mirror of
https://github.com/python/cpython.git
synced 2024-11-27 03:45:08 +08:00
ed81971e6b
The header-folder of the new email API has a long standing known buglet where if the first token is longer than max_line_length, it puts that token on the next line. It turns out there is also a *parsing* bug when parsing such a header: the space prefixing that first, non-empty line gets preserved and tacked on to the start of the header value, which is not the expected behavior per the RFCs. The bug arises from the fact that the parser assumed that there would be at least one token on the line with the header, which is going to be true for probably every email producer other than the python email library with its folding buglet. Clearly, though, this is a case that needs to be handled correctly. The fix is simple: strip the blanks off the start of the whole value, not just the first physical line of the value. Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
383 lines
15 KiB
Python
383 lines
15 KiB
Python
"""Policy framework for the email package.
|
|
|
|
Allows fine grained feature control of how the package parses and emits data.
|
|
"""
|
|
|
|
import abc
|
|
from email import header
|
|
from email import charset as _charset
|
|
from email.utils import _has_surrogates
|
|
|
|
__all__ = [
|
|
'Policy',
|
|
'Compat32',
|
|
'compat32',
|
|
]
|
|
|
|
|
|
class _PolicyBase:
|
|
|
|
"""Policy Object basic framework.
|
|
|
|
This class is useless unless subclassed. A subclass should define
|
|
class attributes with defaults for any values that are to be
|
|
managed by the Policy object. The constructor will then allow
|
|
non-default values to be set for these attributes at instance
|
|
creation time. The instance will be callable, taking these same
|
|
attributes keyword arguments, and returning a new instance
|
|
identical to the called instance except for those values changed
|
|
by the keyword arguments. Instances may be added, yielding new
|
|
instances with any non-default values from the right hand
|
|
operand overriding those in the left hand operand. That is,
|
|
|
|
A + B == A(<non-default values of B>)
|
|
|
|
The repr of an instance can be used to reconstruct the object
|
|
if and only if the repr of the values can be used to reconstruct
|
|
those values.
|
|
|
|
"""
|
|
|
|
def __init__(self, **kw):
|
|
"""Create new Policy, possibly overriding some defaults.
|
|
|
|
See class docstring for a list of overridable attributes.
|
|
|
|
"""
|
|
for name, value in kw.items():
|
|
if hasattr(self, name):
|
|
super(_PolicyBase,self).__setattr__(name, value)
|
|
else:
|
|
raise TypeError(
|
|
"{!r} is an invalid keyword argument for {}".format(
|
|
name, self.__class__.__name__))
|
|
|
|
def __repr__(self):
|
|
args = [ "{}={!r}".format(name, value)
|
|
for name, value in self.__dict__.items() ]
|
|
return "{}({})".format(self.__class__.__name__, ', '.join(args))
|
|
|
|
def clone(self, **kw):
|
|
"""Return a new instance with specified attributes changed.
|
|
|
|
The new instance has the same attribute values as the current object,
|
|
except for the changes passed in as keyword arguments.
|
|
|
|
"""
|
|
newpolicy = self.__class__.__new__(self.__class__)
|
|
for attr, value in self.__dict__.items():
|
|
object.__setattr__(newpolicy, attr, value)
|
|
for attr, value in kw.items():
|
|
if not hasattr(self, attr):
|
|
raise TypeError(
|
|
"{!r} is an invalid keyword argument for {}".format(
|
|
attr, self.__class__.__name__))
|
|
object.__setattr__(newpolicy, attr, value)
|
|
return newpolicy
|
|
|
|
def __setattr__(self, name, value):
|
|
if hasattr(self, name):
|
|
msg = "{!r} object attribute {!r} is read-only"
|
|
else:
|
|
msg = "{!r} object has no attribute {!r}"
|
|
raise AttributeError(msg.format(self.__class__.__name__, name))
|
|
|
|
def __add__(self, other):
|
|
"""Non-default values from right operand override those from left.
|
|
|
|
The object returned is a new instance of the subclass.
