File Explorer

/proc/thread-self/root/proc/thread-self/root/usr/lib64/python3.9/http
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
1 dir
5 files
cookies.py21.0 KB · 630 lines
1####2# Copyright 2000 by Timothy O'Malley <timo@alum.mit.edu>3#4#                All Rights Reserved5#6# Permission to use, copy, modify, and distribute this software7# and its documentation for any purpose and without fee is hereby8# granted, provided that the above copyright notice appear in all9# copies and that both that copyright notice and this permission10# notice appear in supporting documentation, and that the name of11# Timothy O'Malley  not be used in advertising or publicity12# pertaining to distribution of the software without specific, written13# prior permission.14#15# Timothy O'Malley DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS16# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY17# AND FITNESS, IN NO EVENT SHALL Timothy O'Malley BE LIABLE FOR18# ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES19# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,20# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS21# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR22# PERFORMANCE OF THIS SOFTWARE.23#24####25#26# Id: Cookie.py,v 2.29 2000/08/23 05:28:49 timo Exp27#   by Timothy O'Malley <timo@alum.mit.edu>28#29#  Cookie.py is a Python module for the handling of HTTP30#  cookies as a Python dictionary.  See RFC 2109 for more31#  information on cookies.32#33#  The original idea to treat Cookies as a dictionary came from34#  Dave Mitchell (davem@magnet.com) in 1995, when he released the35#  first version of nscookie.py.36#37####38 39r"""40Here's a sample session to show how to use this module.41At the moment, this is the only documentation.42 43The Basics44----------45 46Importing is easy...47 48   >>> from http import cookies49 50Most of the time you start by creating a cookie.51 52   >>> C = cookies.SimpleCookie()53 54Once you've created your Cookie, you can add values just as if it were55a dictionary.56 57   >>> C = cookies.SimpleCookie()58   >>> C["fig"] = "newton"59   >>> C["sugar"] = "wafer"60   >>> C.output()61   'Set-Cookie: fig=newton\r\nSet-Cookie: sugar=wafer'62 63Notice that the printable representation of a Cookie is the64appropriate format for a Set-Cookie: header.  This is the65default behavior.  You can change the header and printed66attributes by using the .output() function67 68   >>> C = cookies.SimpleCookie()69   >>> C["rocky"] = "road"70   >>> C["rocky"]["path"] = "/cookie"71   >>> print(C.output(header="Cookie:"))72   Cookie: rocky=road; Path=/cookie73   >>> print(C.output(attrs=[], header="Cookie:"))74   Cookie: rocky=road75 76The load() method of a Cookie extracts cookies from a string.  In a77CGI script, you would use this method to extract the cookies from the78HTTP_COOKIE environment variable.79 80   >>> C = cookies.SimpleCookie()81   >>> C.load("chips=ahoy; vienna=finger")82   >>> C.output()83   'Set-Cookie: chips=ahoy\r\nSet-Cookie: vienna=finger'84 85The load() method is darn-tootin smart about identifying cookies86within a string.  Escaped quotation marks, nested semicolons, and other87such trickeries do not confuse it.88 89   >>> C = cookies.SimpleCookie()90   >>> C.load('keebler="E=everybody; L=\\"Loves\\"; fudge=;";')91   >>> print(C)92   Set-Cookie: keebler="E=everybody; L=\"Loves\"; fudge=;"93 94Each element of the Cookie also supports all of the RFC 210995Cookie attributes.  Here's an example which sets the Path96attribute.97 98   >>> C = cookies.SimpleCookie()99   >>> C["oreo"] = "doublestuff"100   >>> C["oreo"]["path"] = "/"101   >>> print(C)102   Set-Cookie: oreo=doublestuff; Path=/103 104Each dictionary element has a 'value' attribute, which gives you105back the value associated with the key.106 107   >>> C = cookies.SimpleCookie()108   >>> C["twix"] = "none for you"109   >>> C["twix"].value110   'none for you'111 112The SimpleCookie expects that all values should be standard strings.113Just to be sure, SimpleCookie invokes the str() builtin to convert114the value to a string, when the values are set dictionary-style.115 116   >>> C = cookies.SimpleCookie()117   >>> C["number"] = 7118   >>> C["string"] = "seven"119   >>> C["number"].value120   '7'121   >>> C["string"].value122   'seven'123   >>> C.output()124   'Set-Cookie: number=7\r\nSet-Cookie: string=seven'125 126Finis.127"""128 129#130# Import our required modules131#132import re133import string134import types135 136__all__ = ["CookieError", "BaseCookie", "SimpleCookie"]137 138_nulljoin = ''.join139_semispacejoin = '; '.join140_spacejoin = ' '.join141 142#143# Define an exception visible to External modules144#145class CookieError(Exception):146    pass147 148 149# These quoting routines conform to the RFC2109 specification, which in150# turn references the character definitions from RFC2068.  