jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,065 Commits 1 Branch 0 Tags
Commit Graph

3065 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul J. Dorn
b2846783d7 strict: header field validation: stop casefolding 
* refusing lowercase and ASCII 0x23 (#) had been partially enforced before
* do not casefold by default, HTTP methods are case sensitive
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
42dd4190ac test: verify TOKEN_RE against common HTTP Methods 2023-12-15 13:33:31 +01:00
Paul J. Dorn
13027ef797 Create SECURITY.md 2023-12-15 13:33:31 +01:00
Tomi Belan
f0c91cca48 Check SCRIPT_NAME is at the request path's beginning 2023-12-15 13:33:31 +01:00
Ben Kallus
72238fcf8d RFC compliant request line and header parsing 
- Unify HEADER_RE and METH_RE
- Replace CRLF with SP during obs-fold processing (See RFC 9112 Section 5.2, last paragraph)
- Stop stripping header names.
- Remove HTAB in OWS in header values that use obs-fold (See RFC 9112 Section 5.2, last paragraph)
- Use fullmatch instead of search, which has problems with empty strings. (See GHSA-68xg-gqqm-vgj8)
- Split proxy protocol line on space only. (See proxy protocol Section 2.1, bullet 3)
- Use fullmatch for method and version (Thank you to Paul Dorn for noticing this.)
- Replace calls to str.strip() with str.strip(' \t')
- Split request line on SP only.

Co-authored-by: Paul Dorn <pajod@users.noreply.github.com>
 2023-12-15 13:33:31 +01:00
Ben Kallus
735e9e867a Disallow empty header names. 2023-12-15 13:33:31 +01:00
Ben Kallus
2dbe49de99 RFC compliant header field+chunk validation 
* update HEADER_RE and HEADER_VALUE_RE to match the RFCs
* update chunk length parsing to disallow 0x prefix and digit-separating underscores.
 2023-12-15 13:33:31 +01:00
Paul J. Dorn
559caf9205 pytest: raise on malformed test fixtures 
and unbreak test depending on backslash escape
 2023-12-15 13:33:31 +01:00
Benoit Chesneau
26aba9ed9d
Merge pull request #3102 from deronnax/pyproject-toml-fix-license 
pyproject.toml: fix embedding of the LICENSE file in the package
 2023-12-07 15:39:01 +01:00
benoitc
4023228493 let's exception not bubble 
ensure we can catch  correctly  exceptions based on BaseException.

Note: patch was origninally proposed by the pr #2923, but original
author closed it.

Fix #2923
 2023-12-07 15:36:48 +01:00
Mathieu Dupuy
7acd83bfb6
pyproject.toml: fix license-files field 2023-12-02 11:03:13 +01:00
Benoit Chesneau
ca9162d9cd
Merge pull request #3090 from sblondon/remove-python2-note 
Remove Python2 note
 2023-11-18 23:15:01 +01:00
Benoit Chesneau
571b6fff46
Merge pull request #3095 from ramikg/simplify-workertmp-notify 
Use `utime` instead of `fchmod` in `WorkerTmp.notify`
 2023-11-18 23:14:29 +01:00
Rami
0dd6b6350e
Use utime instead of fchmod in WorkerTmp.notify 2023-11-14 11:54:14 +02:00
Benoit Chesneau
02d3dd8b7a
Merge pull request #3063 from deronnax/migrate-to-pyproject-toml 
Migrate to pyproject toml
 2023-11-13 23:57:48 +01:00
sblondon
237f3e6f5c
Remove Python2 note 
Python2 is not supported anymore.
 2023-11-11 23:02:07 +01:00
Benoit Chesneau
430dcdd997
Merge pull request #3075 from benoitc/dependabot/github_actions/actions/checkout-4 
Bump actions/checkout from 3 to 4
 2023-10-12 19:01:41 +02:00
dependabot[bot]
7d69222b55
Bump actions/checkout from 3 to 4 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-01 21:28:16 +00:00
Mathieu Dupuy
fdd23e8292
migrate to pyproject.toml 2023-09-12 00:43:37 +02:00
Mathieu Dupuy
7033f27e28
remove exclusion of tests and examples dir 
setuptools already exclude them by default in the flat-layout setup,
see https://setuptools.pypa.io/en/latest/userguide/package_discovery.html\#flat-layout
 2023-09-04 15:22:37 +02:00
Mathieu Dupuy
760e864200
migrate to setup.cfg 2023-09-04 15:19:54 +02:00
benoitc
ab9c8301cb bump to 21.2.0 2023-07-19 13:31:10 +02:00
Benoit Chesneau
f5669f6475
Merge pull request #3033 from benoitc/fix-gthread 
revert change considering connection as idle
 2023-07-19 13:26:28 +02:00
benoitc
bc905859a6 revert change considering connection as idle 2023-07-19 00:10:24 +02:00
benoitc
4e12ebe334 bump to 21.1.0 2023-07-18 14:41:05 +02:00
benoitc
60b78e3d98 fix setup.cfg: use new license_files property 
`license_file` propert in setup.cfg is deprecated and should be replaced
by the `license_files` property.

