Start moving policy checks to service-time, rather than parse-time.

4 files changed, 29 insertions, 39 deletions

diff --git a/libpathod/app.py b/libpathod/app.py
index 396e45c2..fc4e23ec 100644
--- a/libpathod/app.py
+++ b/libpathod/app.py
@@ -131,9 +131,9 @@ def _preview(is_request):
     args["pauses"] = r.preview_safe()
 
     if is_request:
-        r.serve(s, check=app.config["pathod"].check_policy, host="example.com")
+        r.serve(app.config["pathod"].request_settings, s, check=app.config["pathod"].check_policy, host="example.com")
     else:
-        r.serve(s, check=app.config["pathod"].check_policy)
+        r.serve(app.config["pathod"].request_settings, s, check=app.config["pathod"].check_policy)
 
     args["output"] = utils.escape_unprintables(s.getvalue())
     return render(template, False, **args)
diff --git a/libpathod/language.py b/libpathod/language.py
index a5c53677..c9aa7f66 100644
--- a/libpathod/language.py
+++ b/libpathod/language.py
@@ -25,19 +25,6 @@ class ParseException(Exception):
         return "%s at char %s"%(self.msg, self.col)
 
 
-def ready_actions(length, lst):
-    ret = []
-    for i in lst:
-        itms = list(i)
-        if i[0] == "r":
-            itms[0] = random.randrange(length)
-        elif i[0] == "a":
-            itms[0] = length+1
-        ret.append(tuple(itms))
-    ret.sort()
-    return ret
-
-
 def send_chunk(fp, val, blocksize, start, end):
     """
         (start, end): Inclusive lower bound, exclusive upper bound.
@@ -441,6 +428,9 @@ class _Action:
 
     def __repr__(self):
         return self.spec()
+        
+    def accept(self, settings, r):
+        r.actions.append(self)
 
 
 class PauseAt(_Action):
@@ -464,17 +454,14 @@ class PauseAt(_Action):
     def spec(self):
         return "p%s,%s"%(self.offset, self.seconds)
 
-    def accept(self, settings, r):
-        r.actions.append((self.offset, "pause", self.seconds))
+    def intermediate(self, settings):
+        return (self.offset, "pause", self.seconds)
 
 
 class DisconnectAt(_Action):
     def __init__(self, offset):
         _Action.__init__(self, offset)
 
-    def accept(self, settings, r):
-        r.actions.append((self.offset, "disconnect"))
-
     @classmethod
     def expr(klass):
         e = pp.Literal("d").suppress()
@@ -484,6 +471,9 @@ class DisconnectAt(_Action):
     def spec(self):
         return "d%s"%self.offset
 
+    def intermediate(self, settings):
+        return (self.offset, "disconnect")
+
 
 class InjectAt(_Action):
     def __init__(self, offset, value):
@@ -501,14 +491,12 @@ class InjectAt(_Action):
     def spec(self):
         return "i%s,%s"%(self.offset, self.value.spec())
 
-    def accept(self, settings, r):
-        r.actions.append(
-            (
+    def intermediate(self, settings):
+        return (
                 self.offset,
                 "inject",
                 self.value.get_generator(settings)
             )
-        )
 
 
 class Header:
@@ -577,8 +565,8 @@ class Message:
         """
             Modify this message to be safe for previews. Returns a list of elided actions.
         """
-        pauses = [i for i in self.actions if i[1] == "pause"]
-        self.actions = [i for i in self.actions if i[1] != "pause"]
+        pauses = [i for i in self.actions if isinstance(i, PauseAt)]
+        self.actions = [i for i in self.actions if not isinstance(i, PauseAt)]
         return pauses
 
     def effective_length(self, actions):
@@ -595,7 +583,7 @@ class Message:
                 l += len(i[2])
         return l
 
-    def serve(self, fp, check, request_host):
+    def serve(self, settings, fp, check, request_host):
         """
             fp: The file pointer to write to.
 
@@ -652,13 +640,15 @@ class Message:
         if self.body:
             vals.append(self.body)
         vals.reverse()
-        actions = ready_actions(self.length(), self.actions)
+        actions = [i.resolve_offset(self) for i in self.actions]
+        actions.sort()
         actions.reverse()
+        actions = [i.intermediate(settings) for i in actions]
         if check:
             ret = check(self, actions)
             if ret:
                 err = PathodErrorResponse(ret)
-                err.serve(fp)
+                err.serve(settings, fp)
                 return dict(
                     disconnect = True,
                     error = ret
@@ -767,8 +757,8 @@ class CraftedRequest(Request):
         for i in tokens:
             i.accept(settings, self)
 
-    def serve(self, fp, check, host):
-        d = Request.serve(self, fp, check, host)
+    def serve(self, settings, fp, check, host):
+        d = Request.serve(self, settings, fp, check, host)
         d["spec"] = self.spec
         return d
 
@@ -780,8 +770,8 @@ class CraftedResponse(Response):
         for i in tokens:
             i.accept(settings, self)
 
-    def serve(self, fp, check):
-        d = Response.serve(self, fp, check, None)
+    def serve(self, settings, fp, check):
+        d = Response.serve(self, settings, fp, check, None)
         d["spec"] = self.spec
         return d
 
@@ -798,8 +788,8 @@ class PathodErrorResponse(Response):
             ),
         ]
 
-    def serve(self, fp, check=None):
-        d = Response.serve(self, fp, check, None)
+    def serve(self, settings, fp, check=None):
+        d = Response.serve(self, settings, fp, check, None)
         d["internal"] = True
         return d
 
diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py
index 3ed09190..873a989c 100644
--- a/libpathod/pathoc.py
+++ b/libpathod/pathoc.py
@@ -22,7 +22,7 @@ class Pathoc(tcp.TCPClient):
             language.FileAccessDenied.
         """
         r = language.parse_request(self.settings, spec)
-        ret = r.serve(self.wfile, None, self.host)
+        ret = r.serve(self.settings, self.wfile, None, self.host)
         self.wfile.flush()
         return http.read_response(self.rfile, r.method, None)
 
@@ -68,7 +68,7 @@ class Pathoc(tcp.TCPClient):
         if showresp:
             self.rfile.start_log()
         try:
-            req = r.serve(self.wfile, None, self.host)
+            req = r.serve(self.settings, self.wfile, None, self.host)
             self.wfile.flush()
             resp = http.read_response(self.rfile, r.method, None)
         except http.HttpError, v:
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index 4ce268fa..9d343a51 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -18,7 +18,7 @@ class PathodHandler(tcp.BaseHandler):
         self.sni = connection.get_servername()
 
     def serve_crafted(self, crafted, request_log):
-        response_log = crafted.serve(self.wfile, self.server.check_policy)
+        response_log = crafted.serve(self.server.request_settings, self.wfile, self.server.check_policy)
         log = dict(
                 type = "crafted",
                 request=request_log,
@@ -96,7 +96,7 @@ class PathodHandler(tcp.BaseHandler):
             return self.serve_crafted(crafted, request_log)
         elif self.server.noweb:
             crafted = language.PathodErrorResponse("Access Denied")
-            crafted.serve(self.wfile, self.server.check_policy)
+            crafted.serve(self.server.request_settings, self.wfile, self.server.check_policy)
             return False, dict(type = "error", msg="Access denied: web interface disabled")
         else:
             self.info("app: %s %s"%(method, path))