| blob | 5185f8d98af1bf1d80d805042d0469ce85033dbc |
1 #!/usr/bin/env python
2 #
3 # Copyright 2007 Google Inc.
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #
20 """Import hook for dev_appserver.py."""
22 import dummy_thread
23 import errno
24 import imp
25 import inspect
26 import itertools
27 import locale
28 import logging
29 import mimetypes
30 import os
31 import pickle
32 import random
33 import re
34 import sys
35 import urllib
43 pass
68 """Fake version of os.urandom."""
72 return bytes
76 """Fake version of os.uname."""
81 """Fake version of os.unlink."""
89 """Fake version of os.readlink."""
94 """Fake version of os.access where only reads are supported."""
96 return False
98 return True
102 """Fake version of locale.setlocale that only supports the default."""
109 """Fake version of os.open."""
114 """Fake version of os.rename."""
119 """Fake version of os.utime."""
124 """Fake distutils.util.get_platform on OS/X. Pass-through otherwise."""
141 """Returns True if the MacOS X urllib fakes should be installed."""
150 """Setups and restores the state for the Mac OS X urllib fakes."""
168 return Inner
171 @_FakeProxyBypassHelper
173 host,
175 """Fake for urllib.proxy_bypass_macosx_sysconf for Python 2.6.0 to 2.6.3."""
179 @_FakeProxyBypassHelper
182 """Fake for urllib.getproxies_macosx_sysconf for Python 2.6.0 to 2.6.3."""
187 subdirectories,
189 """Determines if a filename is contained within one of a set of directories.
191 Args:
192 filename: Path of the file (relative or absolute).
193 subdirectories: Iterable collection of paths to subdirectories which the
194 given filename may be under.
195 normcase: Used for dependency injection.
197 Returns:
198 True if the supplied filename is in one of the given sub-directories or
199 its hierarchy of children. False otherwise.
200 """
205 return True
206 return False
210 """Generate all valid filenames for the given file.
212 Args:
213 p: Positional args are the folders to the file and finally the file
214 without a suffix.
216 Returns:
217 A list of strings representing the given path to a file with each valid
218 suffix for this python build.
219 """
225 """File sub-class that enforces the security restrictions of the production
226 environment.
227 """
249 ])
261 ])
271 SITE_PACKAGES,
272 ])
285 ])
367 ]))
383 _availability_cache = {}
385 @staticmethod
387 """Configures which paths are allowed to be accessed.
389 Must be called at least once before any file objects are created in the
390 hardened environment.
392 Args:
393 root_path: Absolute path to the root of the application.
394 application_paths: List of additional paths that the application may
395 access, this must include the App Engine runtime but
396 not the Python library directories.
397 """
411 @staticmethod
413 """Configures access to files matching FakeFile._skip_files.
415 Args:
416 allow_skipped_files: Boolean whether to allow access to skipped files
417 """
421 @staticmethod
423 """Allow the use of a module based on where it is located.
425 Meant to be used by use_library() so that it has a link back into the
426 trusted part of the interpreter.
428 Args:
429 name: Name of the module to allow.
430 """
446 @staticmethod
448 """Sets which files in the application directory are to be ignored.
450 Must be called at least once before any file objects are created in the
451 hardened environment.
453 Must be called whenever the configuration was updated.
455 Args:
456 skip_files: Object with .match() method (e.g. compiled regexp).
457 """
461 @staticmethod
463 """Sets StaticFileConfigMatcher instance for checking if a file is static.
465 Must be called at least once before any file objects are created in the
466 hardened environment.
468 Must be called whenever the configuration was updated.
470 Args:
471 static_file_config_matcher: StaticFileConfigMatcher instance.
472 """
476 @staticmethod
479 """Determines if a file's path is accessible.
481 SetAllowedPaths(), SetSkippedFiles() and SetStaticFileConfigMatcher() must
482 be called before this method or else all file accesses will raise an error.
484 Args:
485 filename: Path of the file to check (relative or absolute). May be a
486 directory, in which case access for files inside that directory will
487 be checked.
488 normcase: Used for dependency injection.
489 py27_optional: Whether the filename being checked matches the name of an
490 optional python27 runtime library.
492 Returns:
493 True if the file is accessible, False otherwise.
494 """
512 return result
514 @staticmethod
517 """Determines if a file's path is accessible.
519 This is an internal part of the IsFileAccessible implementation.
521 Args:
522 logical_filename: Absolute path of the file to check.
523 normcase: Used for dependency injection.
524 py27_optional: Whether the filename being checked matches the name of an
525 optional python27 runtime library.
527 Returns:
528 True if the file is accessible, False otherwise.
529 """
534 logical_dirfakefile = logical_filename
547 path = relative_filename
557 logical_filename)
558 return False
563 logical_filename)
564 return False
569 return True
572 return True
577 return True
580 return True
585 return True
589 allowed_dirs,
594 return True
596 return False
599 """Initializer. See file built-in documentation."""