fix #3027
 2023-07-18 14:33:53 +02:00
Benoit Chesneau
83c3973e1b
Merge pull request #3030 from benoitc/fix-ghthread 
fix gthread worker
 2023-07-18 14:28:44 +02:00
benoitc
86d85cb369 fix gthread worker 
under Python 3.8 and sup exception is ValueError when fd has already
been cleared by the system.

fix #3029
 2023-07-18 14:10:36 +02:00
benoitc
547f8561d9 bump 21.0.1: fix doc 2023-07-17 23:19:49 +02:00
benoitc
033dca60cd fix doc path to conf.py in readthedocs.yaml 2023-07-17 23:14:57 +02:00
benoitc
1dd24e6e3c fix .readthedocs.yaml path 2023-07-17 23:08:54 +02:00
benoitc
b6eb01ba52 add readthedocs.yaml 2023-07-17 23:03:59 +02:00
benoitc
543628eb12 remove pypy-3.7 from tests 2023-07-17 22:47:52 +02:00
benoitc
91cb3dc67c Revert "remove cryptography from requirements" 
This reverts commit 471a6f80f0a255a41e0effe9896751db0a814999.
 2023-07-17 22:45:55 +02:00
benoitc
471a6f80f0 remove cryptography from requirements 2023-07-17 22:43:27 +02:00
benoitc
f628dd9730 fix import error 2023-07-17 22:40:52 +02:00
benoitc
cac38b4286 bump doc version 2023-07-17 22:31:15 +02:00
benoitc
0304f006e6 add minitimal changelog 2023-07-17 21:36:31 +02:00
benoitc
f72acb6c0e add missing depedency for eventlet tests 2023-07-17 21:20:44 +02:00
benoitc
1ff10ff99d remove useless dep 2023-07-17 21:10:25 +02:00
Benoit Chesneau
cc2e383578
Merge pull request #3003 from jasonamyers/2977-content-length 
Updating Content-Length Handling
 2023-07-11 00:14:23 +02:00
Benoit Chesneau
a74b3ed9e0
Merge pull request #3016 from kurtmckee/add-dependabot-for-github-actions 
Add a Dependabot config to keep GitHub action versions updated
 2023-07-11 00:13:33 +02:00
Benoit Chesneau
378f0d04ec bump to 21.0.0 2023-07-10 22:09:23 +00:00
Kurt McKee
2f17eb508e
Add a Dependabot config to keep GitHub action versions updated 2023-06-29 09:50:49 -05:00
Jason Myers
fa94f70529 Updating Content-Length Handling 
Signed-off-by: Jason Myers <jmyers@syntellis.com>
 2023-05-30 20:42:13 -05:00
Benoit Chesneau
add8a4c951
Merge pull request #2996 from Excalartur/pylint-pass2 
update pylint version, and fix linter issues
 2023-05-25 10:42:38 +02:00
unknown
dd0aebfc87 add to THANKS :) 2023-05-17 18:55:15 +03:00
unknown
cc15967cff tox.ini deps 2023-05-17 18:48:55 +03:00
unknown
48d670f087 update pylint version, and fix linter issues 2023-05-17 18:45:59 +03:00
Benoit Chesneau
6998d1247c
Merge pull request #2993 from ikonst/fix-access-log 
Log access even when connection is closed
 2023-05-13 21:10:20 +02:00