They provide151# a two-way quoting algorithm.  Any non-text character is translated152# into a 4 character sequence: a forward-slash followed by the153# three-digit octal equivalent of the character.  Any '\' or '"' is154# quoted with a preceding '\' slash.155# Because of the way browsers really handle cookies (as opposed to what156# the RFC says) we also encode "," and ";".157#158# These are taken from RFC2068 and RFC2109.159#       _LegalChars       is the list of chars which don't require "'s160#       _Translator       hash-table for fast quoting161#162_LegalChars = string.ascii_letters + string.digits + "!#$%&'*+-.^_`|~:"163_UnescapedChars = _LegalChars + ' ()/<=>?@[]{}'164 165_Translator = {n: '\\%03o' % n166               for n in set(range(256)) - set(map(ord, _UnescapedChars))}167_Translator.update({168    ord('"'): '\\"',169    ord('\\'): '\\\\',170})171 172_is_legal_key = re.compile('[%s]+' % re.escape(_LegalChars)).fullmatch173_control_character_re = re.compile(r'[\x00-\x1F\x7F]')174 175 176def _has_control_character(*val):177    """Detects control characters within a value.178    Supports any type, as header values can be any type.179    """180    return any(_control_character_re.search(str(v)) for v in val)181 182 183def _quote(str):184    r"""Quote a string for use in a cookie header.185 186    If the string does not need to be double-quoted, then just return the187    string.  Otherwise, surround the string in doublequotes and quote188    (with a \) special characters.189    """190    if str is None or _is_legal_key(str):191        return str192    else:193        return '"' + str.translate(_Translator) + '"'194 195 196_unquote_sub = re.compile(r'\\(?:([0-3][0-7][0-7])|(.))').sub197 198def _unquote_replace(m):199    if m[1]:200        return chr(int(m[1], 8))201    else:202        return m[2]203 204def _unquote(str):205    # If there aren't any doublequotes,206    # then there can't be any special characters.  See RFC 2109.207    if str is None or len(str) < 2:208        return str209    if str[0] != '"' or str[-1] != '"':210        return str211 212    # We have to assume that we must decode this string.213    # Down to work.214 215    # Remove the "s216    str = str[1:-1]217 218    # Check for special sequences.  Examples:219    #    \012 --> \n220    #    \"   --> "221    #222    return _unquote_sub(_unquote_replace, str)223 224# The _getdate() routine is used to set the expiration time in the cookie's HTTP225# header.  By default, _getdate() returns the current time in the appropriate226# "expires" format for a Set-Cookie header.  The one optional argument is an227# offset from now, in seconds.  For example, an offset of -3600 means "one hour228# ago".  The offset may be a floating point number.229#230 231_weekdayname = ['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun']232 233_monthname = [None,234              'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun',235              'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec']236 237def _getdate(future=0, weekdayname=_weekdayname, monthname=_monthname):238    from time import gmtime, time239    now = time()240    year, month, day, hh, mm, ss, wd, y, z = gmtime(now + future)241    return "%s, %02d %3s %4d %02d:%02d:%02d GMT" % \242           (weekdayname[wd], day, monthname[month], year, hh, mm, ss)243 244 245class Morsel(dict):246    """A class to hold ONE (key, value) pair.247 248    In a cookie, each such pair may have several attributes, so this class is249    used to keep the attributes associated with the appropriate key,value pair.250    This class also includes a coded_value attribute, which is used to hold251    the network representation of the value.252    """253    # RFC 2109 lists these attributes as reserved:254    #   path       comment         domain255    #   max-age    secure      version256    #257    # For historical reasons, these attributes are also reserved:258    #   expires259    #260    # This is an extension from Microsoft:261    #   httponly262    #263    # This dictionary provides a mapping from the lowercase264    # variant on the left to the appropriate traditional265    # formatting on the right.266    _reserved = {267        "expires"  : "expires",268        "path"     : "Path",269        "comment"  : "Comment",270        "domain"   : "Domain",271        "max-age"  : "Max-Age",272        "secure"   : "Secure",273        "httponly" : "HttpOnly",274        "version"  : "Version",275        "samesite" : "SameSite",276    }277 278    _flags = {'secure', 'httponly'}279 280    def __init__(self):281        # Set defaults282        self._key = self._value = self._coded_value = None283 284        # Set default attributes285        for key in self._reserved:286            dict.