cherrypy.tools.static loses with a TypeError in httputil.get_ranges() when asked to serve a range from a fileobj representing a zipfile entry #2024
Labels
bug
CherryPy code
reproducer: present
This PR or issue contains code, which reproduce the problem described or clearly understandable STR
I'm submitting a ...
Do you want to request a feature or report a bug?
This is very much a bug -- forcing zipapps to unzip themselves to get at embedded static resources simply isn't possible in some deployment scenarios. (i.e. there's nowhere the user the app is running as can write to, for reasonably good security reasons). Also, what's the point of
cherrypy.tools.static.serve_fileobj
if what you serve has to be on the filesystem to begin with?What is the current behavior?
A
500
with a backtrace fromhttputil.get_ranges()
raising a "TypeError: '>=' not supported between instances of 'int' and 'NoneType'
"If the current behavior is a bug, please provide the steps to reproduce and if possible a screenshots and logs of the problem. If you can, show us your code.
Reproduction instructions (with a mildly redacted traceback)
demonstration zipapp, created using
cp -R
of the sources shown here then apip install of cherrypy
into the builddir followed by invoking zipapp from the command linepieface.zip
source code:
and for good measure:
index.html I am serving:
What is the expected behavior?
200 OK
and I get theindex.html
inside the attachedpieface.pyz
back (i.e. it ignores the Range header on something that's not a real filesystem object), or 206 Partial Content and I get the first ten bytes of that index.html back (i.e. it's able to figure out the size in a way that isn't reliant on the file-like having afileno
that can be fed tofstat()
)What is the motivation / use case for changing the behavior?
This would allow CherryPy's static content handler to be used to serve static files out of a zipapp, which would lend itself to implementing a WAR-like deployment story for Python webapps (unfortunately, mod_wsgi's archaic method of loading scripts is also a barrier to this as it can't load zip-anythings).
Please tell us about your environment:
Range
header at an app that's trying to load resources out of a zip without unpacking it (or any other non-fileno fileobj for that matter)Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, e.g. stackoverflow, gitter, etc.)
httputil.get_ranges()
probably should returnNone
instead of barfing if passedNone
for acontent_length
The text was updated successfully, but these errors were encountered: