Brandlb533e262008-05-25 18:19:30 +0000596 self.parent_dir = tempfile.mkdtemp()
597 self.cgi_dir = os.path.join(self.parent_dir, 'cgi-bin')
Ned Deily915a30f2014-07-12 22:06:26 -0700598 self.cgi_child_dir = os.path.join(self.cgi_dir, 'child-dir')
Georg Brandlb533e262008-05-25 18:19:30 +0000599 os.mkdir(self.cgi_dir)
Ned Deily915a30f2014-07-12 22:06:26 -0700600 os.mkdir(self.cgi_child_dir)
Benjamin Peterson35aca892013-10-30 12:48:59 -0400601 self.nocgi_path = None
Victor Stinner0b0ca0c2010-10-17 19:46:36 +0000602 self.file1_path = None
603 self.file2_path = None
Ned Deily915a30f2014-07-12 22:06:26 -0700604 self.file3_path = None
Martin Pantera02e18a2015-10-03 05:38:07 +0000605 self.file4_path = None
Georg Brandlb533e262008-05-25 18:19:30 +0000606
Florent Xiclunafd1b0932010-03-28 00:25:02 +0000607 # The shebang line should be pure ASCII: use symlink if possible.
608 # See issue #7668.
Brian Curtin3b4499c2010-12-28 14:31:47 +0000609 if support.can_symlink():
Florent Xiclunafd1b0932010-03-28 00:25:02 +0000610 self.pythonexe = os.path.join(self.parent_dir, 'python')
611 os.symlink(sys.executable, self.pythonexe)
612 else:
613 self.pythonexe = sys.executable
614
Victor Stinner3218c312010-10-17 20:13:36 +0000615 try:
616 # The python executable path is written as the first line of the
617 # CGI Python script. The encoding cookie cannot be used, and so the
618 # path should be encodable to the default script encoding (utf-8)
619 self.pythonexe.encode('utf-8')
620 except UnicodeEncodeError:
621 self.tearDown()
Serhiy Storchaka0b4591e2013-02-04 15:45:00 +0200622 self.skipTest("Python executable path is not encodable to utf-8")
Victor Stinner3218c312010-10-17 20:13:36 +0000623
Benjamin Peterson04e9de42013-10-30 12:43:09 -0400624 self.nocgi_path = os.path.join(self.parent_dir, 'nocgi.py')
625 with open(self.nocgi_path, 'w') as fp:
626 fp.write(cgi_file1 % self.pythonexe)
627 os.chmod(self.nocgi_path, 0o777)
628
Georg Brandlb533e262008-05-25 18:19:30 +0000629 self.file1_path = os.path.join(self.cgi_dir, 'file1.py')
Victor Stinner6fb45752010-10-17 20:17:41 +0000630 with open(self.file1_path, 'w', encoding='utf-8') as file1:
Florent Xiclunafd1b0932010-03-28 00:25:02 +0000631 file1.write(cgi_file1 % self.pythonexe)
Georg Brandlb533e262008-05-25 18:19:30 +0000632 os.chmod(self.file1_path, 0o777)
633
634 self.file2_path = os.path.join(self.cgi_dir, 'file2.py')
Victor Stinner6fb45752010-10-17 20:17:41 +0000635 with open(self.file2_path, 'w', encoding='utf-8') as file2:
Florent Xiclunafd1b0932010-03-28 00:25:02 +0000636 file2.write(cgi_file2 % self.pythonexe)
Georg Brandlb533e262008-05-25 18:19:30 +0000637 os.chmod(self.file2_path, 0o777)
638
Ned Deily915a30f2014-07-12 22:06:26 -0700639 self.file3_path = os.path.join(self.cgi_child_dir, 'file3.py')
640 with open(self.file3_path, 'w', encoding='utf-8') as file3:
641 file3.write(cgi_file1 % self.pythonexe)
642 os.chmod(self.file3_path, 0o777)
643
Martin Pantera02e18a2015-10-03 05:38:07 +0000644 self.file4_path = os.path.join(self.cgi_dir, 'file4.py')
645 with open(self.file4_path, 'w', encoding='utf-8') as file4:
646 file4.write(cgi_file4 % (self.pythonexe, 'QUERY_STRING'))
647 os.chmod(self.file4_path, 0o777)
648
Georg Brandlb533e262008-05-25 18:19:30 +0000649 os.chdir(self.parent_dir)
650
651 def tearDown(self):
652 try:
653 os.chdir(self.cwd)
Florent Xiclunafd1b0932010-03-28 00:25:02 +0000654 if self.pythonexe != sys.executable:
655 os.remove(self.pythonexe)
Benjamin Peterson35aca892013-10-30 12:48:59 -0400656 if self.nocgi_path:
657 os.remove(self.nocgi_path)
Victor Stinner0b0ca0c2010-10-17 19:46:36 +0000658 if self.file1_path:
659 os.remove(self.file1_path)
660 if self.file2_path:
661 os.remove(self.file2_path)
Ned Deily915a30f2014-07-12 22:06:26 -0700662 if self.file3_path:
663 os.remove(self.file3_path)
Martin Pantera02e18a2015-10-03 05:38:07 +0000664 if self.file4_path:
665 os.remove(self.file4_path)
Ned Deily915a30f2014-07-12 22:06:26 -0700666 os.rmdir(self.cgi_child_dir)
