WebAPI試験用のモックを作るついでに,Socketを使った低レベルのWebサーバをPythonで作りました。http://localhost:8080/*.htmlでアクセスするとindex.htmlファイルを返して,それ以外はNot Found(404)を返します。またhttp://localhost:8080/quitをリクエストするとサーバが停止します。
※セキュリティに関しては一切考慮していないので,インターネット公開するサーバでは実行しないでください。ディレクトリトラバーサルは簡単に実行できるでしょう。脆弱サーバの実験用です。
import re
import time
import socket
HOST = '127.0.0.1'
PORT = 8080
BUFFER_SIZE = 4096
def main():
print("Server Listening")
while True:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
sock.bind((HOST, PORT))
sock.listen(2)
sock.settimeout(10)
connection = None
try:
connection, address = sock.accept()
print("connection from {} has been established!".format(address))
recv = connection.recv(BUFFER_SIZE)
print(recv)
data = parse(recv.decode('UTF-8'))
if data['url'] == '/quit':
break
response = create_response(data)
print(response)
connection.send(response.encode('UTF-8'))
except TimeoutError as e:
continue
except Exception as e:
print(str(e))
response = format_response(500, "Internal Server Error", "text/plain", str(e))
if connection:
connection.send(response.encode('UTF-8'))
finally:
if connection:
connection.shutdown(socket.SHUT_RDWR)
connection.close()
time.sleep(1)
def parse(recv):
array = recv.splitlines()
data = {}
if len(array) > 0:
m = re.match(r'(GET|POST|PATCH|PUT|DELETE|HEAD)\s+(.*)\s+(.*)', array[0])
if m:
data['method'] = m.group(1)
data['url'] = m.group(2)
data['payload'] = array[len(array) - 1]
return data
def create_response(data):
if re.match(r'.*\.html', data['url']):
with open('index.html', 'r', encoding='utf-8') as f:
body = f.read()
return format_response(200, "OK", "text/html; charset=utf-8", body)
return format_response(404, "Not Found", "text/plain", "{} Not Found".format(data['url']))
def format_response(code, status, type, body):
response = "HTTP/1.0 {} {}\nContent-Type: {}\n\n{}\n"
return response.format(code, status, type, body);
if __name__ == '__main__':
main()
簡単なhtmlファイルを置いて実行してみます。
<!DOCTYPE html>
<html lang="ja">
<head>
<title>Hello</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
Server Listening
connection from (‘127.0.0.1’, 55843) has been established!
b’GET /aaa.html HTTP/1.1\r\nHost: localhost:8080\r\nConnection: keep-alive\r\nsec-ch-ua: ” Not A;Brand”;v=”99″, “Chromium”;v=”101″, “Opera”;v=”87″\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: “Windows”\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 OPR/87.0.4390.45\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-Site: none\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: ja,en-US;q=0.9,en;q=0.8\r\n\r\n’
HTTP/1.0 200 OK
Content-Type: text/html; charset=utf-8
<!DOCTYPE html>
<html lang=”ja”>
<head>
<title>Hello</title>
</head>
<body>
<h1>Hello World</h1>
</body>
</html>
connection from (‘127.0.0.1’, 55848) has been established!
b’GET /favicon.ico HTTP/1.1\r\nHost: localhost:8080\r\nConnection: keep-alive\r\nsec-ch-ua: ” Not A;Brand”;v=”99″, “Chromium”;v=”101″, “Opera”;v=”87″\r\nsec-ch-ua-mobile: ?0\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 OPR/87.0.4390.45\r\nsec-ch-ua-platform: “Windows”\r\nAccept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Dest: image\r\nReferer: http://localhost:8080/aaa.html\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: ja,en-US;q=0.9,en;q=0.8\r\n\r\n’
HTTP/1.0 404 Not Found
Content-Type: text/plain
/favicon.ico Not Found
JY情報システムズ 