This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: CGIHTTPServer displays raw python code when the url contains '/' after '?'
Type: security Stage: resolved
Components: Library (Lib) Versions: Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: Yudai Fujiwara, martin.panter, xiang.zhang
Priority: normal Keywords:

Created on 2016-11-13 02:32 by Yudai Fujiwara, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
index.py Yudai Fujiwara, 2016-11-13 02:33
server.py Yudai Fujiwara, 2016-11-13 12:26
Messages (5)
msg280681 - (view) Author: Yudai Fujiwara (Yudai Fujiwara) Date: 2016-11-13 02:33
I made a simple CGI server and prepared index.py on the root directory.
When I access to '/index.py?value=data', it displays 'value = data', which is working correctly.
However, when I access to '/index.py?/' or something like this, it displays its raw python code.
It seems that this bug occurs when I access to a url that contains '/' after '?'
msg280694 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-11-13 12:01
Sorry Yudai, I cannot reproduce this. Both '/index.py?value=data' and '/index.py?/' outputs 'value = None' with your index.py.
msg280695 - (view) Author: Yudai Fujiwara (Yudai Fujiwara) Date: 2016-11-13 12:26
Thanks for your reply. I uploaded server.py.
I'm using python 2.7.5 to run server.py on CentOS 7.
Both server.py and index.py are located in /var/www/html.

$ ls -lh
-rwxr-xr-x. 1 root root 189 11月 13 11:21 index.py
-rw-r--r--. 1 root root 239 11月 13 21:04 server.py

This is the response from the server when it works correctly:
$ ncat 192.168.3.5 8000
GET /index.py?value=data HTTP/1.1

HTTP/1.0 200 Script output follows
Server: SimpleHTTP/0.6 Python/2.7.5
Date: Sun, 13 Nov 2016 12:18:49 GMT
Content-type: text/html

<p>value = data</p>

And this is the response when the bug occurs:
$ ncat 192.168.3.5
GET /index.py?/ HTTP/1.1

HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/2.7.5
Date: Sun, 13 Nov 2016 12:06:42 GMT
Content-type: text/plain
Content-Length: 189
Last-Modified: Sun, 13 Nov 2016 02:21:11 GMT

#!/usr/bin/env python
# coding: utf-8
import cgi

form = cgi.FieldStorage()

print("Content-type: text/html")
print("")
print("<p>value = {0}</p>".format( form.getvalue('value', 'None') )

The server.py is running on the terminal and it seems to be working perfectly:
$ python server.py
192.168.3.5 - - [13/Nov/2016 21:18:49] "GET /index.py?value=data HTTP/1.1" 200 -
192.168.3.5 - - [13/Nov/2016 21:20:42] "GET /index.py?/ HTTP/1.1" 200 -

Maybe the configuration in server.py is wrong?
msg280696 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-11-13 13:17
I think this is a bug in 2.7.5 and has already been fixed. I'd suggest you get a more recent version of 2.7. :-)
msg280697 - (view) Author: Yudai Fujiwara (Yudai Fujiwara) Date: 2016-11-13 14:10
I've just installed 2.7.11 and the bug seems to be fixed.
Thank you for your accurate solution!

Closed.
History
Date User Action Args
2022-04-11 14:58:39adminsetgithub: 72865
2016-11-13 14:12:57xiang.zhangsetstage: resolved
2016-11-13 14:10:50Yudai Fujiwarasetstatus: open -> closed
resolution: out of date
messages: + msg280697
2016-11-13 13:17:16xiang.zhangsetmessages: + msg280696
2016-11-13 12:26:19Yudai Fujiwarasetfiles: + server.py

messages: + msg280695
2016-11-13 12:01:12xiang.zhangsetnosy: + xiang.zhang, martin.panter
messages: + msg280694
2016-11-13 02:33:12Yudai Fujiwarasetfiles: + index.py

messages: + msg280681
2016-11-13 02:32:16Yudai Fujiwaracreate