Georg Brandlb533e262008-05-25 18:19:30 +0000667 os.rmdir(self.cgi_dir)
668 os.rmdir(self.parent_dir)
669 finally:
670 BaseTestCase.tearDown(self)
671
Senthil Kumarand70846b2012-04-12 02:34:32 +0800672 def test_url_collapse_path(self):
673 # verify tail is the last portion and head is the rest on proper urls
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000674 test_vectors = {
Senthil Kumarand70846b2012-04-12 02:34:32 +0800675 '': '//',
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000676 '..': IndexError,
677 '/.//..': IndexError,
Senthil Kumarand70846b2012-04-12 02:34:32 +0800678 '/': '//',
679 '//': '//',
680 '/\\': '//\\',
681 '/.//': '//',
682 'cgi-bin/file1.py': '/cgi-bin/file1.py',
683 '/cgi-bin/file1.py': '/cgi-bin/file1.py',
684 'a': '//a',
685 '/a': '//a',
686 '//a': '//a',
687 './a': '//a',
688 './C:/': '/C:/',
689 '/a/b': '/a/b',
690 '/a/b/': '/a/b/',
691 '/a/b/.': '/a/b/',
692 '/a/b/c/..': '/a/b/',
693 '/a/b/c/../d': '/a/b/d',
694 '/a/b/c/../d/e/../f': '/a/b/d/f',
695 '/a/b/c/../d/e/../../f': '/a/b/f',
696 '/a/b/c/../d/e/.././././..//f': '/a/b/f',
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000697 '../a/b/c/../d/e/.././././..//f': IndexError,
Senthil Kumarand70846b2012-04-12 02:34:32 +0800698 '/a/b/c/../d/e/../../../f': '/a/f',
699 '/a/b/c/../d/e/../../../../f': '//f',
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000700 '/a/b/c/../d/e/../../../../../f': IndexError,
Senthil Kumarand70846b2012-04-12 02:34:32 +0800701 '/a/b/c/../d/e/../../../../f/..': '//',
702 '/a/b/c/../d/e/../../../../f/../.': '//',
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000703 }
704 for path, expected in test_vectors.items():
705 if isinstance(expected, type) and issubclass(expected, Exception):
706 self.assertRaises(expected,
Senthil Kumarand70846b2012-04-12 02:34:32 +0800707 server._url_collapse_path, path)
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000708 else:
Senthil Kumarand70846b2012-04-12 02:34:32 +0800709 actual = server._url_collapse_path(path)
Florent Xicluna9b86b9a2010-03-19 19:00:44 +0000710 self.assertEqual(expected, actual,
711 msg='path = %r\nGot: %r\nWanted: %r' %
712 (path, actual, expected))
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000713
Georg Brandlb533e262008-05-25 18:19:30 +0000714 def test_headers_and_content(self):
715 res = self.request('/cgi-bin/file1.py')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200716 self.assertEqual(
717 (res.read(), res.getheader('Content-type'), res.status),
718 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK))
Georg Brandlb533e262008-05-25 18:19:30 +0000719
Benjamin Peterson04e9de42013-10-30 12:43:09 -0400720 def test_issue19435(self):
721 res = self.request('///////////nocgi.py/../cgi-bin/nothere.sh')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200722 self.assertEqual(res.status, HTTPStatus.NOT_FOUND)
Benjamin Peterson04e9de42013-10-30 12:43:09 -0400723
Georg Brandlb533e262008-05-25 18:19:30 +0000724 def test_post(self):
Jeremy Hylton1afc1692008-06-18 20:49:58 +0000725 params = urllib.parse.urlencode(
726 {'spam' : 1, 'eggs' : 'python', 'bacon' : 123456})
Georg Brandlb533e262008-05-25 18:19:30 +0000727 headers = {'Content-type' : 'application/x-www-form-urlencoded'}
728 res = self.request('/cgi-bin/file2.py', 'POST', params, headers)
729
Antoine Pitroue768c392012-08-05 14:52:45 +0200730 self.assertEqual(res.read(), b'1, python, 123456' + self.linesep)
Georg Brandlb533e262008-05-25 18:19:30 +0000731
732 def test_invaliduri(self):
733 res = self.request('/cgi-bin/invalid')
734 res.read()
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200735 self.assertEqual(res.status, HTTPStatus.NOT_FOUND)
Georg Brandlb533e262008-05-25 18:19:30 +0000736
737 def test_authorization(self):
738 headers = {b'Authorization' : b'Basic ' +
739 base64.b64encode(b'username:pass')}
740 res = self.request('/cgi-bin/file1.py', 'GET', headers=headers)
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200741 self.assertEqual(