__setitem__(self, key, "")287 288    @property289    def key(self):290        return self._key291 292    @property293    def value(self):294        return self._value295 296    @property297    def coded_value(self):298        return self._coded_value299 300    def __setitem__(self, K, V):301        K = K.lower()302        if not K in self._reserved:303            raise CookieError("Invalid attribute %r" % (K,))304        if _has_control_character(K, V):305            raise CookieError(f"Control characters are not allowed in cookies {K!r} {V!r}")306        dict.__setitem__(self, K, V)307 308    def setdefault(self, key, val=None):309        key = key.lower()310        if key not in self._reserved:311            raise CookieError("Invalid attribute %r" % (key,))312        if _has_control_character(key, val):313            raise CookieError("Control characters are not allowed in cookies %r %r" % (key, val,))314        return dict.setdefault(self, key, val)315 316    def __eq__(self, morsel):317        if not isinstance(morsel, Morsel):318            return NotImplemented319        return (dict.__eq__(self, morsel) and320                self._value == morsel._value and321                self._key == morsel._key and322                self._coded_value == morsel._coded_value)323 324    __ne__ = object.__ne__325 326    def copy(self):327        morsel = Morsel()328        dict.update(morsel, self)329        morsel.__dict__.update(self.__dict__)330        return morsel331 332    def update(self, values):333        data = {}334        for key, val in dict(values).items():335            key = key.lower()336            if key not in self._reserved:337                raise CookieError("Invalid attribute %r" % (key,))338            if _has_control_character(key, val):339                raise CookieError("Control characters are not allowed in "340                                  f"cookies {key!r} {val!r}")341            data[key] = val342        dict.update(self, data)343 344    def __ior__(self, values):345        self.update(values)346        return self347 348    def isReservedKey(self, K):349        return K.lower() in self._reserved350 351    def set(self, key, val, coded_val):352        if key.lower() in self._reserved:353            raise CookieError('Attempt to set a reserved key %r' % (key,))354        if not _is_legal_key(key):355            raise CookieError('Illegal key %r' % (key,))356        if _has_control_character(key, val, coded_val):357            raise CookieError(358                "Control characters are not allowed in cookies %r %r %r" % (key, val, coded_val,))359 360        # It's a good key, so save it.361        self._key = key362        self._value = val363        self._coded_value = coded_val364 365    def __getstate__(self):366        return {367            'key': self._key,368            'value': self._value,369            'coded_value': self._coded_value,370        }371 372    def __setstate__(self, state):373        key = state['key']374        value = state['value']375        coded_value = state['coded_value']376        if _has_control_character(key, value, coded_value):377            raise CookieError("Control characters are not allowed in cookies "378                              f"{key!r} {value!r} {coded_value!r}")379        self._key = key380        self._value = value381        self._coded_value = coded_value382 383    def output(self, attrs=None, header="Set-Cookie:"):384        return "%s %s" % (header, self.OutputString(attrs))385 386    __str__ = output387 388    def __repr__(self):389        return '<%s: %s>' % (self.__class__.__name__, self.OutputString())390 391    def js_output(self, attrs=None):392        # Print javascript393        output_string = self.OutputString(attrs)394        if _has_control_character(output_string):395            raise CookieError("Control characters are not allowed in cookies")396        return """397        <script type="text/javascript">398        <!