-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathwsgi.py
More file actions
33 lines (23 loc) · 1012 Bytes
/
wsgi.py
File metadata and controls
33 lines (23 loc) · 1012 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import re
import sys
from a2wsgi import ASGIMiddleware
from ocr_service.app import create_app
sys.path.append("..")
asgi_app = create_app()
asgi_middleware = ASGIMiddleware(asgi_app) # type: ignore[arg-type]
_BAD_URI = re.compile(r"(%2e%2e|%00|\${jndi:|/winnt/|/etc/passwd)", re.I)
def app(environ, start_response):
try:
path = environ.get("PATH_INFO", "")
if _BAD_URI.search(path):
start_response("400 Bad Request", [("Content-Type", "text/plain")])
return [b"Bad Request: blocked"]
# hand off to ASGI → WSGI bridge
return asgi_middleware(environ, start_response)
except UnicodeDecodeError:
start_response("400 Bad Request", [("Content-Type", "text/plain")])
return [b"Bad Request: malformed path"]
except Exception:
# last-resort catch so one bad request can’t crash workers
start_response("500 Internal Server Error", [("Content-Type", "text/plain")])
return [b"Internal Server Error"]