742 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK),
743 (res.read(), res.getheader('Content-type'), res.status))
Georg Brandlb533e262008-05-25 18:19:30 +0000744
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000745 def test_no_leading_slash(self):
746 # http://bugs.python.org/issue2254
747 res = self.request('cgi-bin/file1.py')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200748 self.assertEqual(
749 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK),
750 (res.read(), res.getheader('Content-type'), res.status))
Benjamin Petersonad71f0f2009-04-11 20:12:10 +0000751
Senthil Kumaran42713722010-10-03 17:55:45 +0000752 def test_os_environ_is_not_altered(self):
753 signature = "Test CGI Server"
754 os.environ['SERVER_SOFTWARE'] = signature
755 res = self.request('/cgi-bin/file1.py')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200756 self.assertEqual(
757 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK),
758 (res.read(), res.getheader('Content-type'), res.status))
Senthil Kumaran42713722010-10-03 17:55:45 +0000759 self.assertEqual(os.environ['SERVER_SOFTWARE'], signature)
760
Benjamin Peterson73b8b1c2014-06-14 18:36:29 -0700761 def test_urlquote_decoding_in_cgi_check(self):
762 res = self.request('/cgi-bin%2ffile1.py')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200763 self.assertEqual(
764 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK),
765 (res.read(), res.getheader('Content-type'), res.status))
Benjamin Peterson73b8b1c2014-06-14 18:36:29 -0700766
Ned Deily915a30f2014-07-12 22:06:26 -0700767 def test_nested_cgi_path_issue21323(self):
768 res = self.request('/cgi-bin/child-dir/file3.py')
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200769 self.assertEqual(
770 (b'Hello World' + self.linesep, 'text/html', HTTPStatus.OK),
771 (res.read(), res.getheader('Content-type'), res.status))
Ned Deily915a30f2014-07-12 22:06:26 -0700772
Martin Pantera02e18a2015-10-03 05:38:07 +0000773 def test_query_with_multiple_question_mark(self):
774 res = self.request('/cgi-bin/file4.py?a=b?c=d')
775 self.assertEqual(
Martin Pantereb1fee92015-10-03 06:07:22 +0000776 (b'a=b?c=d' + self.linesep, 'text/html', HTTPStatus.OK),
Martin Pantera02e18a2015-10-03 05:38:07 +0000777 (res.read(), res.getheader('Content-type'), res.status))
778
Martin Pantercb29e8c2015-10-03 05:55:46 +0000779 def test_query_with_continuous_slashes(self):
780 res = self.request('/cgi-bin/file4.py?k=aa%2F%2Fbb&//q//p//=//a//b//')
781 self.assertEqual(
782 (b'k=aa%2F%2Fbb&//q//p//=//a//b//' + self.linesep,
Martin Pantereb1fee92015-10-03 06:07:22 +0000783 'text/html', HTTPStatus.OK),
Martin Pantercb29e8c2015-10-03 05:55:46 +0000784 (res.read(), res.getheader('Content-type'), res.status))
785
Georg Brandlb533e262008-05-25 18:19:30 +0000786
Georg Brandl6fcac0d2010-08-02 18:56:54 +0000787class SocketlessRequestHandler(SimpleHTTPRequestHandler):
Stéphane Wirtela17a2f52017-05-24 09:29:06 +0200788 def __init__(self, *args, **kwargs):
789 request = mock.Mock()
790 request.makefile.return_value = BytesIO()
791 super().__init__(request, None, None)
792
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000793 self.get_called = False
794 self.protocol_version = "HTTP/1.1"
795
796 def do_GET(self):
797 self.get_called = True
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200798 self.send_response(HTTPStatus.OK)
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000799 self.send_header('Content-Type', 'text/html')
800 self.end_headers()
801 self.wfile.write(b'<html><body>Data</body></html>\r\n')
802
803 def log_message(self, format, *args):
Georg Brandl6fcac0d2010-08-02 18:56:54 +0000804 pass
805
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000806class RejectingSocketlessRequestHandler(SocketlessRequestHandler):
807 def handle_expect_100(self):
Serhiy Storchakac0a23e62015-03-07 11:51:37 +0200808 self.send_error(HTTPStatus.EXPECTATION_FAILED)
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000809 return False