-- begin hiding399        document.cookie = \"%s\";400        // end hiding -->401        </script>402        """ % (output_string.replace('"', r'\"'))403 404    def OutputString(self, attrs=None):405        # Build up our result406        #407        result = []408        append = result.append409 410        # First, the key=value pair411        append("%s=%s" % (self.key, self.coded_value))412 413        # Now add any defined attributes414        if attrs is None:415            attrs = self._reserved416        items = sorted(self.items())417        for key, value in items:418            if value == "":419                continue420            if key not in attrs:421                continue422            if key == "expires" and isinstance(value, int):423                append("%s=%s" % (self._reserved[key], _getdate(value)))424            elif key == "max-age" and isinstance(value, int):425                append("%s=%d" % (self._reserved[key], value))426            elif key == "comment" and isinstance(value, str):427                append("%s=%s" % (self._reserved[key], _quote(value)))428            elif key in self._flags:429                if value:430                    append(str(self._reserved[key]))431            else:432                append("%s=%s" % (self._reserved[key], value))433 434        # Return the result435        return _semispacejoin(result)436 437    __class_getitem__ = classmethod(types.GenericAlias)438 439 440#441# Pattern for finding cookie442#443# This used to be strict parsing based on the RFC2109 and RFC2068444# specifications.  I have since discovered that MSIE 3.0x doesn't445# follow the character rules outlined in those specs.  As a446# result, the parsing rules here are less strict.447#448 449_LegalKeyChars  = r"\w\d!#%&'~_`><@,:/\$\*\+\-\.\^\|\)\(\?\}\{\="450_LegalValueChars = _LegalKeyChars + r'\[\]'451_CookiePattern = re.compile(r"""452    \s*                            # Optional whitespace at start of cookie453    (?P<key>                       # Start of group 'key'454    [""" + _LegalKeyChars + r"""]+?   # Any word of at least one letter455    )                              # End of group 'key'456    (                              # Optional group: there may not be a value.457    \s*=\s*                          # Equal Sign458    (?P<val>                         # Start of group 'val'459    "(?:[^\\"]|\\.)*"                  # Any doublequoted string460    |                                  # or461    \w{3},\s[\w\d\s-]{9,11}\s[\d:]{8}\sGMT  # Special case for "expires" attr462    |                                  # or463    [""" + _LegalValueChars + r"""]*      # Any word or empty string464    )                                # End of group 'val'465    )?                             # End of optional value group466    \s*                            # Any number of spaces.467    (\s+|;|$)                      # Ending either at space, semicolon, or EOS.468    """, re.ASCII | re.VERBOSE)    # re.ASCII may be removed if safe.469 470 471# At long last, here is the cookie class.  Using this class is almost just like472# using a dictionary.  See this module's docstring for example usage.473#474class BaseCookie(dict):475    """A container class for a set of Morsels."""476 477    def value_decode(self, val):478        """real_value, coded_value = value_decode(STRING)479        Called prior to setting a cookie's value from the network480        representation.  The VALUE is the value read from HTTP481        header.482        Override this function to modify the behavior of cookies.483        """484        return val, val485 486    def value_encode(self, val):487        """real_value, coded_value = value_encode(VALUE)488        Called prior to setting a cookie's value from the dictionary489        representation.  The VALUE is the value being assigned.490        Override this function to modify the behavior of cookies.491        """492        strval = str(val)493        return strval, strval494 495    def __init__(self, input=None):496        if input:497            self.load(input)498 499    def __set(self, key, real_value, coded_value):500        """Private method for setting a cookie's value"""501        M = self.get(key, Morsel())502        M.set(key, real_value, coded_value)503        dict.__setitem__(self, key, M)504 505    def __setitem__(self, key, value):506        """Dictionary style assignment."""507        if isinstance(value, Morsel):508            # allow assignment of constructed Morsels (e.g. for pickling)509            dict.__setitem__(self, key, value)510        else:511            rval, cval = self.value_encode(value)512            self.