-
-
Notifications
You must be signed in to change notification settings - Fork 573
/
utils.py
322 lines (269 loc) · 9.36 KB
/
utils.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
# -*- coding: utf-8 -*-
"""
proxy.py
~~~~~~~~
⚡⚡⚡ Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on
Network monitoring, controls & Application development, testing, debugging.
:copyright: (c) 2013-present by Abhinav Singh and contributors.
:license: BSD, see LICENSE for more details.
.. spelling::
utils
"""
import ssl
import sys
import socket
import logging
import argparse
import functools
import ipaddress
import contextlib
from types import TracebackType
from typing import Any, Dict, List, Type, Tuple, Callable, Optional
from .types import HostPort
from .constants import (
CRLF, COLON, HTTP_1_1, IS_WINDOWS, WHITESPACE, DEFAULT_TIMEOUT,
DEFAULT_THREADLESS, PROXY_AGENT_HEADER_VALUE,
)
if not IS_WINDOWS: # pragma: no cover
import resource
logger = logging.getLogger(__name__)
def tls_interception_enabled(flags: argparse.Namespace) -> bool:
return flags.ca_key_file is not None and \
flags.ca_cert_dir is not None and \
flags.ca_signing_key_file is not None and \
flags.ca_cert_file is not None
def is_threadless(threadless: bool, threaded: bool) -> bool:
# if default is threadless then return true unless
# user has overridden mode using threaded flag.
#
# if default is not threadless then return true
# only if user has overridden using --threadless flag
return (DEFAULT_THREADLESS and not threaded) or (not DEFAULT_THREADLESS and threadless)
def is_py2() -> bool:
"""Exists only to avoid mocking :data:`sys.version_info` in tests."""
return sys.version_info.major == 2
def text_(s: Any, encoding: str = 'utf-8', errors: str = 'strict') -> Any:
"""Utility to ensure text-like usability.
If s is of type bytes or int, return s.decode(encoding, errors),
otherwise return s as it is."""
if isinstance(s, int):
return str(s)
if isinstance(s, bytes):
return s.decode(encoding, errors)
return s
def bytes_(s: Any, encoding: str = 'utf-8', errors: str = 'strict') -> Any:
"""Utility to ensure binary-like usability.
If s is type str or int, return s.encode(encoding, errors),
otherwise return s as it is."""
if isinstance(s, int):
s = str(s)
if isinstance(s, str):
return s.encode(encoding, errors)
return s
def build_http_request(
method: bytes, url: bytes,
protocol_version: bytes = HTTP_1_1,
content_type: Optional[bytes] = None,
headers: Optional[Dict[bytes, bytes]] = None,
body: Optional[bytes] = None,
conn_close: bool = False,
no_ua: bool = False,
) -> bytes:
"""Build and returns a HTTP request packet."""
headers = headers or {}
if content_type is not None:
headers[b'Content-Type'] = content_type
has_transfer_encoding = False
has_user_agent = False
for k, _ in headers.items():
if k.lower() == b'transfer-encoding':
has_transfer_encoding = True
elif k.lower() == b'user-agent':
has_user_agent = True
if body and not has_transfer_encoding:
headers[b'Content-Length'] = bytes_(len(body))
if not has_user_agent and not no_ua:
headers[b'User-Agent'] = PROXY_AGENT_HEADER_VALUE
return build_http_pkt(
[method, url, protocol_version],
headers,
body,
conn_close,
)
def build_http_response(
status_code: int,
protocol_version: bytes = HTTP_1_1,
reason: Optional[bytes] = None,
headers: Optional[Dict[bytes, bytes]] = None,
body: Optional[bytes] = None,
conn_close: bool = False,
no_cl: bool = False,
) -> bytes:
"""Build and returns a HTTP response packet."""
line = [protocol_version, bytes_(status_code)]
if reason:
line.append(reason)
headers = headers or {}
has_transfer_encoding = False
for k, _ in headers.items():
if k.lower() == b'transfer-encoding':
has_transfer_encoding = True
break
if not has_transfer_encoding and not no_cl:
headers[b'Content-Length'] = bytes_(len(body)) if body else b'0'
return build_http_pkt(line, headers, body, conn_close)
def build_http_header(k: bytes, v: bytes) -> bytes:
"""Build and return a HTTP header line for use in raw packet."""
return k + COLON + WHITESPACE + v
def build_http_pkt(
line: List[bytes],
headers: Optional[Dict[bytes, bytes]] = None,
body: Optional[bytes] = None,
conn_close: bool = False,
) -> bytes:
"""Build and returns a HTTP request or response packet."""
pkt = WHITESPACE.join(line) + CRLF
headers = headers or {}
if conn_close:
headers[b'Connection'] = b'close'
for k, v in headers.items():
pkt += build_http_header(k, v) + CRLF
pkt += CRLF
if body:
pkt += body
return pkt
def build_websocket_handshake_request(
key: bytes,
method: bytes = b'GET',
url: bytes = b'/',
host: bytes = b'localhost',
) -> bytes:
"""
Build and returns a Websocket handshake request packet.
