jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,067 Commits 1 Branch 0 Tags
Commit Graph

3067 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul J. Dorn
0b10cbab1d unconditionally log request error 
Somehow exception logging was conditional on successful request uri parsing.
Add it back for the other branch.
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
72b8970dbf silently drop or refuse header names w/ underscore 
Ambiguous mappings open a bottomless pit of "what is user input and what is proxy input" confusion.
Default to what everyone else has been doing for years now, silently drop.

see also https://nginx.org/r/underscores_in_headers
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
b2846783d7 strict: header field validation: stop casefolding 
* refusing lowercase and ASCII 0x23 (#) had been partially enforced before
* do not casefold by default, HTTP methods are case sensitive
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
42dd4190ac test: verify TOKEN_RE against common HTTP Methods 2023-12-15 13:33:31 +01:00
Paul J. Dorn
13027ef797 Create SECURITY.md 2023-12-15 13:33:31 +01:00
Tomi Belan
f0c91cca48 Check SCRIPT_NAME is at the request path's beginning 2023-12-15 13:33:31 +01:00
Ben Kallus
72238fcf8d RFC compliant request line and header parsing 
- Unify HEADER_RE and METH_RE
- Replace CRLF with SP during obs-fold processing (See RFC 9112 Section 5.2, last paragraph)
- Stop stripping header names.
- Remove HTAB in OWS in header values that use obs-fold (See RFC 9112 Section 5.2, last paragraph)
- Use fullmatch instead of search, which has problems with empty strings. (See GHSA-68xg-gqqm-vgj8)
- Split proxy protocol line on space only. (See proxy protocol Section 2.1, bullet 3)
- Use fullmatch for method and version (Thank you to Paul Dorn for noticing this.)
- Replace calls to str.strip() with str.strip(' \t')
- Split request line on SP only.

Co-authored-by: Paul Dorn <pajod@users.noreply.github.com>
 2023-12-15 13:33:31 +01:00
Ben Kallus
735e9e867a Disallow empty header names. 2023-12-15 13:33:31 +01:00
Ben Kallus
2dbe49de99 RFC compliant header field+chunk validation 
* update HEADER_RE and HEADER_VALUE_RE to match the RFCs
* update chunk length parsing to disallow 0x prefix and digit-separating underscores.
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
559caf9205 pytest: raise on malformed test fixtures 
and unbreak test depending on backslash escape
 2023-12-15 13:33:31 +01:00
Benoit Chesneau
26aba9ed9d
Merge pull request #3102 from deronnax/pyproject-toml-fix-license 
pyproject.toml: fix embedding of the LICENSE file in the package
 2023-12-07 15:39:01 +01:00
benoitc
4023228493 let's exception not bubble 
ensure we can catch  correctly  exceptions based on BaseException.

Note: patch was origninally proposed by the pr #2923, but original
author closed it.

Fix #2923
 2023-12-07 15:36:48 +01:00
Mathieu Dupuy
7acd83bfb6
pyproject.toml: fix license-files field 2023-12-02 11:03:13 +01:00
Benoit Chesneau
ca9162d9cd
Merge pull request #3090 from sblondon/remove-python2-note 
Remove Python2 note
 2023-11-18 23:15:01 +01:00
Benoit Chesneau
571b6fff46
Merge pull request #3095 from ramikg/simplify-workertmp-notify 
Use `utime` instead of `fchmod` in `WorkerTmp.notify`
 2023-11-18 23:14:29 +01:00
Rami
0dd6b6350e
Use utime instead of fchmod in WorkerTmp.notify 2023-11-14 11:54:14 +02:00
Benoit Chesneau
02d3dd8b7a
Merge pull request #3063 from deronnax/migrate-to-pyproject-toml 
Migrate to pyproject toml
 2023-11-13 23:57:48 +01:00
sblondon
237f3e6f5c
Remove Python2 note 
Python2 is not supported anymore.
 2023-11-11 23:02:07 +01:00
Benoit Chesneau
430dcdd997
Merge pull request #3075 from benoitc/dependabot/github_actions/actions/checkout-4 
Bump actions/checkout from 3 to 4
 2023-10-12 19:01:41 +02:00
dependabot[bot]
7d69222b55
Bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-01 21:28:16 +00:00
Mathieu Dupuy
fdd23e8292
migrate to pyproject.toml 2023-09-12 00:43:37 +02:00
Mathieu Dupuy
7033f27e28
remove exclusion of tests and examples dir 
setuptools already exclude them by default in the flat-layout setup,
see https://setuptools.pypa.io/en/latest/userguide/package_discovery.html\#flat-layout
 2023-09-04 15:22:37 +02:00
Mathieu Dupuy
760e864200
migrate to setup.cfg 2023-09-04 15:19:54 +02:00
benoitc
ab9c8301cb bump to 21.2.0 2023-07-19 13:31:10 +02:00
Benoit Chesneau
f5669f6475
Merge pull request #3033 from benoitc/fix-gthread 
revert change considering connection as idle
 2023-07-19 13:26:28 +02:00
benoitc
bc905859a6 revert change considering connection as idle 2023-07-19 00:10:24 +02:00
benoitc
4e12ebe334 bump to 21.1.0 2023-07-18 14:41:05 +02:00
benoitc
60b78e3d98 fix setup.cfg: use new license_files property 
`license_file` propert in setup.cfg is deprecated and should be replaced
by the `license_files` property.