__set(key, rval, cval)513 514    def output(self, attrs=None, header="Set-Cookie:", sep="\015\012"):515        """Return a string suitable for HTTP."""516        result = []517        items = sorted(self.items())518        for key, value in items:519            value_output = value.output(attrs, header)520            if _has_control_character(value_output):521                raise CookieError("Control characters are not allowed in cookies")522            result.append(value_output)523        return sep.join(result)524 525    __str__ = output526 527    def __repr__(self):528        l = []529        items = sorted(self.items())530        for key, value in items:531            l.append('%s=%s' % (key, repr(value.value)))532        return '<%s: %s>' % (self.__class__.__name__, _spacejoin(l))533 534    def js_output(self, attrs=None):535        """Return a string suitable for JavaScript."""536        result = []537        items = sorted(self.items())538        for key, value in items:539            result.append(value.js_output(attrs))540        return _nulljoin(result)541 542    def load(self, rawdata):543        """Load cookies from a string (presumably HTTP_COOKIE) or544        from a dictionary.  Loading cookies from a dictionary 'd'545        is equivalent to calling:546            map(Cookie.__setitem__, d.keys(), d.values())547        """548        if isinstance(rawdata, str):549            self.__parse_string(rawdata)550        else:551            # self.update() wouldn't call our custom __setitem__552            for key, value in rawdata.items():553                self[key] = value554        return555 556    def __parse_string(self, str, patt=_CookiePattern):557        i = 0                 # Our starting point558        n = len(str)          # Length of string559        parsed_items = []     # Parsed (type, key, value) triples560        morsel_seen = False   # A key=value pair was previously encountered561 562        TYPE_ATTRIBUTE = 1563        TYPE_KEYVALUE = 2564 565        # We first parse the whole cookie string and reject it if it's566        # syntactically invalid (this helps avoid some classes of injection567        # attacks).568        while 0 <= i < n:569            # Start looking for a cookie570            match = patt.match(str, i)571            if not match:572                # No more cookies573                break574 575            key, value = match.group("key"), match.group("val")576            i = match.end(0)577 578            if key[0] == "$":579                if not morsel_seen:580                    # We ignore attributes which pertain to the cookie581                    # mechanism as a whole, such as "$Version".582                    # See RFC 2965. (Does anyone care?)583                    continue584                parsed_items.append((TYPE_ATTRIBUTE, key[1:], value))585            elif key.lower() in Morsel._reserved:586                if not morsel_seen:587                    # Invalid cookie string588                    return589                if value is None:590                    if key.lower() in Morsel._flags:591                        parsed_items.append((TYPE_ATTRIBUTE, key, True))592                    else:593                        # Invalid cookie string594                        return595                else:596                    parsed_items.append((TYPE_ATTRIBUTE, key, _unquote(value)))597            elif value is not None:598                parsed_items.append((TYPE_KEYVALUE, key, self.value_decode(value)))599                morsel_seen = True600            else:601                # Invalid cookie string602                return603 604        # The cookie string is valid, apply it.605        M = None         # current morsel606        for tp, key, value in parsed_items:607            if tp == TYPE_ATTRIBUTE:608                assert M is not None609                M[key] = value610            else:611                assert tp == TYPE_KEYVALUE612                rval, cval = value613                self.__set(key, rval, cval)614                M = self[key]615 616 617class SimpleCookie(BaseCookie):618    """619    SimpleCookie supports strings as cookie values.  When setting620    the value using the dictionary assignment notation, SimpleCookie621    calls the builtin str() to convert the value to a string.  Values622    received from HTTP are kept as strings.623    """624    def value_decode(self, val):625        return _unquote(val), val626 627    def value_encode(self, val):628        strval = str(val)629        return strval, _quote(strval)630