:param key: Sec-WebSocket-Key header value.
:param method: HTTP method.
:param url: Websocket request path.
"""
return build_http_request(
method, url,
headers={
b'Host': host,
b'Connection': b'upgrade',
b'Upgrade': b'websocket',
b'Sec-WebSocket-Key': key,
b'Sec-WebSocket-Version': b'13',
},
)
def build_websocket_handshake_response(accept: bytes) -> bytes:
"""
Build and returns a Websocket handshake response packet.
:param accept: Sec-WebSocket-Accept header value
"""
return build_http_response(
101, reason=b'Switching Protocols',
headers={
b'Upgrade': b'websocket',
b'Connection': b'Upgrade',
b'Sec-WebSocket-Accept': accept,
},
)
def find_http_line(raw: bytes) -> Tuple[Optional[bytes], bytes]:
"""Find and returns first line ending in CRLF along with following buffer.
If no ending CRLF is found, line is None."""
parts = raw.split(CRLF, 1)
return (None, raw) \
if len(parts) == 1 \
else (parts[0], parts[1])
def wrap_socket(
conn: socket.socket,
keyfile: str,
certfile: str,
cafile: Optional[str] = None,
) -> ssl.SSLSocket:
"""Use this to upgrade server_side socket to TLS."""
ctx = ssl.create_default_context(
ssl.Purpose.CLIENT_AUTH,
cafile=cafile,
)
ctx.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
ctx.verify_mode = ssl.CERT_NONE
ctx.load_cert_chain(
certfile=certfile,
keyfile=keyfile,
)
return ctx.wrap_socket(
conn,
server_side=True,
)
def new_socket_connection(
addr: HostPort,
timeout: float = DEFAULT_TIMEOUT,
source_address: Optional[HostPort] = None,
) -> socket.socket:
conn = None
try:
ip = ipaddress.ip_address(addr[0])
if ip.version == 4:
conn = socket.socket(
socket.AF_INET, socket.SOCK_STREAM, 0,
)
conn.settimeout(timeout)
conn.connect(addr)
else:
conn = socket.socket(
socket.AF_INET6, socket.SOCK_STREAM, 0,
)
conn.settimeout(timeout)
conn.connect((addr[0], addr[1], 0, 0))
except ValueError:
pass # does not appear to be an IPv4 or IPv6 address
if conn is not None:
return conn
# try to establish dual stack IPv4/IPv6 connection.
return socket.create_connection(addr, timeout=timeout, source_address=source_address)
class socket_connection(contextlib.ContextDecorator):
"""Same as new_socket_connection but as a context manager and decorator."""
def __init__(self, addr: HostPort):
self.addr: HostPort = addr
self.conn: Optional[socket.socket] = None
super().__init__()
def __enter__(self) -> socket.socket:
self.conn = new_socket_connection(self.addr)
return self.conn
def __exit__(
self,
exc_type: Optional[Type[BaseException]],
exc_val: Optional[BaseException],
exc_tb: Optional[TracebackType],
) -> None:
if self.conn:
self.conn.close()
def __call__( # type: ignore
self, func: Callable[..., Any],
) -> Callable[[Tuple[Any, ...], Dict[str, Any]], Any]:
@functools.wraps(func)
def decorated(*args: Any, **kwargs: Any) -> Any:
with self as conn:
return func(conn, *args, **kwargs)
return decorated
def get_available_port() -> int:
"""Finds and returns an available port on the system."""
with contextlib.closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
sock.bind(('', 0))
_, port = sock.getsockname()
return int(port)
def set_open_file_limit(soft_limit: int) -> None:
"""Configure open file description soft limit on supported OS."""
# resource module not available on Windows OS
if IS_WINDOWS: # pragma: no cover
return
curr_soft_limit, curr_hard_limit = resource.getrlimit(
resource.RLIMIT_NOFILE,
)
if curr_soft_limit < soft_limit < curr_hard_limit:
resource.setrlimit(
resource.RLIMIT_NOFILE, (soft_limit, curr_hard_limit),
)
logger.debug(
'Open file soft limit set to %d', soft_limit,
)