Add Morepath framework to Python

[henri-hulski]

No description provided.

[henri-hulski]

Added some local tests similar to Pyramid which are passing after fixing some stuff.
But on Travis still all tests are failing. No idea how to fix that.

[NateBrady23]

@henri-hulski What were the changes that were made? It doesn't look like any other python frameworks are having an issue with travis. This looks like a server configuration issue.

[henri-hulski]

Morepath does some Header checks to avoid the most basic host header poisoning attacts.
It seems that the request headers FrameworkBenchmark sends are caught by them.

Here the Morepath check:

@App.tween_factory(over=excview_tween_factory)
def poisoned_host_header_protection_tween_factory(app, handler):
    """Protect Morepath applications against the most basic host header
    poisoning attacts.

    The regex approach has been copied from the Django project. To find more
    about this particular kind of attack have a look at the following
    references:

    * http://skeletonscribe.net/2013/05/practical-http-host-header-attacks
    * https://www.djangoproject.com/weblog/2012/dec/10/security/
    * https://github.com/django/django/commit/77b06e41516d8136b56c040cba7e235b

    """
    valid_host_re = re.compile(
        r"^([a-z0-9.-]+|\[[a-f0-9]*:[a-f0-9:]+\])(:\d+)?$")

    def poisoned_host_header_protection_tween(request):
        if not valid_host_re.match(request.host):
            return HTTPBadRequest("Invalid HOST header")

        return handler(request)

    return poisoned_host_header_protection_tween

[henri-hulski]

@nbrady-techempower How does the request host header looks like which FrameworkBenchmark is sending?

[henri-hulski]

Ok seems to be a bug in Morepath. It didn't accept upper-case Host header.
Fixed in master.

[NateBrady23]

Fixed in what master? Morepath's? You'll have to push a change here for the version number?

[henri-hulski]

Yeah I think I will release tonight. I have also fixed some issues which came up in vagrant.
After releasing new Morepath version I will update this PR.

[henri-hulski]

I have updated the PR and Travis Morepath tests are passing.

So I think it's ready for review.

[henri-hulski]

When running the plaintext benchmark for morepath in vagrant I get

--------------------------------------------------------------------------------
  Benchmarking morepath
--------------------------------------------------------------------------------
Server morepath: [2017-07-01 15:29:12 +0000] [3601] [CRITICAL] WORKER TIMEOUT (pid:3609)
Server morepath: [2017-07-01 15:29:14 +0000] [3799] [INFO] Booting worker with pid: 3799
Server morepath: [2017-07-01 15:29:34 +0000] [3612] [INFO] Worker exiting (pid: 3612)
Server morepath: [2017-07-01 15:29:35 +0000] [3610] [INFO] Worker exiting (pid: 3610)
Server morepath: [2017-07-01 15:29:35 +0000] [3606] [INFO] Worker exiting (pid: 3606)
Server morepath: [2017-07-01 15:29:35 +0000] [3805] [INFO] Booting worker with pid: 3805
Server morepath: [2017-07-01 15:29:35 +0000] [3806] [INFO] Booting worker with pid: 3806
Server morepath: [2017-07-01 15:29:35 +0000] [3807] [INFO] Booting worker with pid: 3807
Server morepath: [2017-07-01 15:30:40 +0000] [3806] [ERROR] ConnectionResetError: [Errno 104] Connection reset by peer
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3807] [ERROR] ConnectionResetError: [Errno 104] Connection reset by peer
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3807] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3799] [ERROR] ConnectionResetError: [Errno 104] Connection reset by peer
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3807] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3799] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3799] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3807] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3799] [ERROR] BrokenPipeError: [Errno 32] Broken pipe
Server morepath: 
Server morepath: [2017-07-01 15:30:40 +0000] [3799] [ERROR] BrokenPipeError: [Errno 32] Broken pipe

And ten thousands of BrokenPipeErrors. Rerun it several times and always the same.

All other benchmarks are running fine.

[henri-hulski]

Is this related to my environment (vagrant on a not too fast laptop) or is here something wrong?

[henri-hulski]

Ok. When trying to run the plaintext benchmark for Pyramid and Flask I get the same errors. So seems to be related to my machine.

In this case the PR should be ready.