810
Senthil Kumaranc7ae19b2011-05-09 23:25:02 +0800811
812class AuditableBytesIO:
813
814 def __init__(self):
815 self.datas = []
816
817 def write(self, data):
818 self.datas.append(data)
819
820 def getData(self):
821 return b''.join(self.datas)
822
823 @property
824 def numWrites(self):
825 return len(self.datas)
826
827
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000828class BaseHTTPRequestHandlerTestCase(unittest.TestCase):
Ezio Melotti3b3499b2011-03-16 11:35:38 +0200829 """Test the functionality of the BaseHTTPServer.
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000830
831 Test the support for the Expect 100-continue header.
832 """
833
834 HTTPResponseMatch = re.compile(b'HTTP/1.[0-9]+ 200 OK')
835
836 def setUp (self):
837 self.handler = SocketlessRequestHandler()
838
839 def send_typical_request(self, message):
840 input = BytesIO(message)
841 output = BytesIO()
842 self.handler.rfile = input
843 self.handler.wfile = output
844 self.handler.handle_one_request()
845 output.seek(0)
846 return output.readlines()
847
848 def verify_get_called(self):
849 self.assertTrue(self.handler.get_called)
850
851 def verify_expected_headers(self, headers):
852 for fieldName in b'Server: ', b'Date: ', b'Content-Type: ':
853 self.assertEqual(sum(h.startswith(fieldName) for h in headers), 1)
854
855 def verify_http_server_response(self, response):
856 match = self.HTTPResponseMatch.search(response)
Serhiy Storchaka25d8aea2014-02-08 14:50:08 +0200857 self.assertIsNotNone(match)
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000858
859 def test_http_1_1(self):
860 result = self.send_typical_request(b'GET / HTTP/1.1\r\n\r\n')
861 self.verify_http_server_response(result[0])
862 self.verify_expected_headers(result[1:-1])
863 self.verify_get_called()
864 self.assertEqual(result[-1], b'<html><body>Data</body></html>\r\n')
Benjamin Peterson70e28472015-02-17 21:11:10 -0500865 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
866 self.assertEqual(self.handler.command, 'GET')
867 self.assertEqual(self.handler.path, '/')
868 self.assertEqual(self.handler.request_version, 'HTTP/1.1')
869 self.assertSequenceEqual(self.handler.headers.items(), ())
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000870
871 def test_http_1_0(self):
872 result = self.send_typical_request(b'GET / HTTP/1.0\r\n\r\n')
873 self.verify_http_server_response(result[0])
874 self.verify_expected_headers(result[1:-1])
875 self.verify_get_called()
876 self.assertEqual(result[-1], b'<html><body>Data</body></html>\r\n')
Benjamin Peterson70e28472015-02-17 21:11:10 -0500877 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.0')
878 self.assertEqual(self.handler.command, 'GET')
879 self.assertEqual(self.handler.path, '/')
880 self.assertEqual(self.handler.request_version, 'HTTP/1.0')
881 self.assertSequenceEqual(self.handler.headers.items(), ())
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000882
883 def test_http_0_9(self):
884 result = self.send_typical_request(b'GET / HTTP/0.9\r\n\r\n')
885 self.assertEqual(len(result), 1)
886 self.assertEqual(result[0], b'<html><body>Data</body></html>\r\n')
887 self.verify_get_called()
888
Martin Pantere82338d2016-11-19 01:06:37 +0000889 def test_extra_space(self):
890 result = self.send_typical_request(
891 b'GET /spaced out HTTP/1.1\r\n'
892 b'Host: dummy\r\n'
893 b'\r\n'
894 )
895 self.assertTrue(result[0].startswith(b'HTTP/1.1 400 '))
896 self.verify_expected_headers(result[1:result.index(b'\r\n')])
897 self.assertFalse(self.handler.get_called)
898
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000899 def test_with_continue_1_0(self):
900 result = self.send_typical_request(b'GET / HTTP/1.0\r\nExpect: 100-continue\r\n\r\n')
901 self.verify_http_server_response(result[0])
902 self.verify_expected_headers(result[1:-1])
903 self.verify_get_called()
904 self.assertEqual(result[-1], b'<html><body>Data</body></html>\r\n')