|
|
|
|
"""
|
|
return self.clone(**other.__dict__)
|
|
|
|
|
|
def _append_doc(doc, added_doc):
|
|
doc = doc.rsplit('\n', 1)[0]
|
|
added_doc = added_doc.split('\n', 1)[1]
|
|
return doc + '\n' + added_doc
|
|
|
|
def _extend_docstrings(cls):
|
|
if cls.__doc__ and cls.__doc__.startswith('+'):
|
|
cls.__doc__ = _append_doc(cls.__bases__[0].__doc__, cls.__doc__)
|
|
for name, attr in cls.__dict__.items():
|
|
if attr.__doc__ and attr.__doc__.startswith('+'):
|
|
for c in (c for base in cls.__bases__ for c in base.mro()):
|
|
doc = getattr(getattr(c, name), '__doc__')
|
|
if doc:
|
|
attr.__doc__ = _append_doc(doc, attr.__doc__)
|
|
break
|
|
return cls
|
|
|
|
|
|
class Policy(_PolicyBase, metaclass=abc.ABCMeta):
|
|
|
|
r"""Controls for how messages are interpreted and formatted.
|
|
|
|
Most of the classes and many of the methods in the email package accept
|
|
Policy objects as parameters. A Policy object contains a set of values and
|
|
functions that control how input is interpreted and how output is rendered.
|
|
For example, the parameter 'raise_on_defect' controls whether or not an RFC
|
|
violation results in an error being raised or not, while 'max_line_length'
|
|
controls the maximum length of output lines when a Message is serialized.
|
|
|
|
Any valid attribute may be overridden when a Policy is created by passing
|
|
it as a keyword argument to the constructor. Policy objects are immutable,
|
|
but a new Policy object can be created with only certain values changed by
|
|
calling the Policy instance with keyword arguments. Policy objects can
|
|
also be added, producing a new Policy object in which the non-default
|
|
attributes set in the right hand operand overwrite those specified in the
|
|
left operand.
|
|
|
|
Settable attributes:
|
|
|
|
raise_on_defect -- If true, then defects should be raised as errors.
|
|
Default: False.
|
|
|
|
linesep -- string containing the value to use as separation
|
|
between output lines. Default '\n'.
|
|
|
|
cte_type -- Type of allowed content transfer encodings
|
|
|
|
7bit -- ASCII only
|
|
8bit -- Content-Transfer-Encoding: 8bit is allowed
|
|
|
|
Default: 8bit. Also controls the disposition of
|
|
(RFC invalid) binary data in headers; see the
|
|
documentation of the binary_fold method.
|
|
|
|
max_line_length -- maximum length of lines, excluding 'linesep',
|
|
during serialization. None or 0 means no line
|
|
wrapping is done. Default is 78.
|
|
|
|
mangle_from_ -- a flag that, when True escapes From_ lines in the
|
|
body of the message by putting a '>' in front of
|
|
them. This is used when the message is being
|
|
serialized by a generator. Default: False.
|
|
|
|
message_factory -- the class to use to create new message objects.
|
|
If the value is None, the default is Message.
|
|
|
|
verify_generated_headers
|
|
-- if true, the generator verifies that each header
|
|
they are properly folded, so that a parser won't
|
|
treat it as multiple headers, start-of-body, or
|
|
part of another header.
|
|
This is a check against custom Header & fold()
|
|
implementations.
|
|
"""
|
|
|
|
raise_on_defect = False
|
|
linesep = '\n'
|
|
cte_type = '8bit'
|
|
max_line_length = 78
|
|
mangle_from_ = False
|
|
message_factory = None
|
|
verify_generated_headers = True
|
|
|
|
def handle_defect(self, obj, defect):
|
|
"""Based on policy, either raise defect or call register_defect.
|
|
|
|
handle_defect(obj, defect)
|
|
|
|
defect should be a Defect subclass, but in any case must be an
|
|
Exception subclass. obj is the object on which the defect should be
|
|
registered if it is not raised. If the raise_on_defect is True, the
|
|
defect is raised as an error, otherwise the object and the defect are
|
|
passed to register_defect.
