AҐix_ddlmZddlZddlZddlZddlZddlmZmZm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZddl mZmZmZddl mZddlmZmZdZGd d eZGd d eZ Gd deZ!dZ"dZ#dZ$dZ%ejLdejNe%zZ(ejLdZ)ejLdZ*ejLdZ+dZ,GddZ-Gdde-Z.y))IntEnumN) ChunkedReader LengthReader EOFReaderBody) InvalidHeaderInvalidHeaderName NoMoreDataInvalidRequestLineInvalidRequestMethodInvalidHTTPVersionLimitRequestLineLimitRequestHeadersUnsupportedTransferCodingObsoleteFoldingExpectationFailed)InvalidProxyLineInvalidProxyHeaderForbiddenProxyRequest)InvalidSchemeHeaders) bytes_to_strsplit_request_uris QUIT ceZdZdZdZdZy) PPCommandzPROXY protocol v2 commands.rN)__name__ __module__ __qualname____doc__LOCALPROXYN/var/www/descvideos/venv/lib/python3.12/site-packages/gunicorn/http/message.pyrrs% E Er#rc eZdZdZdZdZdZdZy)PPFamilyz#PROXY protocol v2 address families.rrN)rrrrUNSPECINETINET6UNIXr"r#r$r&r&"s- F D E Dr#r&ceZdZdZdZdZdZy) PPProtocolz&PROXY protocol v2 transport protocols.rrr'N)rrrrr)STREAMDGRAMr"r#r$r.r.*s0 F F Er#r.iiz!#$%&'*+-.^_`|~z[%s0-9a-zA-Z]+z[a-z#]zHTTP/(\d)\.(\d)z[\0\r\n]crd|vry tj|}|D]}||vsyy#t$rYywxYw)zCheck if IP address is in the allow list. Args: ip_str: The IP address string to check allow_list: The original allow list (strings, may contain "*") networks: Pre-computed ipaddress.ip_network objects from config *TF) ipaddress ip_address ValueError)ip_str allow_listnetworksipnetworks r$_ip_in_allow_listr;>sX j  ! !& ) =  s * 66c2eZdZdZdZdZddZdZdZy) Messagect||_||_||_||_d|_g|_g|_d|_|jrdnd|_ d|_ d|_ |j|_ |jdks|jtkDr t|_ |j|_|jdkr t|_|jxst}|j|dzzdz|_|j#|j}|jj%||j'y)NhttpshttpFrr')cfgunreader peer_addr remote_addrversionheaderstrailersbodyis_sslscheme must_close_expected_100_continuelimit_request_fields MAX_HEADERSlimit_request_field_sizeDEFAULT_MAX_HEADERFIELD_SIZEmax_buffer_headersparseunreadset_body_reader)selfrBrCrDmax_header_field_sizeunuseds r$__init__zMessage.__init__Ss  "$    !$g &+#%($<$<!  % % *,,{:(3D %(+(D(D%  ( (1 ,,HD )!% = = ]A]"&";"; "Q &#(*+#,DMM* V$ r#cd|_y)NT)rLrVs r$ force_closezMessage.force_closers r#ctN)NotImplementedError)rVrCs r$rSz Message.parseus !##r#c|j}g}|jdDcgc] }t|}}d}i}g} |rndt|jt r2t |jd|j|jr|j}|j} |rt||jk\r td|jd} t| tdz} | jddkr t!| | jdd\} } |jj"r| j%d} t&j)| s t+| | j-} | j/dg} |r|dj1d r|jj2s t5| |jd} | t| tdzz } | |j6cxkDrdkDr td | j9| j/d |r|dj1d rd j;| } t<j?| r t!