1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
#!/usr/bin/python
# IVLE - Informatics Virtual Learning Environment
# Copyright (C) 2007-2008 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
# Script: interpretservice
# Author: David Coles
# Date: 6/3/2007
# A CGI script for interpreting files.
import mimetypes
import os
import sys
import StringIO
import urlparse
import subprocess
from ivle import (cgirequest, studpath)
import ivle.conf
import ivle.conf.mimetypes
import ivle.conf.app
import ivle.conf.app.server
# XXX: using dirname because we don't have path config in the jailconf.
serveservice_path = os.path.join(os.path.dirname(__file__), 'serveservice')
def determine_file_type(filename):
filetype = mimetypes.guess_type(filename)[0]
if filetype is None:
filetype = ivle.conf.mimetypes.default_mimetype
return filetype
req = cgirequest.CGIRequest()
req.install_error_handler()
python = "/usr/bin/python"
# Work out the parts of the URL
urlpath = urlparse.urlparse(req.path)[2]
filename = studpath.url_to_jailpaths(urlpath)[2]
path_info = ''
if filename is None:
req.throw_error(req.HTTP_NOT_FOUND, "The path specified is invalid.")
if not os.access(filename, os.F_OK):
# The given path doesn't exist. CGI lets us backtrack and put the path
# elements through which we pass into PATH_INFO, so we try that.
while not os.access(filename, os.F_OK):
filename, path_info_frag = os.path.split(filename)
# os.path.join tacks a / on the end even if the second fragment is
# empty, which we don't want.
if len(path_info) > 0:
path_info = os.path.join(path_info_frag, path_info)
else:
path_info = path_info_frag
# PATH_INFO is meant to start with a /.
path_info = os.path.join(os.sep, path_info)
# We now have a file that exists, but is it something that we're allowed
# to execute? If not, we should 404 anyway.
if determine_file_type(filename) not in ivle.conf.app.server.interpreters:
req.throw_error(req.HTTP_NOT_FOUND,
"The specified file (%s) does not exist." % urlpath)
path = os.path.split(filename)[0]
# Everything should be done from the same directory as the script
try:
os.chdir(path)
except OSError:
req.throw_error(req.HTTP_NOT_FOUND,
"The specified file (%s) does not exist." % urlpath)
# Search the path for modules first
sys.path[0] = path
# Now we have lots of fun mangling environment variables to fix PATH_INFO
# and related stuff.
os.environ['PATH_INFO'] = path_info
if len(path_info) > 0:
os.environ['SCRIPT_NAME'] = os.environ['SCRIPT_NAME'][:-len(path_info)]
# Set PATH_TRANSLATED. We trim the leading / from path_info or things go bad.
path_translated = studpath.url_to_jailpaths(path_info[1:])[2]
if path_translated is not None:
if len(path_translated) == 0 or path_translated[0] != os.sep:
path_translated = os.sep + path_translated
os.environ['PATH_TRANSLATED'] = path_translated
if not os.access(filename, os.R_OK):
req.throw_error(req.HTTP_NOT_FOUND,
"The specified file (%s) does not exist." % urlpath)
elif os.path.isdir(filename):
# 403 Forbidden error for visiting a directory
# (Not giving a directory listing, since this can be seen by
# the world at large. Directory contents are private).
req.throw_error(req.HTTP_FORBIDDEN,
"The path specified is a directory.")
elif determine_file_type(filename) in ivle.conf.app.server.interpreters:
# We'll save on a fork and execute in this python process
# Let exceptions blow up normally again
sys.excepthook = sys.__excepthook__
execfile(filename, {})
# Non-Python process should probably use something like
# subprocess.call([python, filename])
else:
# Otherwise, use the blacklist/whitelist to see if this file should be
# served or disallowed
if (ivle.conf.app.server.blacklist_served_filetypes and \
determine_file_type(filename) in \
ivle.conf.app.server.served_filetypes_blacklist) or \
(ivle.conf.app.server.served_filetypes_whitelist and \
determine_file_type(filename) not in \
ivle.conf.app.server.served_filetypes_whitelist):
req.throw_error(req.HTTP_FORBIDDEN,
"Files of this type are not allowed to be served.")
execfile(serveservice_path)
|