618 """Enforces access restrictions for functions that have a file or
619 directory path as their first argument."""
621 _original_os = os
624 """Initializer.
626 Args:
627 original_func: Callable that takes as its first argument the path to a
628 file or directory on disk; all subsequent arguments may be variable.
629 """
633 """Enforces access permissions for the function passed to the constructor.
634 """
642 """Determines the leaf submodule name of a full module name.
644 Args:
645 fullname: Fully qualified module name, e.g. 'foo.bar.baz'
647 Returns:
648 Submodule name, e.g. 'baz'. If the supplied module has no submodule (e.g.,
649 'stuff'), the returned value will just be that module name ('stuff').
650 """
655 """Raised when a module could not be found.
657 In contrast to when a module has been found, but cannot be loaded because of
658 hardening restrictions.
659 """
663 """Raised for error conditions relating to optional Python 2.7 modules."""
667 """Call stack logging decorator for HardenedModulesHook class.
669 This decorator logs the call stack of the HardenedModulesHook class as
670 it executes, indenting logging messages based on the current stack depth.
672 Args:
673 func: the function to decorate.
675 Returns:
676 The decorated function.
677 """
680 args_to_show = []
697 return Decorate
701 """Meta import hook that restricts the modules used by applications to match
702 the production environment.
704 Module controls supported:
705 - Disallow native/extension modules from being loaded
706 - Disallow built-in and/or Python-distributed modules from being loaded
707 - Replace modules with completely empty modules
708 - Override specific module attributes
709 - Replace one module with another
711 After creation, this object should be added to the front of the sys.meta_path
712 list (which may need to be created). The sys.path_importer_cache dictionary
713 should also be cleared, to prevent loading any non-restricted modules.
715 See PEP302 for more info on how this works:
716 http://www.python.org/dev/peps/pep-0302/
717 """
724 """Logs an import-related message to stderr, with indentation based on
725 current call-stack depth.
727 Args:
728 message: Logging format string.
729 args: Positional format parameters for the logging message.
730 """
740 _WHITE_LIST_C_MODULES = [
842 ]
847 _PY27_ALLOWED_MODULES = [
861 ]
878 __PY27_OPTIONAL_ALLOWED_MODULES = {
896 ],
909 ],
917 }
919 __CRYPTO_CIPHER_ALLOWED_MODULES = [
928 ]
933 _WHITE_LIST_PARTIAL_MODULES = {
950 'get_count'
951 ],
1036 ],
1040 ],
1043 ],
1044 }
1054 _MODULE_OVERRIDES = {
1057 },
1073 },
1078 },
1082 },
1086 },
1087 }
1090 _ENABLED_FILE_TYPES = (
1095 )
1098 config,
1099 module_dict,
1100 app_code_path,
1105 """Initializer.
1107 Args:
1108 config: AppInfoExternal instance representing the parsed app.yaml file.
1109 module_dict: Module dictionary to use for managing system modules.
1110 Should be sys.modules.
1111 app_code_path: The absolute path to the application code on disk.
1112 imp_module, os_module, dummy_thread_module, etc.: References to
1113 modules that exist in the dev_appserver that must be used by this class
1114 in order to function, even if these modules have been unloaded from
1115 sys.modules.
1116 """
1169 continue
1185 version)
1191 del v1_0
1200 @Trace
1202 """See PEP 302."""
1208 return self
1210 search_path = path
1224 current_module_fullname,
1225 search_path)
1235 current_module_fullname,
1236 search_path)
1256 return None
1264 raise
1268 return self
1271 """Check if the named module has a stub replacement."""
1276 return True
1279 return True
1280 return False
1283 """Import the stub module replacement for the specified module."""
1288 providing_dist = dist
1293 providing_dist = dist27
1298 @Trace
1300 """Prunes and overrides restricted module attributes.
1302 Args:
1303 module: The module to prune. This should be a new module whose attributes
1304 reference back to the real module's __dict__ members.
1305 """
1322 @Trace
1324 submodule,
1325 submodule_fullname,
1326 search_path):
1327 """Locates a module while enforcing module import restrictions.
1329 Args:
1330 submodule: The short name of the submodule (i.e., the last section of
1331 the fullname; for 'foo.bar' this would be 'bar').
1332 submodule_fullname: The fully qualified name of the module to find (e.g.,
1333 'foo.bar').
1334 search_path: List of paths to search for to find this module. Should be
1335 None if the current sys.path should be used.
1337 Returns:
1338 Tuple (source_file, pathname, description) where:
1339 source_file: File-like object that contains the module; in the case
1340 of packages, this will be None, which implies to look at __init__.py.
1341 pathname: String containing the full path of the module on disk.
1342 description: Tuple returned by imp.find_module().