| | |j6cxkDrdkDr td |s;| d k(r6| jAdk(r|jBdkrnd|_"n tG| | |vr2| || k(}|rdnd}|r||jHk7rtKd}||_$d| vrI| | vsd| vrn@|jjLdk(rn&|jjLdk(rt+| |j9| | f|r|Scc}w)N Frzlimit request headers fieldsz :r )  z!limit request headers fields sizez rdEXPECTz 100-continuerrTr?r@_r2 dangerousdrop)'rBsplitr isinstancerDtupler;forwarded_allow_ipsforwarded_allow_networkssecure_scheme_headersforwarder_headerslenrNrpopfindrstrip_header_spacesrstripTOKEN_RE fullmatchr upperstrip startswithpermit_obsolete_foldingrrPappendjoin!RFC9110_5_5_INVALID_AND_DANGEROUSsearchlowerrFrMrrKr header_map)rVdata from_trailerrBrGlinelines scheme_headerrprqcurr header_lengthnamevaluesecurerKs r$ parse_headerszMessage.parse_headersxs[hh15 70CDd#DD "  T^^U3"4>>!#4c6M6M#&#?#?#AC$'$=$= ! # 5 5 7|t888)*HII99Q#D))t<<@q@)*MNNA DH$4;;=N2||f,6:3,E22,,"7"==$* ,244$(M"(DKd{,,7H0HXX((K7XX((F2,D11 NND%= )orWEsM3cd}d}|jD]\}}|dk(r| td||}|dk(s#|jdDcgc]}|j}}|D]}|j dk(r|r td|d}(|j dk(r|s>td||j d vr |r td||j }t ||rP|jd kr td|| td|tt||j|_ y|k t|jr t|}n td| |d kr td|tt!|j||_ ytt#|j|_ ycc}w#t$rtd|wxYw) NFzCONTENT-LENGTH)reqzTRANSFER-ENCODING,chunkedTidentity)compressdeflategziprgr)rGrrkrzrr\rrFrrrCrIstr isnumericintr5rr)rVrcontent_lengthrrvvalsvals r$rUzMessage.set_body_readers!\\ ?MT5''!-'(8dCC!&,,,1;;s+;>#? ?8 ||f$#$7TBB)$$4$??]4?@DI  ' @~&002%(%8N'(8dCC# !#$4$??\$--HIDIYt}}56DI]=L @#$4$?? @sG2GG,c|jry|jD]9\}}|dk(s |jjd}|dk(ry|dk(ryn|jdkS)NT CONNECTIONrcclosez keep-aliveFrr)rLrGrrzrF)rVhrs r$ should_closezMessage.should_close&sh ??ll FQL GGIOOE*<,&  ||v%%r#NF) rrrrYr\rSrrUrr"r#r$r=r=Rs#>$pd:7x &r#r=cleZdZd fd ZddZdZddZddZdZdZ dZ d Z d Z d Z fd ZxZS)Requestcd|_d|_d|_d|_d|_|j |_|j dks|j t k\r t |_||_d|_t|)|||yNr) methoduripathqueryfragmentlimit_request_lineMAX_REQUEST_LINE req_numberproxy_protocol_infosuperrY)rVrBrCrDr __class__s r$rYzRequest.__init__5s{    #&"8"8  # #a '**.>>&6D #$#'  h 2r#c|j}|s%|r tt|j|j |yr^)read StopIterationr getvaluewriterVrCbufstoprs r$get_datazRequest.get_dataFs7}}#o%S\\^, , $r#ct}|j||d|jj}|dk7r"|jdk(r|j |||}|j |||j\}}|j|t|}|dddk(} |jd}|dddk(}|dkrB|s@|j||t|}t||jkDr td nb|r|jj|ddy |j!|d|d |_||d zd}|S)NT)roffrr'ras rzmax buffer headersr#F)rrA) bytearray read_intorBproxy_protocolr_handle_proxy_protocol read_linerparse_request_linebytesrtrrrRrrCrTrrG) rVrCrmoderrdoneidxrets r$rSz Request.parseNsQk x40xx&& 5=T__1--hTBCNN8S$2I2IJ c %SzBQx7"))K(C8w&DQwtx-Szt9t666-.BCC  MM ab *))$t*5)I 378n r#c|j}|s |r ttt||j |y)z7Read data from unreader and append to bytearray