fix #3027
 2023-07-18 14:33:53 +02:00
Benoit Chesneau
83c3973e1b
Merge pull request #3030 from benoitc/fix-ghthread 
fix gthread worker
 2023-07-18 14:28:44 +02:00
benoitc
86d85cb369 fix gthread worker 
under Python 3.8 and sup exception is ValueError when fd has already
been cleared by the system.

fix #3029
 2023-07-18 14:10:36 +02:00
benoitc
547f8561d9 bump 21.0.1: fix doc 2023-07-17 23:19:49 +02:00
benoitc
033dca60cd fix doc path to conf.py in readthedocs.yaml 2023-07-17 23:14:57 +02:00
benoitc
1dd24e6e3c fix .readthedocs.yaml path 2023-07-17 23:08:54 +02:00
benoitc
b6eb01ba52 add readthedocs.yaml 2023-07-17 23:03:59 +02:00
benoitc
543628eb12 remove pypy-3.7 from tests 2023-07-17 22:47:52 +02:00
benoitc
91cb3dc67c Revert "remove cryptography from requirements" 
This reverts commit 471a6f80f0a255a41e0effe9896751db0a814999.
 2023-07-17 22:45:55 +02:00
benoitc
471a6f80f0 remove cryptography from requirements 2023-07-17 22:43:27 +02:00
benoitc
f628dd9730 fix import error 2023-07-17 22:40:52 +02:00
benoitc
cac38b4286 bump doc version 2023-07-17 22:31:15 +02:00
benoitc
0304f006e6 add minitimal changelog 2023-07-17 21:36:31 +02:00
benoitc
f72acb6c0e add missing depedency for eventlet tests 2023-07-17 21:20:44 +02:00
benoitc
1ff10ff99d remove useless dep 2023-07-17 21:10:25 +02:00
Benoit Chesneau
cc2e383578
Merge pull request #3003 from jasonamyers/2977-content-length 
Updating Content-Length Handling
 2023-07-11 00:14:23 +02:00
Benoit Chesneau
a74b3ed9e0
Merge pull request #3016 from kurtmckee/add-dependabot-for-github-actions 
Add a Dependabot config to keep GitHub action versions updated
 2023-07-11 00:13:33 +02:00
Benoit Chesneau
378f0d04ec bump to 21.0.0 2023-07-10 22:09:23 +00:00
Kurt McKee
2f17eb508e
Add a Dependabot config to keep GitHub action versions updated 2023-06-29 09:50:49 -05:00
Jason Myers
fa94f70529 Updating Content-Length Handling 
Signed-off-by: Jason Myers <jmyers@syntellis.com>
 2023-05-30 20:42:13 -05:00
Benoit Chesneau
add8a4c951
Merge pull request #2996 from Excalartur/pylint-pass2 
update pylint version, and fix linter issues
 2023-05-25 10:42:38 +02:00
unknown
dd0aebfc87 add to THANKS :) 2023-05-17 18:55:15 +03:00
unknown
cc15967cff tox.ini deps 2023-05-17 18:48:55 +03:00