1343 However, in the case of an import using a path hook (e.g. a zipfile),
1344 source_file will be a PEP-302-style loader object, pathname will be None,
1345 and description will be a tuple filled with None values.
1347 Raises:
1348 ImportError exception if the requested module was found, but importing
1349 it is disallowed.
1351 CouldNotFindModuleError exception if the request module could not even
1352 be found for import.
1353 """
1388 return result
1413 pkg_pathname = pathname
1441 import_error = e
1448 'but not found on import. You may have to download '
1452 '"libraries:" clause of your app.yaml file '
1465 raise import_error
1475 """Helper for FindModuleRestricted to find a module in a sys.path entry.
1477 Args:
1478 submodule:
1479 submodule_fullname:
1480 path_entry: A single sys.path entry, or None representing the builtins.
1482 Returns:
1483 Either None (if nothing was found), or a triple (source_file, path_name,
1484 description). See the doc string for FindModuleRestricted() for the
1485 meaning of the latter.
1486 """
1493 pass
1499 return result
1501 return None
1516 break
1519 pass
1528 pass
1540 return None
1542 @Trace
1544 submodule_fullname,
1545 source_file,
1546 pathname,
1547 description):
1548 """Loads a module while enforcing module import restrictions.
1550 As a byproduct, the new module will be added to the module dictionary.
1552 Args:
1553 submodule_fullname: The fully qualified name of the module to find (e.g.,
1554 'foo.bar').
1555 source_file: File-like object that contains the module's source code,
1556 or a PEP-302-style loader object.
1557 pathname: String containing the full path of the module on disk.
1558 description: Tuple returned by imp.find_module(), or (None, None, None)
1559 in case source_file is a PEP-302-style loader object.
1561 Returns:
1562 The new module.
1564 Raises:
1565 ImportError exception of the specified module could not be loaded for
1566 whatever reason.
1567 """
1587 source_file,
1588 pathname,
1589 description)
1595 raise
1601 @Trace
1603 submodule,
1604 submodule_fullname,
1605 search_path):
1606 """Finds and loads a module, loads it, and adds it to the module dictionary.
1608 Args:
1609 submodule: Name of the module to import (e.g., baz).
1610 submodule_fullname: Full name of the module to import (e.g., foo.bar.baz).
1611 search_path: Path to use for searching for this submodule. For top-level
1612 modules this should be None; otherwise it should be the __path__
1613 attribute from the parent package.
1615 Returns:
1616 A new module instance that has been inserted into the module dictionary
1617 supplied to __init__.
1619 Raises:
1620 ImportError exception if the module could not be loaded for whatever
1621 reason (e.g., missing, not allowed).
1622 """
1634 pass
1638 source_file, pathname, description = self.FindModuleRestricted(submodule, submodule_fullname, search_path)
1640 source_file,
1641 pathname,
1642 description)
1653 submodule_fullname,
1659 pass
1692 return module
1694 @Trace
1696 """Retrieves the parent package of a fully qualified module name.
1698 Args:
1699 fullname: Full name of the module whose parent should be retrieved (e.g.,
1700 foo.bar).
1702 Returns:
1703 Module instance for the parent or None if there is no parent module.
1705 Raise:
1706 ImportError exception if the module's parent could not be found.
1707 """
1716 return None
1718 @Trace
1720 """Determines the search path of a module's parent package.
1722 Args:
1723 fullname: Full name of the module to look up (e.g., foo.bar).
1725 Returns:
1726 Tuple (submodule, search_path) where:
1727 submodule: The last portion of the module name from fullname (e.g.,
1728 if fullname is foo.bar, then this is bar).
1729 search_path: List of paths that belong to the parent package's search
1730 path or None if there is no parent package.
1732 Raises:
1733 ImportError exception if the module or its parent could not be found.
1734 """
1742 @Trace
1744 """Determines the path on disk and the search path of a module or package.
1746 Args:
1747 fullname: Full name of the module to look up (e.g., foo.bar).
1749 Returns:
1750 Tuple (pathname, search_path, submodule) where:
1751 pathname: String containing the full path of the module on disk,
1752 or None if the module wasn't loaded from disk (e.g. from a zipfile).
1753 search_path: List of paths that belong to the found package's search
1754 path or None if found module is not a package.
1755 submodule: The relative name of the submodule that's being imported.
1756 """
1758 source_file, pathname, description = self.FindModuleRestricted(submodule, fullname, search_path)
1766 @Trace
1768 """See PEP 302."""
1780 @Trace
1782 """See PEP 302 extensions."""
1784 source_file, pathname, description = self.FindModuleRestricted(submodule, fullname, search_path)
1787 return True
1788 return False
1790 @Trace
1792 """See PEP 302 extensions."""
1795 return None
1802 @Trace
1804 """See PEP 302 extensions."""
1807 return None
1824 encoding = DEFAULT_ENCODING