projects/relmon: relmon.tcl comparison

comparison relmon.tcl @ 1:cba4887feb2c

Check the content type of documents that are being downloaded Abort if the content type of the document being downloaded cannot be handled. This is to primarily to prevent accidental downloads of potentially large files.

author	Guido Berhoerster <guido+relmon@berhoerster.name>
date	Sun, 19 Oct 2014 20:56:27 +0200
parents	8c5330f6e9e4
children

comparison

equal deleted inserted replaced

-:8c5330f6e9e4
+:cba4887feb2c
 #!/usr/bin/tclsh
 #
-# Copyright (C) 2011 Guido Berhoerster <guido+relmon@berhoerster.name>
+# Copyright (C) 2014 Guido Berhoerster <guido+relmon@berhoerster.name>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
 # "Software"), to deal in the Software without restriction, including
 # without limitation the rights to use, copy, modify, merge, publish,
 variable VERSION 1
 }
 namespace eval ::relmon::common {
-namespace export cmpVersions isUrlValid urlGetHost parseStateFile
+namespace export cmpVersions isUrlValid urlGetHost normalizeHttpHeaders \
+parseStateFile
 }
 # implementation of the Debian version comparison algorithm described at
 # http://www.debian.org/doc/debian-policy/ch-controlfields.html#s-f-Version
 proc ::relmon::common::cmpVersion {v1 v2} {
 proc ::relmon::common::urlGetHost {url} {
 return [expr {(![catch {dict create {*}[uri::split $url]} urlParts]) ?
 [dict get $urlParts "host"] : ""}]
 }
+proc ::relmon::common::normalizeHttpHeaders {headers} {
+set httpHeaders [dict create]
+foreach {header value} $headers {
+set words {}
+foreach word [split $header "-"] {
+lappend words [string totitle $word]
+}
+dict set httpHeaders [join $words "-"] $value
+}
+return $httpHeaders
+}
 proc ::relmon::common::parseStateFile {stateFile} {
 try {
 set f [open $stateFile "r"]
 } trap {POSIX} {errorMsg errorOptions} {
 return -options $errorOptions \
 proc ::relmon::update::ExtractUrls {bodyDataName contentType baseUrl
 rePattern} {
 upvar 1 $bodyDataName bodyData
 set extractedUrls {}
 set resultUrls [dict create]
-set bareContentType [string trim [lindex [split $contentType ";"] 0]]
 # extract all URLs or URL fragments
-switch -- $bareContentType {
+switch -- $contentType {
 {text/html} -
 {application/xhtml+xml} {
 # HTML/XHTML
 # if tdom parsing has failed or not found any "<a>" element,
 # preprocess the document with htmlparse and try again
 }
 return
 }
-proc ::relmon::update::HandleSuccessfulTransfer {item httpHeaders
+proc ::relmon::update::HandleSuccessfulTransfer {item httpBodyName} {
-httpBodyName} {
 upvar 1 $httpBodyName httpBody
 variable Log
 variable StateBuffer
 variable Queue
 variable Watchlist
 set name [dict get $item "name"]
 set url [dict get $item "url"]
-if {[dict exists $httpHeaders "Content-Type"]} {
-set contentType [dict get $httpHeaders "Content-Type"]
-} else {
-set contentType ""
-}
 set patternIndex [dict get $item "pattern_index"]
 set pattern [lindex [dict get $Watchlist $name "patterns"] $patternIndex]
 ${Log}::info "\"$name\": \"$url\": transfer finished"
 # parse data
 try {
-set urls [ExtractUrls httpBody $contentType $url $pattern]
+set urls [ExtractUrls httpBody [dict get $item "content_type"] $url \
+$pattern]
 } trap {RELMON} {errorMsg} {
 # continue on tdom parsing errors or when receiving documents with an
 # unsupported content type
 set urls [dict create]
 set warningMsg "\"$name\": \"$url\": failed to parse data: $errorMsg"
 ${Log}::debug "\"$name\": \"$url\": queuing \"$newUrl\""
 dict lappend Queue [::relmon::common::urlGetHost $newUrl] \
 [dict create "name" $name "url" $newUrl \
 "pattern_index" [expr {$patternIndex + 1}] \
-"num_redirects" 0 "num_retries" 0]
+"content_type" "" "num_redirects" 0 "num_retries" 0]
 } else {
 ${Log}::debug "\"$name\": \"$url\": ignoring \"$newUrl\""
 }
 }
 } else {
 if {[dict get $item "num_redirects"] < 10} {
 ${Log}::debug "\"$name\": \"$url\": queuing \"$redirectUrl\" due to\
 redirect"