buffer.N)rrr rextendrs r$rzRequest.read_intous6}}#o%U3Z( ( 4r#cBt|} |jd}|dk\r||cxkDrdkDrnn t||nMt|dz |cxkDrdkDrnntt|||j ||t|}~|d|t ||dzdfS)z !c#2h/&A  , , .003? ? > !c"1g&:  , , .003? ? r#ct|jtr_t|jd|jj |jj st|jdyy)z2Check if proxy protocol is allowed from this peer.rN)rlrDrmr;rBproxy_allow_ipsproxy_allow_networksrr[s r$rz#Request.proxy_protocol_access_checks_ t~~u -%dnnQ&79Q9Q&*hh&C&C&EG'q(9: :G .r#ct|}d|vr"|j||t|}d|vr"|jd}t|d|}t ||dzd}|j d}t |dk7r t||d}|d} |d} |dvrtd |z|d k(rJ tjtj| tjtj| nN|d k(rI tjtj| tjtj|  t|d } t|d } d| cxkrdkrnn d| cxkrdksntd|z|| | | | d|_|S#t$r t|wxYw#t$r t|wxYw#t$rtd|zwxYw)z`Parse PROXY protocol v1 (text format). Returns buffer with v1 header consumed. raNr'rdrrr()TCP4TCP6zprotocol '%s' not supportedrrrAzinvalid port %srir client_addr client_port proxy_addr proxy_port)rrrtrrrkrrrsocket inet_ptonAF_INETOSErrorAF_INET6rr5r) rVrCrrrr remainingbitsprotos_addrd_addrs_portd_ports r$rz Request._parse_proxy_protocol_v1s SzT! NN8S ):DT!ii D#J'd378n- zz# t9>"4( (Qaa ( ("#@5#HI I F? -  8  8f_ -  &9  &9 =a\Fa\Ff%%A,@5,@"#4t#;< <$!!  $  7 -&t,, -  -&t,, -  ="#4t#;< < =s&3AFAF7 GF47G G'ct|dkr!|j||t|dkr!|d}|d}tjdt |ddd}|dzdz }|d k7rt d |z|d z}|t jt jfvrt d |zd|z}t||kr!|j||t||kr!|t jk(rd ddddd|_ t||dS|dzdz } |d z} | tjk7r t dt |dd|z} | tjk(r|dkr t dtj tj"| dd} tj tj"| dd} tjd| ddd}tjd| ddd}d}n| tj$k(r|dkr t dtj tj&| dd} tj tj&| dd} tjd| ddd}tjd| ddd}d}n<| tj(k(rdddddd|_ t||dSt d| z|| || |d|_ t||dS)zbParse PROXY protocol v2 (binary format). Returns buffer with v2 header consumed. r z>HrrAr'zunsupported version %dzunsupported command %dr Nrzonly TCP protocol is supportedz"insufficient address data for IPv4 r$z"insufficient address data for IPv6 "rr)zunsupported address family %d)rrrstructunpackrrrr r!rrr.r/r&r*r inet_ntoprr+rr))rVrCrver_cmd fam_protolengthrFcommandtotal_header_sizefamilyprotocol addr_datarrrrrs r$rz Request._parse_proxy_protocol_v2s #hm NN8S )#hmb'G tU3r":%67:T>a' a<$%=%GH HD. 9??IOO< <$%=%GH HK#h** NN8S )#h** ioo %")##"" (D $S!2!345 5d"q(t# z(( ($%EF F#bf-. X]] "{()MNN%%fnni!nEF%%fnni!nEF]]41R9!$\*%=> >1g xx99 '' 4*4;;77DG ***4;;77!!$++.&t{{3 3 88 ( (++++-DK7 txx=A $\*%=> > ?%dhh/EJJ$" [[&B ," $$T!W- =$T!W- -EKKN+SQ-@A ..88>>(66?/cHL ?$\*%=> > ?sI&-I++J ct|t|jjt r%t t|jd|_yyr) rrUrlrIreaderrrrrC)rVrs r$rUzRequest.set_body_readers> ! dii&& 2\$--;r!s  KK]\59F w # 2 2::'92995Q+RS TBJJx( RZZ* + $.BJJ{$;!(_&_&DT=gT=r#