|
|
|
|
This method is intended to be called by parsers that discover defects.
|
|
The email package parsers always call it with Defect instances.
|
|
|
|
"""
|
|
if self.raise_on_defect:
|
|
raise defect
|
|
self.register_defect(obj, defect)
|
|
|
|
def register_defect(self, obj, defect):
|
|
"""Record 'defect' on 'obj'.
|
|
|
|
Called by handle_defect if raise_on_defect is False. This method is
|
|
part of the Policy API so that Policy subclasses can implement custom
|
|
defect handling. The default implementation calls the append method of
|
|
the defects attribute of obj. The objects used by the email package by
|
|
default that get passed to this method will always have a defects
|
|
attribute with an append method.
|
|
|
|
"""
|
|
obj.defects.append(defect)
|
|
|
|
def header_max_count(self, name):
|
|
"""Return the maximum allowed number of headers named 'name'.
|
|
|
|
Called when a header is added to a Message object. If the returned
|
|
value is not 0 or None, and there are already a number of headers with
|
|
the name 'name' equal to the value returned, a ValueError is raised.
|
|
|
|
Because the default behavior of Message's __setitem__ is to append the
|
|
value to the list of headers, it is easy to create duplicate headers
|
|
without realizing it. This method allows certain headers to be limited
|
|
in the number of instances of that header that may be added to a
|
|
Message programmatically. (The limit is not observed by the parser,
|
|
which will faithfully produce as many headers as exist in the message
|
|
being parsed.)
|
|
|
|
The default implementation returns None for all header names.
|
|
"""
|
|
return None
|
|
|
|
@abc.abstractmethod
|
|
def header_source_parse(self, sourcelines):
|
|
"""Given a list of linesep terminated strings constituting the lines of
|
|
a single header, return the (name, value) tuple that should be stored
|
|
in the model. The input lines should retain their terminating linesep
|
|
characters. The lines passed in by the email package may contain
|
|
surrogateescaped binary data.
|
|
"""
|
|
raise NotImplementedError
|
|
|
|
@abc.abstractmethod
|
|
def header_store_parse(self, name, value):
|
|
"""Given the header name and the value provided by the application
|
|
program, return the (name, value) that should be stored in the model.
|
|
"""
|
|
raise NotImplementedError
|
|
|
|
@abc.abstractmethod
|
|
def header_fetch_parse(self, name, value):
|
|
"""Given the header name and the value from the model, return the value
|
|
to be returned to the application program that is requesting that
|
|
header. The value passed in by the email package may contain
|
|
surrogateescaped binary data if the lines were parsed by a BytesParser.
|
|
The returned value should not contain any surrogateescaped data.
|
|
|
|
"""
|
|
raise NotImplementedError
|
|
|
|
@abc.abstractmethod
|
|
def fold(self, name, value):
|
|
"""Given the header name and the value from the model, return a string
|
|
containing linesep characters that implement the folding of the header
|
|
according to the policy controls. The value passed in by the email
|
|
package may contain surrogateescaped binary data if the lines were
|
|
parsed by a BytesParser. The returned value should not contain any
|
|
surrogateescaped data.
|
|
|
|
"""
|
|
raise NotImplementedError
|
|
|
|
@abc.abstractmethod
|
|
def fold_binary(self, name, value):
|
|
"""Given the header name and the value from the model, return binary
|
|
data containing linesep characters that implement the folding of the
|
|
header according to the policy controls. The value passed in by the
|
|
email package may contain surrogateescaped binary data.
|
|
|
|
"""
|
|
raise NotImplementedError
|
|
|
|
|
|
@_extend_docstrings
|
|
class Compat32(Policy):
|
|
|
|
"""+
|
|
This particular policy is the backward compatibility Policy. It
|
|
replicates the behavior of the email package version 5.1.