Benjamin Peterson70e28472015-02-17 21:11:10 -0500905 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.0')
906 self.assertEqual(self.handler.command, 'GET')
907 self.assertEqual(self.handler.path, '/')
908 self.assertEqual(self.handler.request_version, 'HTTP/1.0')
909 headers = (("Expect", "100-continue"),)
910 self.assertSequenceEqual(self.handler.headers.items(), headers)
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000911
912 def test_with_continue_1_1(self):
913 result = self.send_typical_request(b'GET / HTTP/1.1\r\nExpect: 100-continue\r\n\r\n')
914 self.assertEqual(result[0], b'HTTP/1.1 100 Continue\r\n')
Benjamin Peterson04424232014-01-18 21:50:18 -0500915 self.assertEqual(result[1], b'\r\n')
916 self.assertEqual(result[2], b'HTTP/1.1 200 OK\r\n')
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000917 self.verify_expected_headers(result[2:-1])
918 self.verify_get_called()
919 self.assertEqual(result[-1], b'<html><body>Data</body></html>\r\n')
Benjamin Peterson70e28472015-02-17 21:11:10 -0500920 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
921 self.assertEqual(self.handler.command, 'GET')
922 self.assertEqual(self.handler.path, '/')
923 self.assertEqual(self.handler.request_version, 'HTTP/1.1')
924 headers = (("Expect", "100-continue"),)
925 self.assertSequenceEqual(self.handler.headers.items(), headers)
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000926
Senthil Kumaranc7ae19b2011-05-09 23:25:02 +0800927 def test_header_buffering_of_send_error(self):
Senthil Kumarane4dad4f2010-11-21 14:36:14 +0000928
929 input = BytesIO(b'GET / HTTP/1.1\r\n\r\n')
Senthil Kumaranc7ae19b2011-05-09 23:25:02 +0800930 output = AuditableBytesIO()
931 handler = SocketlessRequestHandler()
932 handler.rfile = input
933 handler.wfile = output
934 handler.request_version = 'HTTP/1.1'
935 handler.requestline = ''
936 handler.command = None
Senthil Kumarane4dad4f2010-11-21 14:36:14 +0000937
Senthil Kumaranc7ae19b2011-05-09 23:25:02 +0800938 handler.send_error(418)
939 self.assertEqual(output.numWrites, 2)
940
941 def test_header_buffering_of_send_response_only(self):
942
943 input = BytesIO(b'GET / HTTP/1.1\r\n\r\n')
944 output = AuditableBytesIO()
945 handler = SocketlessRequestHandler()
946 handler.rfile = input
947 handler.wfile = output
948 handler.request_version = 'HTTP/1.1'
949
950 handler.send_response_only(418)
951 self.assertEqual(output.numWrites, 0)
952 handler.end_headers()
953 self.assertEqual(output.numWrites, 1)
954
955 def test_header_buffering_of_send_header(self):
956
957 input = BytesIO(b'GET / HTTP/1.1\r\n\r\n')
958 output = AuditableBytesIO()
959 handler = SocketlessRequestHandler()
960 handler.rfile = input
961 handler.wfile = output
962 handler.request_version = 'HTTP/1.1'
963
964 handler.send_header('Foo', 'foo')
965 handler.send_header('bar', 'bar')
966 self.assertEqual(output.numWrites, 0)
967 handler.end_headers()
968 self.assertEqual(output.getData(), b'Foo: foo\r\nbar: bar\r\n\r\n')
969 self.assertEqual(output.numWrites, 1)
Senthil Kumarane4dad4f2010-11-21 14:36:14 +0000970
971 def test_header_unbuffered_when_continue(self):
972
973 def _readAndReseek(f):
974 pos = f.tell()
975 f.seek(0)
976 data = f.read()
977 f.seek(pos)
978 return data
979
980 input = BytesIO(b'GET / HTTP/1.1\r\nExpect: 100-continue\r\n\r\n')
981 output = BytesIO()
982 self.handler.rfile = input
983 self.handler.wfile = output
984 self.handler.request_version = 'HTTP/1.1'
985
986 self.handler.handle_one_request()
987 self.assertNotEqual(_readAndReseek(output), b'')
988 result = _readAndReseek(output).split(b'\r\n')
989 self.assertEqual(result[0], b'HTTP/1.1 100 Continue')
Benjamin Peterson04424232014-01-18 21:50:18 -0500990 self.assertEqual(result[1], b'')
991 self.assertEqual(result[2], b'HTTP/1.1 200 OK')
Senthil Kumarane4dad4f2010-11-21 14:36:14 +0000992
Senthil Kumaran0f476d42010-09-30 06:09:18 +0000993 def test_with_continue_rejected(self):
994 usual_handler = self.handler # Save to avoid breaking any subsequent tests.
