hgweb: validate WSGI environment dict
The wsgiref.validate module contains useful functions for validating
that various WSGI data structures are proper.
This commit adds validation of the environment dict to our built-in
HTTP server, which turns an HTTP request into an environment dict.
The check discovered that we weren't always setting QUERY_STRING,
which would cause the cgi module to fall back to sys.argv. So we
change things to always set QUERY_STRING.
The check passes on Python 2 and 3.
Differential Revision: https://phab.mercurial-scm.org/D2731
--- a/mercurial/hgweb/server.py Thu Mar 08 09:26:51 2018 -0800
+++ b/mercurial/hgweb/server.py Thu Mar 08 09:44:27 2018 -0800
@@ -13,6 +13,7 @@
import socket
import sys
import traceback
+import wsgiref.validate
from ..i18n import _
@@ -128,8 +129,7 @@
env[r'PATH_INFO'] = pycompat.sysstr(path[len(self.server.prefix):])
env[r'REMOTE_HOST'] = self.client_address[0]
env[r'REMOTE_ADDR'] = self.client_address[0]
- if query:
- env[r'QUERY_STRING'] = query
+ env[r'QUERY_STRING'] = query or r''
if pycompat.ispy3:
if self.headers.get_content_type() is None:
@@ -166,6 +166,8 @@
socketserver.ForkingMixIn)
env[r'wsgi.run_once'] = 0
+ wsgiref.validate.check_environ(env)
+
self.saved_status = None
self.saved_headers = []
self.length = None