This file is indexed.

/usr/share/pyshared/zope/publisher/xmlrpc.py is in python-zope.publisher 3.12.6-2ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
##############################################################################
#
# Copyright (c) 2001, 2002 Zope Foundation and Contributors.
# All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE.
#
##############################################################################
"""XML-RPC Publisher

This module contains the XMLRPCRequest and XMLRPCResponse
"""
__docformat__ = 'restructuredtext'

import sys
import xmlrpclib
import datetime
from StringIO import StringIO

import zope.component
import zope.interface
from zope.interface import implements
from zope.publisher.interfaces.xmlrpc import \
        IXMLRPCPublisher, IXMLRPCRequest, IXMLRPCPremarshaller, IXMLRPCView

from zope.publisher.http import HTTPRequest, HTTPResponse, DirectResult
from zope.security.proxy import isinstance

class XMLRPCRequest(HTTPRequest):
    implements(IXMLRPCRequest)

    _args = ()

    def _createResponse(self):
        """Create a specific XML-RPC response object."""
        return XMLRPCResponse()

    def processInputs(self):
        'See IPublisherRequest'
        # Parse the request XML structure

        # Using lines() does not work as Twisted's BufferedStream sends back
        # an empty stream here for read() (bug). Using readlines() does not
        # work with paster.httpserver. However, readline() works fine.
        lines = ''
        while True:
            line = self._body_instream.readline()
            if not line:
                break
            lines += line
        self._args, function = xmlrpclib.loads(lines)

        # Translate '.' to '/' in function to represent object traversal.
        function = function.split('.')

        if function:
            self.setPathSuffix(function)


class TestRequest(XMLRPCRequest):

    def __init__(self, body_instream=None, environ=None, response=None, **kw):

        _testEnv =  {
            'SERVER_URL':         'http://127.0.0.1',
            'HTTP_HOST':          '127.0.0.1',
            'CONTENT_LENGTH':     '0',
            'GATEWAY_INTERFACE':  'TestFooInterface/1.0',
            }

        if environ:
            _testEnv.update(environ)
        if kw:
            _testEnv.update(kw)
        if body_instream is None:
            body_instream = StringIO('')

        super(TestRequest, self).__init__(body_instream, _testEnv, response)


class XMLRPCResponse(HTTPResponse):
    """XMLRPC response.

    This object is responsible for converting all output to valid XML-RPC.
    """

    def setResult(self, result):
        """Sets the result of the response

        Sets the return body equal to the (string) argument "body". Also
        updates the "content-length" return header.

        If the body is a 2-element tuple, then it will be treated
        as (title,body)

        If is_error is true then the HTML will be formatted as a Zope error
        message instead of a generic HTML page.
        """
        body = premarshal(result)
        if isinstance(body, xmlrpclib.Fault):
            # Convert Fault object to XML-RPC response.
            body = xmlrpclib.dumps(body, methodresponse=True)
        else:
            # Marshall our body as an XML-RPC response. Strings will be sent
            # as strings, integers as integers, etc.  We do *not* convert
            # everything to a string first.
            try:
                body = xmlrpclib.dumps((body,), methodresponse=True,
                                       allow_none=True)
            except:
                # We really want to catch all exceptions at this point!
                self.handleException(sys.exc_info())
                return

        headers = [('content-type', 'text/xml;charset=utf-8'),
                   ('content-length', str(len(body)))]
        self._headers.update(dict((k, [v]) for (k, v) in headers))
        super(XMLRPCResponse, self).setResult(DirectResult((body,)))


    def handleException(self, exc_info):
        """Handle Errors during publsihing and wrap it in XML-RPC XML

        >>> import sys
        >>> resp = XMLRPCResponse()
        >>> try:
        ...     raise AttributeError('xyz')
        ... except:
        ...     exc_info = sys.exc_info()
        ...     resp.handleException(exc_info)

        >>> resp.getStatusString()
        '200 OK'
        >>> resp.getHeader('content-type')
        'text/xml;charset=utf-8'
        >>> body = ''.join(resp.consumeBody())
        >>> 'Unexpected Zope exception: AttributeError: xyz' in body
        True
        """
        t, value = exc_info[:2]
        s = '%s: %s' % (getattr(t, '__name__', t), value)

        # Create an appropriate Fault object. Unfortunately, we throw away
        # most of the debugging information. More useful error reporting is
        # left as an exercise for the reader.
        Fault = xmlrpclib.Fault
        fault_text = None
        try:
            if isinstance(value, Fault):
                fault_text = value
            elif isinstance(value, Exception):
                fault_text = Fault(-1, "Unexpected Zope exception: " + s)
            else:
                fault_text = Fault(-2, "Unexpected Zope error value: " + s)
        except:
            fault_text = Fault(-3, "Unknown Zope fault type")

        # Do the damage.
        self.setResult(fault_text)
        # XML-RPC prefers a status of 200 ("ok") even when reporting errors.
        self.setStatus(200)


class XMLRPCView(object):
    """A base XML-RPC view that can be used as mix-in for XML-RPC views.""" 
    implements(IXMLRPCView)

    def __init__(self, context, request):
        self.context = context
        self.request = request


class PreMarshallerBase(object):
    """Abstract base class for pre-marshallers."""
    zope.interface.implements(IXMLRPCPremarshaller)

    def __init__(self, data):
        self.data = data

    def __call__(self):
        raise Exception, "Not implemented"

class DictPreMarshaller(PreMarshallerBase):
    """Pre-marshaller for dicts"""
    zope.component.adapts(dict)

    def __call__(self):
        return dict([(premarshal(k), premarshal(v))
                     for (k, v) in self.data.items()])

class ListPreMarshaller(PreMarshallerBase):
    """Pre-marshaller for list"""
    zope.component.adapts(list)

    def __call__(self):
        return map(premarshal, self.data)

class TuplePreMarshaller(ListPreMarshaller):
    zope.component.adapts(tuple)

class BinaryPreMarshaller(PreMarshallerBase):
    """Pre-marshaller for xmlrpc.Binary"""
    zope.component.adapts(xmlrpclib.Binary)

    def __call__(self):
        return xmlrpclib.Binary(self.data.data)

class FaultPreMarshaller(PreMarshallerBase):
    """Pre-marshaller for xmlrpc.Fault"""
    zope.component.adapts(xmlrpclib.Fault)

    def __call__(self):
        return xmlrpclib.Fault(
            premarshal(self.data.faultCode),
            premarshal(self.data.faultString),
            )

class DateTimePreMarshaller(PreMarshallerBase):
    """Pre-marshaller for xmlrpc.DateTime"""
    zope.component.adapts(xmlrpclib.DateTime)

    def __call__(self):
        return xmlrpclib.DateTime(self.data.value)

class PythonDateTimePreMarshaller(PreMarshallerBase):
    """Pre-marshaller for datetime.datetime"""
    zope.component.adapts(datetime.datetime)

    def __call__(self):
        return xmlrpclib.DateTime(self.data.isoformat())

def premarshal(data):
    """Premarshal data before handing it to xmlrpclib for marhalling

    The initial purpose of this function is to remove security proxies
    without resorting to removeSecurityProxy.   This way, we can avoid
    inadvertently providing access to data that should be protected.
    """
    premarshaller = IXMLRPCPremarshaller(data, alternate=None)
    if premarshaller is not None:
        return premarshaller()
    return data