995 self.handler = RejectingSocketlessRequestHandler()
996 result = self.send_typical_request(b'GET / HTTP/1.1\r\nExpect: 100-continue\r\n\r\n')
997 self.assertEqual(result[0], b'HTTP/1.1 417 Expectation Failed\r\n')
998 self.verify_expected_headers(result[1:-1])
999 # The expect handler should short circuit the usual get method by
1000 # returning false here, so get_called should be false
1001 self.assertFalse(self.handler.get_called)
1002 self.assertEqual(sum(r == b'Connection: close\r\n' for r in result[1:-1]), 1)
1003 self.handler = usual_handler # Restore to avoid breaking any subsequent tests.
1004
Antoine Pitrouc4924372010-12-16 16:48:36 +00001005 def test_request_length(self):
1006 # Issue #10714: huge request lines are discarded, to avoid Denial
1007 # of Service attacks.
1008 result = self.send_typical_request(b'GET ' + b'x' * 65537)
1009 self.assertEqual(result[0], b'HTTP/1.1 414 Request-URI Too Long\r\n')
1010 self.assertFalse(self.handler.get_called)
Benjamin Peterson70e28472015-02-17 21:11:10 -05001011 self.assertIsInstance(self.handler.requestline, str)
Senthil Kumaran0f476d42010-09-30 06:09:18 +00001012
Senthil Kumaran5466bf12010-12-18 16:55:23 +00001013 def test_header_length(self):
1014 # Issue #6791: same for headers
1015 result = self.send_typical_request(
1016 b'GET / HTTP/1.1\r\nX-Foo: bar' + b'r' * 65537 + b'\r\n\r\n')
Martin Panter50badad2016-04-03 01:28:53 +00001017 self.assertEqual(result[0], b'HTTP/1.1 431 Line too long\r\n')
Senthil Kumaran5466bf12010-12-18 16:55:23 +00001018 self.assertFalse(self.handler.get_called)
Benjamin Peterson70e28472015-02-17 21:11:10 -05001019 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
1020
Martin Panteracc03192016-04-03 00:45:46 +00001021 def test_too_many_headers(self):
1022 result = self.send_typical_request(
1023 b'GET / HTTP/1.1\r\n' + b'X-Foo: bar\r\n' * 101 + b'\r\n')
1024 self.assertEqual(result[0], b'HTTP/1.1 431 Too many headers\r\n')
1025 self.assertFalse(self.handler.get_called)
1026 self.assertEqual(self.handler.requestline, 'GET / HTTP/1.1')
1027
Martin Panterda3bb382016-04-11 00:40:08 +00001028 def test_html_escape_on_error(self):
1029 result = self.send_typical_request(
1030 b'<script>alert("hello")</script> / HTTP/1.1')
1031 result = b''.join(result)
1032 text = '<script>alert("hello")</script>'
1033 self.assertIn(html.escape(text, quote=False).encode('ascii'), result)
1034
Benjamin Peterson70e28472015-02-17 21:11:10 -05001035 def test_close_connection(self):
1036 # handle_one_request() should be repeatedly called until
1037 # it sets close_connection
1038 def handle_one_request():
1039 self.handler.close_connection = next(close_values)
1040 self.handler.handle_one_request = handle_one_request
1041
1042 close_values = iter((True,))
1043 self.handler.handle()
1044 self.assertRaises(StopIteration, next, close_values)
1045
1046 close_values = iter((False, False, True))
1047 self.handler.handle()
1048 self.assertRaises(StopIteration, next, close_values)
Senthil Kumaran5466bf12010-12-18 16:55:23 +00001049
Berker Peksag04bc5b92016-03-14 06:06:03 +02001050 def test_date_time_string(self):
1051 now = time.time()
1052 # this is the old code that formats the timestamp
1053 year, month, day, hh, mm, ss, wd, y, z = time.gmtime(now)
1054 expected = "%s, %02d %3s %4d %02d:%02d:%02d GMT" % (
