wsgiserver python 漏洞_简单的WSGI server
参考:https://ruslanspivak.com/lsbaws-part1/
简单的WSGI server
server程序 webserver.py
# Tested with Python 2.7.9, Linux & Mac OS X
import socket
import StringIO
import sys
class WSGIServer(object):
address_family = socket.AF_INET
socket_type = socket.SOCK_STREAM
request_queue_size = 1
def __init__(self, server_address):
# Create a listening socket
self.listen_socket = listen_socket = socket.socket(
self.address_family,
self.socket_type
)
# Allow to reuse the same address
listen_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
# Bind
listen_socket.bind(server_address)
# Activate
listen_socket.listen(self.request_queue_size)
# Get server host name and port
host, port = self.listen_socket.getsockname()[:2]
self.server_name = socket.getfqdn(host)
self.server_port = port
# Return headers set by Web framework/Web application
self.headers_set = []
def set_app(self, application):
self.application = application
def serve_forever(self):
listen_socket = self.listen_socket
while True:
# New client connection
self.client_connection, client_address = listen_socket.accept()
# Handle one request and close the client connection. Then
# loop over to wait for another client connection
self.handle_one_request()
def handle_one_request(self):
self.request_data = request_data = self.client_connection.recv(40960)
#self.request_data = request_data = self.client_connection.recv(1024)
# Print formatted request data a la 'curl -v'
print(''.join(
'< {line}\n'.format(line=line)
for line in request_data.splitlines()
))
self.parse_request(request_data)
# Construct environment dictionary using request data
env = self.get_environ()
# It's time to call our application callable and get
# back a result that will become HTTP response body
result = self.application(env, self.start_response)
# Construct a response and send it back to the client
self.finish_response(result)
def parse_request(self, text):
request_line = text.splitlines()[0]
request_line = request_line.rstrip('\r\n')
# Break down the request line into components
(self.request_method, # GET
self.path, # /hello
self.request_version # HTTP/1.1
) = request_line.split()
def get_environ(self):
env = {}
# The following code snippet does not follow PEP8 conventions
# but it's formatted the way it is for demonstration purposes
# to emphasize the required variables and their values
#
# Required WSGI variables
env['wsgi.version'] = (1, 0)
env['wsgi.url_scheme'] = 'http'
env['wsgi.input'] = StringIO.StringIO(self.request_data)
env['wsgi.errors'] = sys.stderr
env['wsgi.multithread'] = False
env['wsgi.multiprocess'] = False
env['wsgi.run_once'] = False
# Required CGI variables
env['REQUEST_METHOD'] = self.request_method # GET
env['PATH_INFO'] = self.path # /hello
env['SERVER_NAME'] = self.server_name # localhost
env['SERVER_PORT'] = str(self.server_port) # 8888
return env
def start_response(self, status, response_headers, exc_info=None):
# Add necessary server headers
server_headers = [
('Date', 'Tue, 31 Mar 2015 12:54:48 GMT'),
('Server', 'WSGIServer 0.2'),
]
self.headers_set = [status, response_headers + server_headers]
# To adhere to WSGI specification the start_response must return
# a 'write' callable. We simplicity's sake we'll ignore that detail
# for now.
# return self.finish_response
def finish_response(self, result):
try:
status, response_headers = self.headers_set
response = 'HTTP/1.1 {status}\r\n'.format(status=status)
for header in response_headers:
response += '{0}: {1}\r\n'.format(*header)
response += '\r\n'
for data in result:
response += data
# Print formatted response data a la 'curl -v'
print(''.join(
'> {line}\n'.format(line=line)
for line in response.splitlines()
))
self.client_connection.sendall(response)
finally:
self.client_connection.close()
SERVER_ADDRESS = (HOST, PORT) = '', 9091
def make_server(server_address, application):
server = WSGIServer(server_address)
server.set_app(application)
return server
if __name__ == '__main__':
if len(sys.argv) < 2:
sys.exit('Provide a WSGI application object as module:callable')
app_path = sys.argv[1]
module, application = app_path.split(':')
module = __import__(module)
application = getattr(module, application)
httpd = make_server(SERVER_ADDRESS, application)
print('WSGIServer: Serving HTTP on port {port} ...\n'.format(port=PORT))
httpd.serve_forever()
应用 test.py
def app(environ, start_response):
"""A barebones WSGI application.
