validate request.client

2012-07-26 07:49:12 -05:00
parent f29e670cc7
commit 5a16a35ef2
3 changed files with 25 additions and 2 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-Version 2.00.0 (2012-07-26 07:37:27) dev
+Version 2.00.0 (2012-07-26 07:49:09) dev
--- a/gluon/main.py
+++ b/gluon/main.py
@@ -87,6 +87,7 @@ from settings import global_settings
 from validators import CRYPT
 from cache import Cache
 from html import URL as Url
+from utils import is_valid_ip_address
 import newcron
 import rewrite

@@ -402,6 +403,8 @@ def wsgibase(environ, responder):
                    try: local_hosts.append(socket.gethostbyname(http_host))
                    except socket.gaierror: pass
                request.client = get_client(request.env)
+                if not is_valid_ip_address(request.client):
+                    raise HTTP(400,"Bad Request")
                request.folder = abspath('applications',
                                         request.application) + os.sep
                x_req_with = str(request.env.http_x_requested_with).lower()
--- a/gluon/utils.py
+++ b/gluon/utils.py
@@ -16,6 +16,7 @@ import random
 import time
 import os
 import logging
+import socket
 from contrib.pbkdf2 import pbkdf2_hex

 logger = logging.getLogger("web2py")
@@ -69,7 +70,7 @@ def get_digest(value):
    elif value == "sha512":
        return hashlib.sha512
    else:
-        raise ValueError("Invalid digest algorithm: %s" % value) 
+        raise ValueError("Invalid digest algorithm: %s" % value)

 DIGEST_ALG_BY_SIZE = {
    128/4: 'md5',
@@ -146,6 +147,25 @@ def web2py_uuid():
    bytes = ''.join(chr(c ^ ctokens[i]) for i,c in enumerate(bytes))
    return str(uuid.UUID(bytes=bytes, version=4))

+def is_valid_ip_address(address):
+    """
+    >>> is_valid_ip_address('127.0')
+    False
+    >>> is_valid_ip_address('127.0.0.1')
+    True
+    >>> is_valid_ip_address('2001:660::1')
+    True
+    """
+    try:
+        if address.count('.')==3:
+            addr = socket.inet_aton(address)
+        else:
+            addr = socket.inet_pton(socket.AF_INET6, address)
+    except AttributeError: # no socket.inet_pton
+        return False
+    except socket.error:
+        return False
+    return True