~tribaal/txaws/xss-hardening

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Copyright (c) 2009 Canonical Ltd <duncan.mcgreggor@canonical.com>
# Licenced under the txaws licence available at /LICENSE in the txaws source.

from twisted.web.error import Error

from txaws.util import XML


class AWSError(Error):
    """
    A base class for txAWS errors.
    """
    def __init__(self, xml_bytes, status, message=None, response=None):
        super(AWSError, self).__init__(status, message, response)
        if not xml_bytes:
            raise ValueError("XML cannot be empty.")
        self.original = xml_bytes
        self.errors = []
        self.request_id = ""
        self.host_id = ""
        self.parse()

    def __str__(self):
        return self._get_error_message_string()

    def __repr__(self):
        return "<%s object with %s>" % (
            self.__class__.__name__, self._get_error_code_string())

    def _set_request_id(self, tree):
        request_id_node = tree.find(".//RequestID")
        if hasattr(request_id_node, "text"):
            text = request_id_node.text
            if text:
                self.request_id = text

    def _set_host_id(self, tree):
        host_id = tree.find(".//HostID")
        if hasattr(host_id, "text"):
            text = host_id.text
            if text:
                self.host_id = text

    def _get_error_code_string(self):
        count = len(self.errors)
        error_code = self.get_error_codes()
        if count > 1:
            return "Error count: %s" % error_code
        else:
            return "Error code: %s" % error_code

    def _get_error_message_string(self):
        count = len(self.errors)
        error_message = self.get_error_messages()
        if count > 1:
            return "%s." % error_message
        else:
            return "Error Message: %s" % error_message

    def _node_to_dict(self, node):
        data = {}
        for child in node:
            if child.tag and child.text:
                data[child.tag] = child.text
        return data

    def _check_for_html(self, tree):
        if tree.tag == "html":
            message = "Could not parse HTML in the response."
            raise AWSResponseParseError(message)

    def _set_400_error(self, tree):
        """
        This method needs to be implemented by subclasses.
        """

    def _set_500_error(self, tree):
        self._set_request_id(tree)
        self._set_host_id(tree)
        data = self._node_to_dict(tree)
        if data:
            self.errors.append(data)

    def parse(self, xml_bytes=""):
        if not xml_bytes:
            xml_bytes = self.original
        self.original = xml_bytes
        tree = XML(xml_bytes.strip())
        self._check_for_html(tree)
        self._set_request_id(tree)
        if self.status:
            status = int(self.status)
        else:
            status = 400
        if status >= 500:
            self._set_500_error(tree)
        else:
            self._set_400_error(tree)

    def has_error(self, errorString):
        for error in self.errors:
            if errorString in error.values():
                return True
        return False

    def get_error_codes(self):
        count = len(self.errors)
        if count > 1:
            return count
        elif count == 0:
            return
        else:
            return self.errors[0]["Code"]

    def get_error_messages(self):
        count = len(self.errors)
        if count > 1:
            return "Multiple EC2 Errors"
        elif count == 0:
            return "Empty error list"
        else:
            return self.errors[0]["Message"]



class AWSResponseParseError(Exception):
    """
    txAWS was unable to parse the server response.
    """