This is a starting point for your own Web framework :)
"""
status = '200 OK'
response_headers = [('Content-Type', 'text/plain')]
start_response(status, response_headers)
return ['Hello world from a simple WSGI application!\n']
运行
python webserver.py test:app
测试
在浏览器地址栏输入
http://192.168.3.106:9091/hello
注意:server端口设置9091,在server里可以更改
wsgiserver python 漏洞_简单的WSGI server相关推荐
- wsgiserver python 漏洞_python-简单测试wsgi
1.1 RESTful 架构 REST全称是Representational State Transfer,中文意思是表述(编者注:通常译为表征)性状态转移. 它首次出现在2000年Roy Field ...
- wsgiserver python 漏洞_新型任意文件读取漏洞的研究
0x00 前言 早前发现boooom在乌云上发了很多个任意文件读取的漏洞,都是形如 http://target/../../../../etc/passwd 这样.当时感觉很新奇,因为正常情况下,通常 ...
- python搭建_简单_交易系统【转载】
python搭建_简单_交易系统[转载] 构建account_class 类 构建所需函数 构建最大回撤.收益率.回测函数 构建银行翻倍.选股函数 回测实证分析 (转自 https://www.joi ...
- rmi远程代码执行漏洞_微软 Windows DNS Server 远程代码执行漏洞
安全预警 漏洞:微软 Windows DNS Server 远程代码执行漏洞漏洞编号:CVE-2020-1350威胁程度:高影响范围: Windows Server 2008 for 32-bit S ...
- crossin的编程教室python入门_简单三步,用 Python 发邮件
0. 前言 发送电子邮件是个很常见的开发需求.比如你写了个监控天气的脚本,发现第二天要下雨,或者网站上关注的某个商品降价了,就可以发个邮件到邮箱来提醒自己. 使用 Python 脚本发送邮件并不复杂. ...
- microbit与python编程_简单5步开始学习microbit编程-windows篇
探索如何使用micro:bit通过5个简单的步骤! 可以在台式机(mac.pc.Chromebooks.Linux,包括Raspberry Pi)和移动设备上对micro:bit进行编程. 由于Win ...
- python 分类_简单机器学习入门教程:用Python解决简单的水果分类问题
在这篇机器学习入门教程中,我们将使用Python中最流行的机器学习工具scikit- learn,在Python中实现几种机器学习算法.使用简单的数据集来训练分类器区分不同类型的水果. 这篇文章的目的 ...
- python博弈树_简单博弈树算法(nim游戏)
简单博弈树算法(nim游戏)的python实现. import random import treelib import sys tagid=0 def genId(): global tagid t ...
- python 战舰_简单Python战舰
我最近开始学习python,并决定尝试制作我的第一个项目.我正在尝试做一个战舰游戏,随机放置两个3块长的船在一块板上.但效果不太好.我为2号飞船做了一个临时的循环,它应该检查一下旁边的两个空间是否空闲 ...
最新文章
- 使用YOLOv5模型进行目标检测!
- python中的二进制、八进制、十六进制的相互转换
- linux nginx cdn,linux – Nginx Proxy_Pass到CDN与直接击中CDN. P...
- gomod和govendor的简单理解
- Mysql 客户端查询结果如何保存到本地而不是服务端?
- jQuery -- 光阴似箭(五):AJAX 方法
- 数据洞察 | Python解读地摊——你想好摆摊去卖什么了吗?
- Spring Boot 启动流程
- 虎牙、斗鱼正式达成合并协议;​中国广电正式成立,或催生5G发展新格局;Linux 5.9 释出|极客头条
- 093-PHP数组比较
- OpenCV-Python中的简单数字识别OCR
- 《数学之美》—贾里尼克和现代语言处理
- LSI存储论坛:6Gb SAS让DAS焕发新活力?
- ivms4200 远程桌面访问测试过程及问题汇总
- 2022年信息系统监理师考试大纲
- 企业Foxmail帐户邮箱数据保存在什么地方?
- dp光纤线传输距离既然超过百米之长?
- DSP学习(5)—— Timer的使用
- 动态规划的最优原理与无后效性解析
- 简述windows计算机启动过程,计算机启动过程
热门文章
- ASP.NET MVC5+EF6+EasyUI 后台管理系统--任务调度系统解析
- 递归遍历文件夹,并添加到TreeView控件中
- 应用程序“DEFAULT WEB SITE/ICLOCK”中的服务器错误
- 什么时候需要用到RCC_APB2Periph_AFIO--复用IO时钟的使用
- st-link和jlink调试stm32接线注意事项
- 十、从中缀向后缀转换表达式
- mysql从入门到转行图片_数据小白转行之路-MYSQL(二)
- C++ Primer 5th笔记(chap 14 重载运算和类型转换)递增和递减运算符
- C++ Primer 5th笔记(8)chapter8 类:IO库-总览
- lower_bound和 upper_bound 用法(STL)