1055 self.handler.weekdayname[wd],
1056 day,
1057 self.handler.monthname[month],
1058 year, hh, mm, ss
1059 )
1060 self.assertEqual(self.handler.date_time_string(timestamp=now), expected)
1061
1062
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001063class SimpleHTTPRequestHandlerTestCase(unittest.TestCase):
1064 """ Test url parsing """
1065 def setUp(self):
1066 self.translated = os.getcwd()
1067 self.translated = os.path.join(self.translated, 'filename')
1068 self.handler = SocketlessRequestHandler()
1069
1070 def test_query_arguments(self):
1071 path = self.handler.translate_path('/filename')
1072 self.assertEqual(path, self.translated)
1073 path = self.handler.translate_path('/filename?foo=bar')
1074 self.assertEqual(path, self.translated)
1075 path = self.handler.translate_path('/filename?a=b&spam=eggs#zot')
1076 self.assertEqual(path, self.translated)
1077
1078 def test_start_with_double_slash(self):
1079 path = self.handler.translate_path('//filename')
1080 self.assertEqual(path, self.translated)
1081 path = self.handler.translate_path('//filename?foo=bar')
1082 self.assertEqual(path, self.translated)
1083
Martin Panterd274b3f2016-04-18 03:45:18 +00001084 def test_windows_colon(self):
1085 with support.swap_attr(server.os, 'path', ntpath):
1086 path = self.handler.translate_path('c:c:c:foo/filename')
1087 path = path.replace(ntpath.sep, os.sep)
1088 self.assertEqual(path, self.translated)
1089
1090 path = self.handler.translate_path('\\c:../filename')
1091 path = path.replace(ntpath.sep, os.sep)
1092 self.assertEqual(path, self.translated)
1093
1094 path = self.handler.translate_path('c:\\c:..\\foo/filename')
1095 path = path.replace(ntpath.sep, os.sep)
1096 self.assertEqual(path, self.translated)
1097
1098 path = self.handler.translate_path('c:c:foo\\c:c:bar/filename')
1099 path = path.replace(ntpath.sep, os.sep)
1100 self.assertEqual(path, self.translated)
1101
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001102
Berker Peksag366c5702015-02-13 20:48:15 +02001103class MiscTestCase(unittest.TestCase):
1104 def test_all(self):
1105 expected = []
1106 blacklist = {'executable', 'nobody_uid', 'test'}
1107 for name in dir(server):
1108 if name.startswith('_') or name in blacklist:
1109 continue
1110 module_object = getattr(server, name)
1111 if getattr(module_object, '__module__', None) == 'http.server':
1112 expected.append(name)
1113 self.assertCountEqual(server.__all__, expected)
1114
1115
Georg Brandlb533e262008-05-25 18:19:30 +00001116def test_main(verbose=None):
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001117 cwd = os.getcwd()
Georg Brandlb533e262008-05-25 18:19:30 +00001118 try:
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001119 support.run_unittest(
Serhiy Storchakac0a23e62015-03-07 11:51:37 +02001120 RequestHandlerLoggingTestCase,
Senthil Kumaran0f476d42010-09-30 06:09:18 +00001121 BaseHTTPRequestHandlerTestCase,
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001122 BaseHTTPServerTestCase,
1123 SimpleHTTPServerTestCase,
1124 CGIHTTPServerTestCase,
1125 SimpleHTTPRequestHandlerTestCase,
Berker Peksag366c5702015-02-13 20:48:15 +02001126 MiscTestCase,
Georg Brandl6fcac0d2010-08-02 18:56:54 +00001127 )
Georg Brandlb533e262008-05-25 18:19:30 +00001128 finally:
1129 os.chdir(cwd)
1130
1131if __name__ == '__main__':
1132 test_main()