 dict lappend Queue [::relmon::common::urlGetHost $redirectUrl] \
-[dict replace $item "url" $redirectUrl \
+[dict replace $item "url" $redirectUrl "content_type" "" \
 "num_redirects" [expr {[dict get $item "num_redirects"] + 1}] \
 "num_retries" 0]
 } else {
 set warningMsg "\"$name\": \"$url\": exceeded maximum number of\
 redirects"
 ${Log}::warn $warningMsg
 StateItemAppendError $name $warningMsg
 return
 }
-proc ::relmon::update::OnTransferFinishedWrapper {token} {
+proc ::relmon::update::TransferCallbackWrapper {callbackCmd args} {
 # ensure that exceptions get raised, by default http catches all errors and
 # silently ignores them, see https://core.tcl.tk/tcl/tktview?name=1414262
-if {[catch {OnTransferFinished $token} -> errorOptions]} {
+if {[catch {eval $callbackCmd $args} -> errorOptions]} {
 OnError [dict get $errorOptions "-errorinfo"] $errorOptions
 }
 return
 }
 set url [dict get $item "url"]
 set name [dict get $item "name"]
 try {
 set token [http::geturl $url \
 -timeout [dict get $Config "transfer_time_limit"] \
--command [namespace code OnTransferFinishedWrapper]]
+-progress [namespace code {TransferCallbackWrapper \
+OnTransferProgress}] \
+-command [namespace code {TransferCallbackWrapper \
+OnTransferFinished}]]
 } on ok {} {
 dict set ActiveTransfers $token $item
 ${Log}::info "\"$name\": \"$url\": starting transfer"
 } on error {errorMsg} {
 }
 return
 }
+proc ::relmon::update::OnTransferProgress {token total current} {
+upvar #0 $token httpState
+variable ActiveTransfers
+variable Log
+# try to determine content type and abort transfer if content type is not
+# one that can be parsed, this is primarily to prevent accidental downloads
+if {[dict get $ActiveTransfers $token "content_type"] eq ""} {
+set httpHeaders [relmon::common::normalizeHttpHeaders \
+$httpState(meta)]
+if {[dict exists $httpHeaders "Content-Type"]} {
+set contentType [string trim [lindex [split \
+[dict get $httpHeaders "Content-Type"] ";"] 0]]
+dict set ActiveTransfers $token "content_type" $contentType
+if {$contentType ni {"text/html" "application/xhtml+xml"
+"application/atom+xml" "application/rss+xml"
+"text/plain"}} {
+${Log}::warn "\"[dict get $ActiveTransfers $token "name"]\":\
+\"[dict get $ActiveTransfers $token "url"]\": content\
+type \"$contentType\" is not acceptable"
+http::reset $token
+}
+}
+}
+}
 proc ::relmon::update::OnTransferFinished {token} {
 upvar #0 $token httpState
 variable Config
 variable HostConnections
 variable Queue
 dict incr HostConnections $host -1
 switch -- $httpState(status) {
 {ok} {
 # normalize headers
-set httpHeaders [dict create]
+set httpHeaders [relmon::common::normalizeHttpHeaders \
-foreach {header value} $httpState(meta) {
+$httpState(meta)]
-set words {}
-foreach word [split $header "-"] {
+# try to determine content type
-lappend words [string totitle $word]
+if {([dict get $item "content_type"] eq "") &&
-}
+[dict exists $httpHeaders "Content-Type"]} {
-dict set httpHeaders [join $words "-"] $value
+dict set item "content_type" [string trim [lindex [split \
+[dict get $httpHeaders "Content-Type"] ";"] 0]]
 }
 # dispatch based on HTTP status code
 set httpCode [http::ncode $token]
 switch -glob -- $httpCode {
 {30[12378]} {
 HandleRedirect $item $httpCode $httpHeaders
 }
 {200} {
-HandleSuccessfulTransfer $item $httpHeaders httpState(body)
+HandleSuccessfulTransfer $item httpState(body)
 }
 default {
 HandleProtocolError $item $httpState(http)
 }
 }
+}
+{reset} {
+# aborted due to wrong content type
 }
 {eof} -
 {timeout} {
 # timeout or connection reset
 HandleTimeoutReset $item
 [dict get $watchlistItem "base_url"]] \
 [dict create \
 "name" $name \
 "url" [dict get $watchlistItem "base_url"] \
 "pattern_index" 0 \
+"content_type" "" \
 "num_redirects" 0 \
 "num_retries" 0]
 dict incr Statistics "items"
 dict set StateBuffer $name [dict create "versions" [dict create] \
 "errors" [list]]

Mercurial > projects > relmon

comparison relmon.tcl @ 1:cba4887feb2c