From 4d07f40148c267d83e79243227d3ba0878ac4f9b Mon Sep 17 00:00:00 2001 From: Akhil M S Date: Sat, 2 Jul 2022 12:40:43 +0530 Subject: [PATCH 1/3] Make use of ident while showing server error (generated by waitress) this will help users to hide the server details from waitress generated error response with the help of ident value. Some organization don't want to expose there server details to user, since it will help the attackers perform attacks based on the known vulnerability of the server. So instead of showing generated by waitress, we can show a generic text. --- src/waitress/task.py | 3 ++- src/waitress/utilities.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/waitress/task.py b/src/waitress/task.py index 574532fa..956c0c0f 100644 --- a/src/waitress/task.py +++ b/src/waitress/task.py @@ -345,8 +345,9 @@ class ErrorTask(Task): complete = True def execute(self): + ident = self.channel.server.adj.ident e = self.request.error - status, headers, body = e.to_response() + status, headers, body = e.to_response(ident) self.status = status self.response_headers.extend(headers) # We need to explicitly tell the remote client we are closing the diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py index 164752f9..b0199d0e 100644 --- a/src/waitress/utilities.py +++ b/src/waitress/utilities.py @@ -258,10 +258,10 @@ class Error: def __init__(self, body): self.body = body - def to_response(self): + def to_response(self,ident=None): status = f"{self.code} {self.reason}" body = f"{self.reason}\r\n\r\n{self.body}" - tag = "\r\n\r\n(generated by waitress)" + tag = "\r\n\r\n(generated by "+ident+")" if ident else "\r\n\r\n(generated by server)" body = (body + tag).encode("utf-8") headers = [("Content-Type", "text/plain; charset=utf-8")] From 3dbffbf77de09ed8b6c2d419e4504c2fb600ee9b Mon Sep 17 00:00:00 2001 From: Akhil MS <51810638+AkhilmsAchu@users.noreply.github.com> Date: Thu, 22 Dec 2022 10:22:21 +0530 Subject: [PATCH 2/3] Update src/waitress/utilities.py Co-authored-by: Bert JW Regeer --- src/waitress/utilities.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py index b0199d0e..92db1473 100644 --- a/src/waitress/utilities.py +++ b/src/waitress/utilities.py @@ -261,7 +261,8 @@ def __init__(self, body): def to_response(self,ident=None): status = f"{self.code} {self.reason}" body = f"{self.reason}\r\n\r\n{self.body}" - tag = "\r\n\r\n(generated by "+ident+")" if ident else "\r\n\r\n(generated by server)" + ident = ident if ident else "server" + tag = f"\r\n\r\n(generated by {ident})" body = (body + tag).encode("utf-8") headers = [("Content-Type", "text/plain; charset=utf-8")] From 3b0e7d61d745ff8fbdef4e2afac5f64ca6b8a58c Mon Sep 17 00:00:00 2001 From: Akhil MS <51810638+AkhilmsAchu@users.noreply.github.com> Date: Thu, 22 Dec 2022 10:22:39 +0530 Subject: [PATCH 3/3] Update src/waitress/utilities.py Co-authored-by: Bert JW Regeer --- src/waitress/utilities.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py index 92db1473..3c397874 100644 --- a/src/waitress/utilities.py +++ b/src/waitress/utilities.py @@ -258,7 +258,7 @@ class Error: def __init__(self, body): self.body = body - def to_response(self,ident=None): + def to_response(self, ident=None): status = f"{self.code} {self.reason}" body = f"{self.reason}\r\n\r\n{self.body}" ident = ident if ident else "server"