|
|
"""
|
|
|
|
mangle_from_ = True
|
|
|
|
def _sanitize_header(self, name, value):
|
|
# If the header value contains surrogates, return a Header using
|
|
# the unknown-8bit charset to encode the bytes as encoded words.
|
|
if not isinstance(value, str):
|
|
# Assume it is already a header object
|
|
return value
|
|
if _has_surrogates(value):
|
|
return header.Header(value, charset=_charset.UNKNOWN8BIT,
|
|
header_name=name)
|
|
else:
|
|
return value
|
|
|
|
def header_source_parse(self, sourcelines):
|
|
"""+
|
|
The name is parsed as everything up to the ':' and returned unmodified.
|
|
The value is determined by stripping leading whitespace off the
|
|
remainder of the first line joined with all subsequent lines, and
|
|
stripping any trailing carriage return or linefeed characters.
|
|
|
|
"""
|
|
name, value = sourcelines[0].split(':', 1)
|
|
value = ''.join((value, *sourcelines[1:])).lstrip(' \t\r\n')
|
|
return (name, value.rstrip('\r\n'))
|
|
|
|
def header_store_parse(self, name, value):
|
|
"""+
|
|
The name and value are returned unmodified.
|
|
"""
|
|
return (name, value)
|
|
|
|
def header_fetch_parse(self, name, value):
|
|
"""+
|
|
If the value contains binary data, it is converted into a Header object
|
|
using the unknown-8bit charset. Otherwise it is returned unmodified.
|
|
"""
|
|
return self._sanitize_header(name, value)
|
|
|
|
def fold(self, name, value):
|
|
"""+
|
|
Headers are folded using the Header folding algorithm, which preserves
|
|
existing line breaks in the value, and wraps each resulting line to the
|
|
max_line_length. Non-ASCII binary data are CTE encoded using the
|
|
unknown-8bit charset.
|
|
|
|
"""
|
|
return self._fold(name, value, sanitize=True)
|
|
|
|
def fold_binary(self, name, value):
|
|
"""+
|
|
Headers are folded using the Header folding algorithm, which preserves
|
|
existing line breaks in the value, and wraps each resulting line to the
|
|
max_line_length. If cte_type is 7bit, non-ascii binary data is CTE
|
|
encoded using the unknown-8bit charset. Otherwise the original source
|
|
header is used, with its existing line breaks and/or binary data.
|
|
|
|
"""
|
|
folded = self._fold(name, value, sanitize=self.cte_type=='7bit')
|
|
return folded.encode('ascii', 'surrogateescape')
|
|
|
|
def _fold(self, name, value, sanitize):
|
|
parts = []
|
|
parts.append('%s: ' % name)
|
|
if isinstance(value, str):
|
|
if _has_surrogates(value):
|
|
if sanitize:
|
|
h = header.Header(value,
|
|
charset=_charset.UNKNOWN8BIT,
|
|
header_name=name)
|
|
else:
|
|
# If we have raw 8bit data in a byte string, we have no idea
|
|
# what the encoding is. There is no safe way to split this
|
|
# string. If it's ascii-subset, then we could do a normal
|
|
# ascii split, but if it's multibyte then we could break the
|
|
# string. There's no way to know so the least harm seems to
|
|
# be to not split the string and risk it being too long.
|
|
parts.append(value)
|
|
h = None
|
|
else:
|
|
h = header.Header(value, header_name=name)
|
|
else:
|
|
# Assume it is a Header-like object.
|
|
h = value
|
|
if h is not None:
|
|
# The Header class interprets a value of None for maxlinelen as the
|
|
# default value of 78, as recommended by RFC 2822.
|
|
maxlinelen = 0
|
|
if self.max_line_length is not None:
|
|
maxlinelen = self.max_line_length
|
|
parts.append(h.encode(linesep=self.linesep, maxlinelen=maxlinelen))
|
|
parts.append(self.linesep)
|
|
return ''.join(parts)
|
|
|
|
|
|
compat32 = Compat32()
|